Skip to content

Hide Navigation Hide TOC

Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a)

Targets Saudi Arabia, Israel, US, Iran, high ranking defense officials, embassies of various target countries, notable Iran researchers, human rights activists, media and journalists, academic institutions and various scholars, including scientists in the fields of physics and nuclear sciences.

Cluster A Galaxy A Cluster B Galaxy B Level
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 1
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 1
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 1
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 1
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 1
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 1
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 1
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor 1
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Obfuscation or cryptography - T1313 (c2ffd229-11bb-4fd8-9208-edbe97b14c93) Attack Pattern 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Develop social network persona digital footprint - T1342 (271e6d40-e191-421a-8f87-a8102452c201) Attack Pattern 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor 2
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 2
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Create custom payloads - T1345 (fddd81e9-dd3d-477e-9773-4fb8ae227234) Attack Pattern 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Build social network persona - T1341 (9108e212-1c94-4f8d-be76-1aad9b4c86a4) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Greenbug (47204403-34c9-4d25-a006-296a0939d1a2) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53) Microsoft Activity Group actor 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 2
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor 2
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53) Microsoft Activity Group actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor 2
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6) Intrusion Set OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53) Microsoft Activity Group actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
OilRig (4945c0e7-9f4b-404d-83b2-e5cd3f26c32f) Groups OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor 2
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba) Attack Pattern 2
Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47) mitre-tool 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern 2
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231) Microsoft Activity Group actor Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Private Cluster (7636484c-adc5-45d4-9bfe-c3e062fbc4a0) Unknown 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor 2
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 3
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 3
TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea) Tool TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
NetC (0bc03bfa-1439-4162-bb33-ec9f8f952ee5) Malpedia Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 3
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern 3
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 3
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 3
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 3
Greenbug (47204403-34c9-4d25-a006-296a0939d1a2) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641) Malware 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern 3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern 3
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) Attack Pattern 3
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 3
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111) mitre-tool 3
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool 3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 3
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6) Intrusion Set OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 3
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 3
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867) Attack Pattern 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 3
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3) Attack Pattern Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 3
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba) Attack Pattern 3
Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 3
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern 3
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 3
DownPaper (227862fd-ae83-4e3d-bb69-cc1a45a13aed) Malpedia DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 3
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 3
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 3
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy (bdb420be-5882-41c8-b439-02bbef69d83f) RAT Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 3
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 3
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 3
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 3
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 3
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern 3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern 3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 3
Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 3
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 3
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) Attack Pattern 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 3
Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231) Microsoft Activity Group actor APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e) Threat Actor 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 4
TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea) Tool TinyZbot (b933634f-81d0-41ef-bf2f-ea646fc9e59c) Malpedia 4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia 4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern 4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641) Malware 4
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641) Malware 4
OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 4
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern 4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
POWRUNER (63f6df51-4de3-495a-864f-0a7e30c3b419) Malpedia POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 4
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern 4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 4
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware 4
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 4
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware 4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware 4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 4
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) Attack Pattern 4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware 4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 4
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 4
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 4
Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 4
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware 4
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 4
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 4
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 4
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 4
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware 4
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 4
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 4
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 4
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 4
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool 4
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool 4
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool 4
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool 4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 4
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 4
Helminth (19d89300-ff97-4281-ac42-76542e744092) Malpedia Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 4
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 4
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 4
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 4
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 4
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 4
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 4
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 4
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 4
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 4
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 4
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 4
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 4
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 4
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 4
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 4
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 4
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e) Threat Actor 4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 5
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 5
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 5
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 5
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 5
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 5
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 5
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 5
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 5
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern 5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern 5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 5
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 5