Skip to content

Hide Navigation Hide TOC

Turla (fa80877c-f509-4daf-8b62-20aba1635f68)

A 2014 Guardian article described Turla as: 'Dubbed the Turla hackers, initial intelligence had indicated western powers were key targets, but it was later determined embassies for Eastern Bloc nations were of more interest. Embassies in Belgium, Ukraine, China, Jordan, Greece, Kazakhstan, Armenia, Poland, and Germany were all attacked, though researchers from Kaspersky Lab and Symantec could not confirm which countries were the true targets. In one case from May 2012, the office of the prime minister of a former Soviet Union member country was infected, leading to 60 further computers being affected, Symantec researchers said. There were some other victims, including the ministry for health of a Western European country, the ministry for education of a Central American country, a state electricity provider in the Middle East and a medical organisation in the US, according to Symantec. It is believed the group was also responsible for a much - documented 2008 attack on the US Central Command. The attackers - who continue to operate - have ostensibly sought to carry out surveillance on targets and pilfer data, though their use of encryption across their networks has made it difficult to ascertain exactly what the hackers took.Kaspersky Lab, however, picked up a number of the attackers searches through their victims emails, which included terms such as Nato and EU energy dialogue Though attribution is difficult to substantiate, Russia has previously been suspected of carrying out the attacks and Symantecs Gavin O’ Gorman told the Guardian a number of the hackers appeared to be using Russian names and language in their notes for their malicious code. Cyrillic was also seen in use.'

Cluster A Galaxy A Cluster B Galaxy B Level
APT26 (c097471c-2405-4393-b6d7-afbcb5f0cd11) Threat Actor Turla (fa80877c-f509-4daf-8b62-20aba1635f68) Threat Actor 1
Secret Blizzard (8d19da8a-d0fa-5194-ad6f-315cc4f36c8b) Microsoft Activity Group actor Turla (fa80877c-f509-4daf-8b62-20aba1635f68) Threat Actor 1
Turla (fa80877c-f509-4daf-8b62-20aba1635f68) Threat Actor Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 1
APT26 (c097471c-2405-4393-b6d7-afbcb5f0cd11) Threat Actor Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Web Services - T1584.006 (ae797531-3219-49a4-bccf-324ad7a4c7b2) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
nbtstat - S0102 (b35068ec-107a-4266-bda8-eb7036267aea) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Arp - S0099 (30489451-5886-4c46-90c9-0dff9adc5252) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 3
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
Extra Window Memory Injection - T1055.011 (0042a9f5-f053-4769-b3ef-9ad018dfa298) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
Wipbot (6b6cf608-cc2c-40d7-8500-afca3e35e7e4) Malpedia Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
Wipbot (36c0faf0-428e-4e7f-93c5-824bb0495ac9) Tool Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Uroburos (Windows) (d674ffd2-1f27-403b-8fe9-b4af6e303e5c) Malpedia 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Turla (22332d52-c0c2-443c-9ffb-f08c0d23722c) Tool 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 3
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
Agent.BTZ (d9cc15f7-0880-4ae4-8df4-87c58338d6b8) Malpedia ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
ComRAT (9223bf17-7e32-4833-9574-9ffd8c929765) RAT ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 3
Agent.BTZ (da079741-05e6-458c-b434-011263dc691c) Tool ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Web Services - T1584.006 (ae797531-3219-49a4-bccf-324ad7a4c7b2) Attack Pattern 3
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern 3
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 3
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 3
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Socket Filters - T1205.002 (005cc321-08ce-4d17-b1ea-cb5275926520) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 3
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 3
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 3
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware 3
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware 3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware 3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware 3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware 3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd) Malware 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd) Malware 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd) Malware 3
PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
nbtstat - S0102 (b35068ec-107a-4266-bda8-eb7036267aea) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
nbtstat - S0102 (b35068ec-107a-4266-bda8-eb7036267aea) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 3
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 3
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool 3
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool 3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool 3
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool 3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Arp - S0099 (30489451-5886-4c46-90c9-0dff9adc5252) mitre-tool 3
Arp - S0099 (30489451-5886-4c46-90c9-0dff9adc5252) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e) Malware Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e) Malware 3
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e) Malware Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern 3
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e) Malware Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) Attack Pattern 3
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0) Attack Pattern 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 3
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6) Attack Pattern 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6) Attack Pattern 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) Attack Pattern 3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware Gazer (0a3047b3-6a38-48ff-8f9c-49a5c28e3ada) Malpedia 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool 3
IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool 3
IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool 3
IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool 3
IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96) Attack Pattern 3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 3
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 3
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 3
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 4
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 4
Extra Window Memory Injection - T1055.011 (0042a9f5-f053-4769-b3ef-9ad018dfa298) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Wipbot (36c0faf0-428e-4e7f-93c5-824bb0495ac9) Tool Wipbot (6b6cf608-cc2c-40d7-8500-afca3e35e7e4) Malpedia 4
Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 4
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 4
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 4
Uroburos (Windows) (d674ffd2-1f27-403b-8fe9-b4af6e303e5c) Malpedia Turla (22332d52-c0c2-443c-9ffb-f08c0d23722c) Tool 4
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 4
ComRAT (9223bf17-7e32-4833-9574-9ffd8c929765) RAT Agent.BTZ (da079741-05e6-458c-b434-011263dc691c) Tool 4
ComRAT (9223bf17-7e32-4833-9574-9ffd8c929765) RAT Agent.BTZ (d9cc15f7-0880-4ae4-8df4-87c58338d6b8) Malpedia 4
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
Agent.BTZ (d9cc15f7-0880-4ae4-8df4-87c58338d6b8) Malpedia Agent.BTZ (da079741-05e6-458c-b434-011263dc691c) Tool 4
Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c) Attack Pattern Socket Filters - T1205.002 (005cc321-08ce-4d17-b1ea-cb5275926520) Attack Pattern 4
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern 4
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 4
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 4
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern 4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 4
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 4
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 4
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern 4
Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 4
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6) Attack Pattern Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern 4
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 4
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6) Attack Pattern 4
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) Attack Pattern 4
Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern 4
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 4
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 4
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) Attack Pattern 4
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 4
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 4
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern 4
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 4
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern 4
Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b) Attack Pattern MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96) Attack Pattern 4
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7) Attack Pattern 4
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 4