Hide Navigation Hide TOC

APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e)

FireEye has identified APT35 operations dating back to 2014. APT35, also known as the Newscaster Team, is a threat group sponsored by the Iranian government that conducts long term, resource-intensive operations to collect strategic intelligence. APT35 typically targets U.S. and the Middle Eastern military, diplomatic and government personnel, organizations in the media, energy and defense industrial base (DIB), and engineering, business services and telecommunications sectors.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e)	Threat Actor	1
Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231)	Microsoft Activity Group actor	APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e)	Threat Actor	1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3)	Attack Pattern	2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13)	Intrusion Set	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231)	Microsoft Activity Group actor	Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	3
Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	3
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	3
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	3
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	3
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48)	Threat Actor	3
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	3
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f)	Attack Pattern	Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884)	Attack Pattern	3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Private Cluster (7636484c-adc5-45d4-9bfe-c3e062fbc4a0)	Unknown	3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	3
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232)	Threat Actor	3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	3
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	3
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53)	Microsoft Activity Group actor	3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810)	Threat Actor	Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	3
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	3
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53)	Microsoft Activity Group actor	3
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6)	Intrusion Set	3
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	3
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	OilRig (4945c0e7-9f4b-404d-83b2-e5cd3f26c32f)	Groups	3
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	3
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)	Threat Actor	Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	3
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	3
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4)	Malware	3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	3
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	3
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71)	mitre-tool	3
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	3
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
DownPaper (227862fd-ae83-4e3d-bb69-cc1a45a13aed)	Malpedia	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148)	Malware	3
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	3
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06)	Attack Pattern	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47)	mitre-tool	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	3
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Pupy (bdb420be-5882-41c8-b439-02bbef69d83f)	RAT	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967)	Attack Pattern	Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4)	mitre-tool	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	3
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	3
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	3
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be)	Threat Actor	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0)	Attack Pattern	3
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4)	Malware	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	3
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	3
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	3
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	3
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	3
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	3
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c)	mitre-tool	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Greenbug (47204403-34c9-4d25-a006-296a0939d1a2)	Threat Actor	3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53)	Microsoft Activity Group actor	3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d)	Attack Pattern	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	3
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	3
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	3
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867)	Attack Pattern	Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	3
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3)	Attack Pattern	Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	4
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	4
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e)	Threat Actor	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	4
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	4
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	Build social network persona - T1341 (9108e212-1c94-4f8d-be76-1aad9b4c86a4)	Attack Pattern	4
Obfuscation or cryptography - T1313 (c2ffd229-11bb-4fd8-9208-edbe97b14c93)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	4
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	4
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	4
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	4
Develop social network persona digital footprint - T1342 (271e6d40-e191-421a-8f87-a8102452c201)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	4
Create custom payloads - T1345 (fddd81e9-dd3d-477e-9773-4fb8ae227234)	Attack Pattern	Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063)	Intrusion Set	4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	4
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	4
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	4
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6)	Intrusion Set	OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d)	Intrusion Set	4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	4
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	4
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	4
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	4
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	4
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	4
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	4
Greenbug (47204403-34c9-4d25-a006-296a0939d1a2)	Threat Actor	Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9)	Unknown	4
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	5
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	5
NetC (0bc03bfa-1439-4162-bb33-ec9f8f952ee5)	Malpedia	Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	5
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d)	Attack Pattern	5
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	5
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)	Malware	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	5
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	5
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	5
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	5
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	5
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	5
TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea)	Tool	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	5
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	5
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9)	Malware	5
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	5
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	5
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	5
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	5
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	5
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	5
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	5
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	5
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	5
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	5
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	5
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
POWRUNER (63f6df51-4de3-495a-864f-0a7e30c3b419)	Malpedia	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46)	Malware	5
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	5
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	5
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	5
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	5
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	5
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	5
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	5
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	5
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	5
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	5
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	5
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	5
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	5
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	5
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	5
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565)	mitre-tool	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	5
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	5
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	5
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	5
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	5
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	5
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	5
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	5
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	5
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	5
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	5
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	5
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	5
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	5
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	5
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	5
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	5
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	5
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	5
Helminth (19d89300-ff97-4281-ac42-76542e744092)	Malpedia	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	5
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	5
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	5
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	5
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	5
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	5
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	5
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	5
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	5
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	5
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	5
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	5
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	5
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	5
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b)	Malware	5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4)	Attack Pattern	5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	5
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c)	Malware	5
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	5
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	5
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	5
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	5
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	5
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a)	Malware	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	5
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	5
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	5
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	5
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	5
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001)	Attack Pattern	RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05)	Malware	5
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	6
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	6
TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea)	Tool	TinyZbot (b933634f-81d0-41ef-bf2f-ea646fc9e59c)	Malpedia	6
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	6
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	6
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	6
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	6
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	6
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	6
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	6
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	6
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	6
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	6
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	6
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	6
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4)	Attack Pattern	6
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	6
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	6
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	6
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	6
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001)	Attack Pattern	6