Skip to content

Hide Navigation Hide TOC

QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b)

A tool first used in March 2023, sharing part of the code with HALFRIG. Two versions of this tool were observed.

QUARTERRIG is a dropper that was used in an espionage campaign significantly overlapping with publicly described activity linked to the APT29 and NOBELIUM activity sets. QUARTERRIG does not contain any other capabilities aside from downloading and executing 2nd stage. To bypass security products, QUARTERRIG heavily relies on obfuscation based on opaque predicates and multi-stage execution, interweaving shellcode and PE files. HALFRIG and QUARTERRIG share some of the codebase, suggesting that QUARTERRIG authors have access to both HALFRIG source code and the same obfuscation libraries.

Cluster A Galaxy A Cluster B Galaxy B Level
QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b) Tool APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor 1
QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b) Tool UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor 1
QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 1
Midnight Blizzard (31982812-c8bf-5e85-b0ba-0c64a7d05d20) Microsoft Activity Group actor APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor 2
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a) Tool APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor 2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e) Tool 2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor 2
Midnight Blizzard (31982812-c8bf-5e85-b0ba-0c64a7d05d20) Microsoft Activity Group actor UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor 2
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a) Tool UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor 2
HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e) Tool UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor 2
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor Private Cluster () Unknown 2
HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor Private Cluster () Unknown 2
SUNBURST (16902832-0118-40f2-b29e-eaba799b2bf4) Backdoor NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
Notion (5c807e49-dc90-4f80-b044-49bb990acb61) online-service SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a) Tool 3
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) Attack Pattern 3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 3
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 3
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 3
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 3
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 3
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) Attack Pattern 3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
meek - S0175 (65370d0b-3bd4-4653-8cf9-daf56f6be830) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 3
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 3
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
Disable or Modify Cloud Logs - T1562.008 (cacc40da-4c9e-462c-80d5-fd70a178b12d) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Hide Infrastructure - T1665 (eb897572-8979-4242-a089-56f294f4c91d) Attack Pattern 3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 3
SUNBURST (16902832-0118-40f2-b29e-eaba799b2bf4) Backdoor SUNSPOT (d9b2305e-9802-483c-a95d-2ae8525c7704) Tool 3
TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266) Tool Raindrop (6c562458-7970-4d61-aded-1fe4a9002404) Tool 3
TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266) Tool TEARDROP (efa01fef-7faf-4bb2-8630-b3a237df882a) Malpedia 3
GoldMax (9a3429d7-e4a8-43c5-8786-0b3a1c841a5f) Malpedia GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718) Tool 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 4
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware 4
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) Attack Pattern 4
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 4
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 4
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern 4
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 4
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2) Attack Pattern 4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 4
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern 4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 4
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 4
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern 4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware 4
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware 4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 4
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware POSHSPY (4df1b257-c242-46b0-b120-591430066b6f) Malpedia 4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool 4
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 4
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 4
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 4
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 4
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 4
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Browser Fingerprint - T1036.012 (afac5dbc-4383-4fb6-9ba6-45b25d49e530) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 4
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 4
Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a) Attack Pattern Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern 4
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 4
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool 4
OnionDuke (abd10caa-7d4c-4c22-8dae-8d32f13232d7) Malpedia OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware 4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware 4
Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 4
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc) Attack Pattern 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern 4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 4
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool 4
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 4
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 4
meek - S0175 (65370d0b-3bd4-4653-8cf9-daf56f6be830) mitre-tool Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern 4
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 4
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern 4
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 4
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153) mitre-tool 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153) mitre-tool 4
Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 4
SEADADDY (1d07212e-6292-40a4-a5e9-30aef83b6207) Malpedia SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76) Malware 4
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 4
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 4
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 4
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 4
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware 4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware 4
One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware 4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware 4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 4
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool 4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) Attack Pattern 4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db) Attack Pattern ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool 4
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool 4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df) Malware 4
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware PowerDuke (c79f5876-e3b9-417a-8eaf-8f1b01a0fecd) Malpedia 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) Attack Pattern 4
Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 4
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern 4
Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 4
Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern 4
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern 4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
Disable or Modify Cloud Logs - T1562.008 (cacc40da-4c9e-462c-80d5-fd70a178b12d) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 4
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware 4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 4
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware 4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware 4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 4
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 4
GeminiDuke (6a28a648-30c0-4d1d-bd67-81a8dc6486ba) Tool GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 4
Raindrop (309f9be7-8824-4452-90b3-cef81fd10099) Malpedia Raindrop (6c562458-7970-4d61-aded-1fe4a9002404) Tool 4
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor Raindrop (6c562458-7970-4d61-aded-1fe4a9002404) Tool 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 5
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 5
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 5
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 5
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 5
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 5
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 5
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern 5
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 5
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 5
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 5
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 5
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 5
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 5
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 5
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 5
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 5
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 5
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 5
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 5
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 5
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 5
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 5
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 5
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 5
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 5
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 5
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Browser Fingerprint - T1036.012 (afac5dbc-4383-4fb6-9ba6-45b25d49e530) Attack Pattern 5
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 5
One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 5
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern 5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 5
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 5
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 5
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc) Attack Pattern 5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern 5
Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 5
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 5
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 5
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b) Attack Pattern 5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 5
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 5
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern 5
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern 5
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern 5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 5
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 5
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern 5
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 5
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern 5
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern 5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern 5
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 5
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 5
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 5
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 5
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 5
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 5
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern 5
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d) Attack Pattern 5
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 5
SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2) Attack Pattern Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c) Attack Pattern 5
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 5
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern 5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern 5