Hide Navigation Hide TOC

STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec)

STRONTIUM has been active since at least 2007. Whereas most modern untargeted malware is ultimately profit-oriented, STRONTIUM mainly seeks sensitive information. Its primary institutional targets have included government bodies, diplomatic institutions, and military forces and installations in NATO member states and certain Eastern European countries. Additional targets have included journalists, political advisors, and organizations associated with political activism in central Asia. STRONTIUM is an activity group that usually targets government agencies, diplomatic institutions, and military organizations, as well as affiliated private sector organizations such as defense contractors and public policy research institutes. Microsoft has attributed more 0-day exploits to STRONTIUM than any other tracked group in 2016. STRONTIUM frequently uses compromised e-mail accounts from one victim to send malicious e-mails to a second victim and will persistently pursue specific targets for months until they are successful in compromising the victims’ computer.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec)	Microsoft Activity Group actor	APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)	Threat Actor	1
STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec)	Microsoft Activity Group actor	奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd)	360.net Threat Actors	1
STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec)	Microsoft Activity Group actor	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)	Threat Actor	Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347)	Microsoft Activity Group actor	2
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)	Threat Actor	奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd)	360.net Threat Actors	2
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)	Threat Actor	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347)	Microsoft Activity Group actor	奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd)	360.net Threat Actors	2
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd)	360.net Threat Actors	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Buy domain name - T1328 (45242287-2964-4a3e-9373-159fad4d8195)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Network Denial of Service - T1498 (d74c4a7e-ffbf-432f-9365-7ebf1f787cab)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	2
Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	2
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	2
Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
cipher.exe - S1205 (da66959d-9875-4fde-bfed-11111a55895e)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	2
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Obtain/re-use payloads - T1346 (27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Wi-Fi Networks - T1669 (fde016f6-211a-41c8-a4ab-301f1e419c62)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Exploitation for Defense Evasion - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	2
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	3
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	3
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	3
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	3
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	3
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	3
Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	3
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	3
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	3
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	3
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada)	Attack Pattern	3
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	3
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101)	Tool	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74)	Malpedia	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
cipher.exe - S1205 (da66959d-9875-4fde-bfed-11111a55895e)	mitre-tool	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	3
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	3
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	3
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	3
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658)	Malware	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	3
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	3
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	3
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	3
Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf)	Malpedia	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c)	Tool	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40)	Tool	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	3
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c)	Tool	X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	3
X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf)	Malpedia	X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	3
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40)	Tool	X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	3
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	3
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	3
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6)	Attack Pattern	Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	3
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	3
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	3
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d)	mitre-tool	Winexe (811bdec0-e236-48ae-b27c-1a8fe0bfc3a9)	Tool	3
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	3
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	3
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869)	Attack Pattern	3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2)	mitre-tool	3
Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e)	Attack Pattern	Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2)	mitre-tool	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2)	mitre-tool	3
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	3
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	3
Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a)	Tool	Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2)	Malpedia	3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	3
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	3
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	3
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	3
HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4)	Malware	Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	3
HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	USBStealer (44909efb-7cd3-42e3-b225-9f3e96b5f362)	Tool	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c)	Malpedia	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	3
OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520)	Tool	OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75)	Malpedia	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	3
EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb)	Tool	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a)	mitre-tool	Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	3
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a)	mitre-tool	Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	3
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a)	mitre-tool	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	4
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	4
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada)	Attack Pattern	4
X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101)	Tool	XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74)	Malpedia	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	4
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	4
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	4
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	4
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	4
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	4
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c)	Tool	CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40)	Tool	4
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c)	Tool	X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf)	Malpedia	4
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40)	Tool	X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf)	Malpedia	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	4
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	4
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	4
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	4
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc)	Attack Pattern	4
Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d)	Unknown	4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	Coreshell (579cc23d-4ba4-419f-bf8a-f235ed33125e)	Malpedia	4
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	4
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c)	Malpedia	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	4
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729)	Android	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	4
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	4
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c)	Malpedia	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	4
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729)	Android	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d)	Unknown	4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	4
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	4
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c)	Malpedia	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	4
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729)	Android	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d)	Unknown	4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	4
Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a)	Tool	Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2)	Malpedia	4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	4
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520)	Tool	OLDBAIT (b79a6b61-f122-4823-a4ab-bbab89fcaf75)	Malpedia	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb)	Tool	Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75)	Malpedia	4
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	4