Hide Navigation Hide TOC

HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e)

Used for the first time in February 2023. This tool is distinguished from the others by the embedded code that runs the COBALT STRIKE tool.

HALFRIG is a stager for CobaltStrike Beacon that was used in an espionage campaign significantly overlapping with publicly described activity linked to the APT29 and NOBELIUM activity sets. HALFRIG has significant code overlap with the QUARTERRIG and it is highly probable that it was developed by the same team.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e)	Tool	1
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e)	Tool	1
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e)	Tool	1
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a)	Tool	2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	Midnight Blizzard (31982812-c8bf-5e85-b0ba-0c64a7d05d20)	Microsoft Activity Group actor	2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b)	Tool	2
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a)	Tool	2
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	Midnight Blizzard (31982812-c8bf-5e85-b0ba-0c64a7d05d20)	Microsoft Activity Group actor	2
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b)	Tool	2
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266)	Tool	2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718)	Tool	2
SUNBURST (16902832-0118-40f2-b29e-eaba799b2bf4)	Backdoor	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a)	Tool	2
QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b)	Tool	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	Private Cluster ()	Unknown	2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	Private Cluster ()	Unknown	2
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	3
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	3
Disable or Modify Cloud Logs - T1562.008 (cacc40da-4c9e-462c-80d5-fd70a178b12d)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df)	Malware	3
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	3
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	3
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	3
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	3
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	3
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	3
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493)	Attack Pattern	3
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	3
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	3
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	meek - S0175 (65370d0b-3bd4-4653-8cf9-daf56f6be830)	mitre-tool	3
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	3
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	3
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	3
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	3
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Hide Infrastructure - T1665 (eb897572-8979-4242-a089-56f294f4c91d)	Attack Pattern	3
Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	3
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	3
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf)	Attack Pattern	3
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a)	Tool	Notion (5c807e49-dc90-4f80-b044-49bb990acb61)	online-service	3
Raindrop (6c562458-7970-4d61-aded-1fe4a9002404)	Tool	TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266)	Tool	3
TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266)	Tool	TEARDROP (efa01fef-7faf-4bb2-8630-b3a237df882a)	Malpedia	3
GoldMax (9a3429d7-e4a8-43c5-8786-0b3a1c841a5f)	Malpedia	GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718)	Tool	3
SUNBURST (16902832-0118-40f2-b29e-eaba799b2bf4)	Backdoor	SUNSPOT (d9b2305e-9802-483c-a95d-2ae8525c7704)	Tool	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	4
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	4
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	4
One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8)	Attack Pattern	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	PowerDuke (c79f5876-e3b9-417a-8eaf-8f1b01a0fecd)	Malpedia	4
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Disable or Modify Cloud Logs - T1562.008 (cacc40da-4c9e-462c-80d5-fd70a178b12d)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	4
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	4
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	4
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	4
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	4
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b)	Attack Pattern	4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	4
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	GeminiDuke (6a28a648-30c0-4d1d-bd67-81a8dc6486ba)	Tool	4
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	4
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	4
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	4
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	4
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	4
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	4
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	4
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	4
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	4
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	4
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	4
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b)	Attack Pattern	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a)	Attack Pattern	4
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	4
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	4
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a)	Attack Pattern	Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	4
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	meek - S0175 (65370d0b-3bd4-4653-8cf9-daf56f6be830)	mitre-tool	4
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153)	mitre-tool	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153)	mitre-tool	Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	4
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	4
POSHSPY (4df1b257-c242-46b0-b120-591430066b6f)	Malpedia	POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	4
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	4
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	4
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	4
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	4
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db)	Attack Pattern	4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe)	Attack Pattern	4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	4
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	4
Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	4
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d)	Attack Pattern	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee)	Attack Pattern	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2)	Attack Pattern	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7)	Attack Pattern	4
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7)	Attack Pattern	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	4
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	4
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe)	Attack Pattern	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a)	Attack Pattern	4
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215)	Attack Pattern	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4)	Attack Pattern	OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	4
OnionDuke (abd10caa-7d4c-4c22-8dae-8d32f13232d7)	Malpedia	OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8)	Attack Pattern	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	4
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	4
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	4
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	4
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	4
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76)	Malware	Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	4
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	SEADADDY (1d07212e-6292-40a4-a5e9-30aef83b6207)	Malpedia	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	4
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe)	Attack Pattern	4
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	4
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf)	Attack Pattern	4
Raindrop (6c562458-7970-4d61-aded-1fe4a9002404)	Tool	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	4
Raindrop (6c562458-7970-4d61-aded-1fe4a9002404)	Tool	Raindrop (309f9be7-8824-4452-90b3-cef81fd10099)	Malpedia	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	5
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	5
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	5
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	5
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8)	Attack Pattern	5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	5
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	5
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	5
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	5
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	5
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	5
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	5
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	5
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	5
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	5
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	5
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	5
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	5
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	5
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	5
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	5
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	5
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	5
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	5
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	5
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	5
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	5
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	5
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	5
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	5
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	5
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	5
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	5
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	5
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	5
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	5
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	5
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	5
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	5
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	5
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	5
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	5
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	5
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	5
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	5
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	5
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	5
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	5
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	5
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	5
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	5
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	5
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	5
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	5
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	5
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	5
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	5
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc)	Attack Pattern	Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	5
Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d)	Attack Pattern	Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	5
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	5
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d)	Attack Pattern	Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee)	Attack Pattern	5
SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2)	Attack Pattern	Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c)	Attack Pattern	5
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	5
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	5
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	5
Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	5
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	5
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b)	Attack Pattern	5
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	5
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	5
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00)	Attack Pattern	Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	5
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	5