Hide Navigation Hide TOC

APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)

A 2015 report by F-Secure describe APT29 as: 'The Dukes are a well-resourced, highly dedicated and organized cyberespionage group that we believe has been working for the Russian Federation since at least 2008 to collect intelligence in support of foreign and security policy decision-making. The Dukes show unusual confidence in their ability to continue successfully compromising their targets, as well as in their ability to operate with impunity. The Dukes primarily target Western governments and related organizations, such as government ministries and agencies, political think tanks, and governmental subcontractors. Their targets have also included the governments of members of the Commonwealth of Independent States;Asian, African, and Middle Eastern governments;organizations associated with Chechen extremism;and Russian speakers engaged in the illicit trade of controlled substances and drugs. The Dukes are known to employ a vast arsenal of malware toolsets, which we identify as MiniDuke, CosmicDuke, OnionDuke, CozyDuke, CloudDuke, SeaDuke, HammerDuke, PinchDuke, and GeminiDuke. In recent years, the Dukes have engaged in apparently biannual large - scale spear - phishing campaigns against hundreds or even thousands of recipients associated with governmental institutions and affiliated organizations. These campaigns utilize a smash - and - grab approach involving a fast but noisy breakin followed by the rapid collection and exfiltration of as much data as possible.If the compromised target is discovered to be of value, the Dukes will quickly switch the toolset used and move to using stealthier tactics focused on persistent compromise and long - term intelligence gathering. This threat actor targets government ministries and agencies in the West, Central Asia, East Africa, and the Middle East; Chechen extremist groups; Russian organized crime; and think tanks. It is suspected to be behind the 2015 compromise of unclassified networks at the White House, Department of State, Pentagon, and the Joint Chiefs of Staff. The threat actor includes all of the Dukes tool sets, including MiniDuke, CosmicDuke, OnionDuke, CozyDuke, SeaDuke, CloudDuke (aka MiniDionis), and HammerDuke (aka Hammertoss). '

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e)	Tool	APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	1
QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b)	Tool	APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	1
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	1
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	1
Midnight Blizzard (31982812-c8bf-5e85-b0ba-0c64a7d05d20)	Microsoft Activity Group actor	APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	1
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a)	Tool	APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	1
HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e)	Tool	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	2
HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e)	Tool	UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b)	Tool	2
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b)	Tool	2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	2
Midnight Blizzard (31982812-c8bf-5e85-b0ba-0c64a7d05d20)	Microsoft Activity Group actor	UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	2
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a)	Tool	2
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	2
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Disable or Modify Cloud Logs - T1562.008 (cacc40da-4c9e-462c-80d5-fd70a178b12d)	Attack Pattern	2
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	2
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
meek - S0175 (65370d0b-3bd4-4653-8cf9-daf56f6be830)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	2
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	2
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	2
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	2
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Hide Infrastructure - T1665 (eb897572-8979-4242-a089-56f294f4c91d)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a)	Tool	2
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a)	Tool	Notion (5c807e49-dc90-4f80-b044-49bb990acb61)	online-service	2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	Private Cluster ()	Unknown	3
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	SUNBURST (16902832-0118-40f2-b29e-eaba799b2bf4)	Backdoor	3
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266)	Tool	3
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	Private Cluster ()	Unknown	3
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718)	Tool	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	3
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	3
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	3
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	3
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	3
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	3
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	3
GeminiDuke (6a28a648-30c0-4d1d-bd67-81a8dc6486ba)	Tool	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	3
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	3
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	3
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	3
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	3
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	3
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	3
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	3
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	3
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	3
Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	3
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	3
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	3
Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	3
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Cloud Logs - T1562.008 (cacc40da-4c9e-462c-80d5-fd70a178b12d)	Attack Pattern	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	3
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	3
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	3
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	3
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	3
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	3
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	3
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	3
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	3
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	3
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	3
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	3
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	3
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	3
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	3
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	3
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	3
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	3
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	3
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	3
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	3
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	3
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	3
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	3
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	3
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	3
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	3
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	3
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	3
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	3
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	3
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	3
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	3
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	3
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	3
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	3
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	3
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	3
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	3
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	3
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	3
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	3
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	3
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	3
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	3
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	3
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	3
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	POSHSPY (4df1b257-c242-46b0-b120-591430066b6f)	Malpedia	3
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	3
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	3
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	3
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	3
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	3
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	3
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	3
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	3
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	3
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	3
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	3
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	3
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	3
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	3
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	3
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	3
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	3
meek - S0175 (65370d0b-3bd4-4653-8cf9-daf56f6be830)	mitre-tool	Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	3
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	3
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153)	mitre-tool	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153)	mitre-tool	Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4)	Attack Pattern	OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	3
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8)	Attack Pattern	3
OnionDuke (abd10caa-7d4c-4c22-8dae-8d32f13232d7)	Malpedia	OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	3
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	3
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	3
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	3
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	3
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	3
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	3
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	3
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	3
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	3
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	3
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	3
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	3
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	3
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	3
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a)	Attack Pattern	3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	3
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	3
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	3
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	3
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a)	Attack Pattern	Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	3
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	3
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe)	Attack Pattern	3
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	3
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	3
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db)	Attack Pattern	3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	3
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7)	Attack Pattern	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2)	Attack Pattern	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee)	Attack Pattern	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db)	Attack Pattern	3
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7)	Attack Pattern	3
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	3
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	3
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe)	Attack Pattern	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	3
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc)	Attack Pattern	3
Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	3
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	3
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	3
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	3
SEADADDY (1d07212e-6292-40a4-a5e9-30aef83b6207)	Malpedia	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	3
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	3
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	3
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	3
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76)	Malware	3
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	3
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	3
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	3
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	3
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	3
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b)	Attack Pattern	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	3
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	3
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	3
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	3
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	3
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	3
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00)	Attack Pattern	3
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	3
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	3
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	3
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	3
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	3
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8)	Attack Pattern	3
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	3
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
PowerDuke (c79f5876-e3b9-417a-8eaf-8f1b01a0fecd)	Malpedia	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	3
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	3
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	3
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	3
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	3
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	3
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	3
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	3
SUNBURST (16902832-0118-40f2-b29e-eaba799b2bf4)	Backdoor	SUNSPOT (d9b2305e-9802-483c-a95d-2ae8525c7704)	Tool	4
Raindrop (6c562458-7970-4d61-aded-1fe4a9002404)	Tool	TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266)	Tool	4
TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266)	Tool	TEARDROP (efa01fef-7faf-4bb2-8630-b3a237df882a)	Malpedia	4
GoldMax (9a3429d7-e4a8-43c5-8786-0b3a1c841a5f)	Malpedia	GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718)	Tool	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	4
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	4
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	4
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	4
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	4
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	4
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	4
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	4
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	4
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	4
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	4
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	4
One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	4
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	4
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	4
Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3)	Attack Pattern	4
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	4
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	4
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	4
Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c)	Attack Pattern	SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2)	Attack Pattern	4
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	4
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d)	Attack Pattern	Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee)	Attack Pattern	4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	4
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	4
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc)	Attack Pattern	4
Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d)	Attack Pattern	Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b)	Attack Pattern	4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	4
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	4
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	4
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00)	Attack Pattern	Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	4
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	4
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	4
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	4
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	4
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	4
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	4
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	4
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	Raindrop (6c562458-7970-4d61-aded-1fe4a9002404)	Tool	5
Raindrop (6c562458-7970-4d61-aded-1fe4a9002404)	Tool	Raindrop (309f9be7-8824-4452-90b3-cef81fd10099)	Malpedia	5