Skip to content

Hide Navigation Hide TOC

Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35)

This threat actor targets industrial control systems, using a tool called Black Energy, associated with electricity and power generation for espionage, denial of service, and data destruction purposes. Some believe that the threat actor is linked to the 2015 compromise of the Ukrainian electrical grid and a distributed denial of service prior to the Russian invasion of Georgia. Believed to be responsible for the 2008 DDoS attacks in Georgia and the 2015 Ukraine power grid outage

Cluster A Galaxy A Cluster B Galaxy B Level
GreyEnergy (d52ca4c4-d214-11e8-8d29-c3e7cb78acce) Threat Actor Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35) Threat Actor 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35) Threat Actor 1
Seashell Blizzard (473eb51c-36cb-5e3a-8347-2f57df809be9) Microsoft Activity Group actor Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35) Threat Actor 1
沙虫 - APT-C-13 (0fdab65b-3e2b-5fd8-be36-cc18c7bcc1d7) 360.net Threat Actors Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35) Threat Actor 1
Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35) Threat Actor Private Cluster (b47250ec-2094-4d06-b658-11456e05fe89) Unknown 1
Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35) Threat Actor Private Cluster (feac86e4-6bb2-4ba0-ac99-806aeb0a776c) Unknown 1
Sandworm (b4fbf3b0-1a5e-4bdc-8977-74fff1db19ff) Groups Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35) Threat Actor 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Remote Access Software - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2) Malware 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Invoke-PSImage - S0231 (b52d6583-14a2-4ddc-8527-87fd2142558f) mitre-tool 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 2
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Botnet - T1584.005 (810d8072-afb6-4a56-9ee7-86379ac4a6f3) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Social Media Accounts - T1586.001 (274770e0-2612-4ccf-a678-ef8e7bad365d) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Vulnerabilities - T1588.006 (2b5aa86b-a0df-4382-848d-30abea443327) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f) Attack Pattern 2
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Phishing - T1660 (defc1257-4db1-4fb3-8ef5-bb77f63146df) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 2
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Industroyer2 - S1072 (6a0d0ea9-b2c4-43fe-a552-ac41a3009dc5) Malware 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern 2
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware 2
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Employee Names - T1589.003 (76551c52-b111-4884-bc47-ff3e728f0156) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Search Victim-Owned Websites - T1594 (16cdd21f-da65-4e4f-bc04-dd7d198c7b26) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 2
沙虫 - APT-C-13 (0fdab65b-3e2b-5fd8-be36-cc18c7bcc1d7) 360.net Threat Actors Seashell Blizzard (473eb51c-36cb-5e3a-8347-2f57df809be9) Microsoft Activity Group actor 2
IRIDIUM (29cfe970-5446-4cfc-a2da-00e9f49e02ba) Threat Actor Seashell Blizzard (473eb51c-36cb-5e3a-8347-2f57df809be9) Microsoft Activity Group actor 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware 3
Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware 3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware 3
Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 3
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 3
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 3
Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2) Malware 3
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2) Malware 3
AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2) Malware System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern 3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 3
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 3
Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 3
Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 3
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 3
Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware Firmware Corruption - T1495 (f5bb433e-bdf6-4781-84bc-35e97e43be89) Attack Pattern 3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 3
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 3
Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern 3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
Compromise Host Software Binary - T1554 (960c3c86-1480-4d72-b4e0-8c242e84a5c5) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
Application or System Exploitation - T1499.004 (2bee5ffb-7a7a-4119-b1f2-158151b19ac0) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 3
Invoke-PSImage - S0231 (b52d6583-14a2-4ddc-8527-87fd2142558f) mitre-tool Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 3
Invoke-PSImage - S0231 (b52d6583-14a2-4ddc-8527-87fd2142558f) mitre-tool Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern 3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 3
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern 3
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 3
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern 3
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337) Attack Pattern 3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 3
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 3
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern 3
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern 3
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 3
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 3
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 3
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 3
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 3
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 3
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 3
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 3
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 3
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 3
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 3
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 3
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
Botnet - T1584.005 (810d8072-afb6-4a56-9ee7-86379ac4a6f3) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 3
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Social Media Accounts - T1586.001 (274770e0-2612-4ccf-a678-ef8e7bad365d) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Component Firmware - T1542.002 (791481f8-e96a-41be-b089-a088763083d4) Attack Pattern 3
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware 3
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 3
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3) Attack Pattern 3
Vulnerabilities - T1588.006 (2b5aa86b-a0df-4382-848d-30abea443327) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 3
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f) Attack Pattern 3
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern 3
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 3
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 3
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern 3
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 3
BlackEnergy (82c644ab-550a-4a83-9b35-d545f4719069) Malpedia BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
BlackEnergy (5a22cad7-65fa-4b7a-a7aa-7915a6101efa) Tool BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware 3
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 3
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware 3
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern 3
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 3
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 3
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 3
Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 3
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 3
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 3
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 3
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Industroyer2 - S1072 (6a0d0ea9-b2c4-43fe-a552-ac41a3009dc5) Malware 3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 3
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware 3
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware 3
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware 3
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware 3
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware 3
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662) Attack Pattern 3
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Employee Names - T1589.003 (76551c52-b111-4884-bc47-ff3e728f0156) Attack Pattern 3
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 3
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware 3
Native API - T1575 (52eff1c7-dd30-4121-b762-24ae6fa61bbb) Attack Pattern CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware 3
Asymmetric Cryptography - T1521.002 (16d73b64-5681-4ea0-9af4-4ad86f7c96e8) Attack Pattern CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware 3
Compromise Software Supply Chain - T1474.003 (9558a84e-2d5e-4872-918e-d847494a8ffc) Attack Pattern CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware 3
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware 3
Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6) Attack Pattern CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware 3
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware 3
Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1) Attack Pattern CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware 3
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware 3
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware 3
Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware 3
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 3
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d) Attack Pattern 3
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 4
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern 4
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern 4
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 4
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 4
Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern Application or System Exploitation - T1499.004 (2bee5ffb-7a7a-4119-b1f2-158151b19ac0) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern 4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia 4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 4
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 4
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 4
Component Firmware - T1542.002 (791481f8-e96a-41be-b089-a088763083d4) Attack Pattern Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 4
Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 4
BlackEnergy (82c644ab-550a-4a83-9b35-d545f4719069) Malpedia BlackEnergy (5a22cad7-65fa-4b7a-a7aa-7915a6101efa) Tool 4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 4
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c) Attack Pattern 4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 4
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 4
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662) Attack Pattern 4
Asymmetric Cryptography - T1521.002 (16d73b64-5681-4ea0-9af4-4ad86f7c96e8) Attack Pattern Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84) Attack Pattern 4
Supply Chain Compromise - T1474 (0d95940f-9583-4e0f-824c-a42c1be47fad) Attack Pattern Compromise Software Supply Chain - T1474.003 (9558a84e-2d5e-4872-918e-d847494a8ffc) Attack Pattern 4
Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c) Attack Pattern Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1) Attack Pattern 4
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern 4
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 4