Skip to content

<<< Hide Navigation Hide TOC >>>

QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b)

A tool first used in March 2023, sharing part of the code with HALFRIG. Two versions of this tool were observed.

QUARTERRIG is a dropper that was used in an espionage campaign significantly overlapping with publicly described activity linked to the APT29 and NOBELIUM activity sets. QUARTERRIG does not contain any other capabilities aside from downloading and executing 2nd stage. To bypass security products, QUARTERRIG heavily relies on obfuscation based on opaque predicates and multi-stage execution, interweaving shellcode and PE files. HALFRIG and QUARTERRIG share some of the codebase, suggesting that QUARTERRIG authors have access to both HALFRIG source code and the same obfuscation libraries.

Galaxy ColorsThreat Act...ToolMicrosoft ...Intrusion ...BackdoorUnknownAttack Pat...mitre-toolMalwareonline-ser...Malpedia
Rows: 875
Collapse filters
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Cluster A Galaxy A Cluster B Galaxy B Level
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b) Tool 1
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b) Tool 1
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b) Tool 1
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor Midnight Blizzard (31982812-c8bf-5e85-b0ba-0c64a7d05d20) Microsoft Activity Group actor 2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 2
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a) Tool APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor 2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e) Tool 2
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor Midnight Blizzard (31982812-c8bf-5e85-b0ba-0c64a7d05d20) Microsoft Activity Group actor 2
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a) Tool UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor 2
HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e) Tool UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor 2
SUNBURST (16902832-0118-40f2-b29e-eaba799b2bf4) Backdoor NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor Private Cluster () Unknown 2
GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor Private Cluster () Unknown 2
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) Attack Pattern 3
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern 3
meek - S0175 (65370d0b-3bd4-4653-8cf9-daf56f6be830) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Disable or Modify Cloud Logs - T1562.008 (cacc40da-4c9e-462c-80d5-fd70a178b12d) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 3
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 3
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76) Malware 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 3
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 3
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 3
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 3
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 3
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern 3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 3
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Hide Infrastructure - T1665 (eb897572-8979-4242-a089-56f294f4c91d) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb) Attack Pattern 3
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a) Tool Notion (5c807e49-dc90-4f80-b044-49bb990acb61) online-service 3
SUNSPOT (d9b2305e-9802-483c-a95d-2ae8525c7704) Tool SUNBURST (16902832-0118-40f2-b29e-eaba799b2bf4) Backdoor 3
TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266) Tool TEARDROP (efa01fef-7faf-4bb2-8630-b3a237df882a) Malpedia 3
TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266) Tool Raindrop (6c562458-7970-4d61-aded-1fe4a9002404) Tool 3
GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718) Tool GoldMax (9a3429d7-e4a8-43c5-8786-0b3a1c841a5f) Malpedia 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b) Attack Pattern 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 4
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 4
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) Attack Pattern 4
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 4
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 4
meek - S0175 (65370d0b-3bd4-4653-8cf9-daf56f6be830) mitre-tool Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern 4
Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Cloud Logs - T1562.008 (cacc40da-4c9e-462c-80d5-fd70a178b12d) Attack Pattern 4
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153) mitre-tool Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 4
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153) mitre-tool File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware 4
OnionDuke (abd10caa-7d4c-4c22-8dae-8d32f13232d7) Malpedia OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware 4
One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware 4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern 4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 4
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 4
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 4
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern 4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db) Attack Pattern 4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) Attack Pattern 4
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool 4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7) Attack Pattern 4
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 4
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 4
SEADADDY (1d07212e-6292-40a4-a5e9-30aef83b6207) Malpedia SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76) Malware 4
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76) Malware 4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern 4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern 4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern 4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 4
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 4
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 4
PowerDuke (c79f5876-e3b9-417a-8eaf-8f1b01a0fecd) Malpedia PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware 4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
GeminiDuke (6a28a648-30c0-4d1d-bd67-81a8dc6486ba) Tool GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 4
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 4
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 4
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 4
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 4
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware 4
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware 4
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern 4
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 4
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 4
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 4
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 4
Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a) Attack Pattern Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern 4
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 4
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a) Attack Pattern 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 4
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 4
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 4
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern 4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 4
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware 4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware 4
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 4
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern 4
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 4
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 4
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware 4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware 4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware 4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0) Attack Pattern 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 4
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 4
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 4
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
POSHSPY (4df1b257-c242-46b0-b120-591430066b6f) Malpedia POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 4
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 4
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 4
Raindrop (309f9be7-8824-4452-90b3-cef81fd10099) Malpedia Raindrop (6c562458-7970-4d61-aded-1fe4a9002404) Tool 4
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor Raindrop (6c562458-7970-4d61-aded-1fe4a9002404) Tool 4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 5
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 5
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 5
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 5
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 5
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 5
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 5
One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 5
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 5
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 5
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 5
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 5
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 5
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 5
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 5
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 5
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6) Attack Pattern 5
Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 5
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 5
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 5
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 5
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 5
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 5
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 5
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 5
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 5
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern 5
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d) Attack Pattern 5
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 5
Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c) Attack Pattern SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2) Attack Pattern 5
Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern 5
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 5
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 5
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 5
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 5
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b) Attack Pattern 5
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern 5
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern 5
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern 5
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 5
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 5
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern 5
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 5
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 5
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 5
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 5
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 5
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 5
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 5
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 5
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 5
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 5
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 5
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 5
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 5
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 5
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 5
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 5
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 5
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 5
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 5
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 5
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 5
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 5
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 5
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 5
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 5
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 5
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 5
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 5