Skip to content

Hide Navigation Hide TOC

Lazarus group (3bbf3f0f-346d-49ad-9300-3bb0f23c83ef)

Lazarus group is a suspected North Korean adversary group that has targeted networks associated with civilian electric energy in Europe, East Asia, and North America. Links have been established associating this group with the WannaCry ransomware from 2017.3 While WannaCry was not an ICS focused attack, Lazarus group is considered to be a threat to ICS. North Korean group definitions are known to have significant overlap, and the name Lazarus Group is known to encompass a broad range of activity. Some organizations use the name Lazarus Group to refer to any activity attributed to North Korea. Some organizations track North Korean clusters or groups such as Bluenoroff, APT37, and APT38 separately, while other organizations may track some activity associated with those group names by the name Lazarus Group.

Cluster A Galaxy A Cluster B Galaxy B Level
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor Lazarus group (3bbf3f0f-346d-49ad-9300-3bb0f23c83ef) Groups 1
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor Operation Sharpshooter (b06c3af1-0243-4428-88da-b3451c345e1e) Threat Actor 2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor APT37 (50cd027f-df14-40b2-aa22-bf5de5061163) Threat Actor 2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor Diamond Sleet (9630b0aa-ee9e-5b58-9f79-cf7fa8d291a8) Microsoft Activity Group actor 2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor TraderTraitor (825abfd9-7238-4438-a9e7-c08791f4df4e) Threat Actor 2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor Sapphire Sleet (3a32c54d-d86a-55de-b16a-d9a08a5cf49b) Microsoft Activity Group actor 2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor STARDUST CHOLLIMA (d8e1762a-0063-48c2-9ea1-8d176d14b70f) Threat Actor 2
Lazarus Group (68391641-859f-4a9a-9a1e-3e5cf71ec376) Threat Actor Lazarus - APT-C-26 (e6f4af06-fbb5-5471-82ae-b0bdb4d446ce) 360.net Threat Actors 2
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set APT37 (50cd027f-df14-40b2-aa22-bf5de5061163) Threat Actor 3
ScarCruft - APT-C-28 (96c3508e-f5f9-52b4-9d1e-b246d68f643d) 360.net Threat Actors APT37 (50cd027f-df14-40b2-aa22-bf5de5061163) Threat Actor 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 3
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 3
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 3
Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 3
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 3
Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set route - S0103 (c11ac61d-50f4-444f-85d8-6f006067f0de) mitre-tool 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 3
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern 3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079) mitre-tool Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern 3
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 3
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set 3
Lazarus Group - G0032 (c93fccb1-e8e8-42cf-ae33-2ad1d183913a) Intrusion Set Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern 3
Lazarus - APT-C-26 (e6f4af06-fbb5-5471-82ae-b0bdb4d446ce) 360.net Threat Actors APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 3
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set ScarCruft - APT-C-28 (96c3508e-f5f9-52b4-9d1e-b246d68f643d) 360.net Threat Actors 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
APT37 - G0067 (4a2ce82e-1a74-468a-a6fb-bbead541383c) Intrusion Set Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 4
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern 4
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) Attack Pattern 4
MagicRAT - S1182 (858b0f9d-3a2a-437e-a058-afe72154f6da) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern AuditCred - S0347 (24b4ce59-eaac-4c8b-8634-9b093b7ccd92) Malware 4
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 4
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern WannaCry - S0366 (75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661) Malware 4
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Device Driver Discovery - T1652 (215d9700-5881-48b8-8265-6449dbb7195d) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba) Attack Pattern Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 4
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 4
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 4
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815) RAT FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware 4
FALLCHILL - S0181 (fece06b7-d4b1-42cf-b81a-5323c917546e) Malware Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern 4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 4
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern 4
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 4
KernelCallbackTable - T1574.013 (a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware 4
Volgmer - S0180 (495b6cdb-7b5a-4fbc-8d33-e7ef68806d08) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 4
route - S0103 (c11ac61d-50f4-444f-85d8-6f006067f0de) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern RATANKBA - S0241 (9b325b06-35a1-457d-be46-a4ecc0b7ff0c) Malware 4
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern AppleJeus - S0584 (e2d34c63-6f5a-41f5-86a2-e2380f27f858) Malware 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern 4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 4
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 4
TYPEFRAME - S0263 (7ba0fc46-197d-466d-8b9f-f1c64d5d81e5) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern 4
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern 4
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 4
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
BLINDINGCAN - S0520 (01dbc71d-0ee8-420d-abb4-3dfb6a4bf725) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware 4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Proxysvc - S0238 (069af411-9b24-4e85-b26c-623d035bbe84) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern 4
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Bankshot - S0239 (1f6e3702-7ca1-4582-b2e7-4591297d05a8) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware 4
KEYMARBLE - S0271 (11e36d5b-6a92-4bf9-8eb7-85eb24f59e22) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Cryptoistic - S0498 (a04d9a4c-bb52-40bf-98ec-e350c2d6a862) Malware 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 4
BADCALL - S0245 (9dbdadb6-fdbf-490f-a35f-38762d06a0d2) Malware Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware 4
HARDRAIN - S0246 (bd0536d7-b081-43ae-a773-cfb057c5b988) Malware Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware 4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
ThreatNeedle - S0665 (16040b1c-ed28-4850-9d8f-bb8b81c42092) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 4
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 4
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware 4
Dtrack - S0567 (f8774023-8021-4ece-9aca-383ac89d2759) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool 4
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719) mitre-tool 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware 4
TAINTEDSCRIBE - S0586 (7f4bbe05-1674-4087-8a16-8f1ad61b6152) Malware Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 4
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
HotCroissant - S0431 (aad11e34-02ca-4220-91cd-2ed420af4db3) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 4
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 4
RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079) mitre-tool Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern 4
RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079) mitre-tool Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 4
RawDisk - S0364 (3ffbdc1f-d2bf-41ab-91a2-c7b857e98079) mitre-tool Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 4
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 4
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 4
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 4
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59) Attack Pattern 4
ECCENTRICBANDWAGON - S0593 (e928333f-f3df-4039-9b8b-556c2add0e42) Malware APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set HOPLIGHT - S0376 (454fe82d-6fd2-4ac6-91ab-28a33fe01369) Malware 4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 4
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 4
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern 4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern 4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 4
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Disable or Modify Network Device Firewall - T1562.013 (a0f84e1d-d25c-4dd1-bb26-3c0e68471530) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 4
APT38 - G0082 (00f67a77-86a4-4adf-be26-1a54fc713340) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 5
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 5
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
Final1stspy - S0355 (a2282af0-f9dd-4373-9b92-eaf9e11e0c71) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware 5
HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware HAPPYWORK (656cd201-d57a-4a2f-a201-531eb4922a72) Tool 5
HAPPYWORK - S0214 (211cfe9f-2676-4e1c-a5f5-2c8091da2a68) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 5
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware 5
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware 5
KARAE (70ca8408-bc45-4d39-acd2-9190ba15ea97) Tool KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware 5
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995) Attack Pattern 5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391) Attack Pattern ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
ROKRAT - S0240 (60a9c2f0-b7a5-4e8e-959c-e1a3ff314a5f) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 5
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 5
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 5
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 5
POORAIM (fe97ace3-9a80-42af-9eae-1f9245927e5d) Tool POORAIM - S0216 (53d47b09-09c2-4015-8d37-6633ecd53f79) Malware 5
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware 5
SHUTTERSPEED (d909efe3-abc3-4be0-9640-e4727542fa2b) Tool SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware 5
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern SHUTTERSPEED - S0217 (4189a679-72ed-4a89-a57c-7f689712ecf8) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware 5
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware SLOWDRIFT (e5a9a2ec-348e-4a2f-98dd-16c3e8845576) Tool 5
SLOWDRIFT - S0218 (414dc555-c79e-4b24-a2da-9b607f7eaf16) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 5
CORALDECK (becf81e5-f989-4093-a67d-d55a0483885f) Tool CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware 5
CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 5
CORALDECK - S0212 (8ab98e25-1672-4b5f-a2fb-e60f08a5ea9e) Malware Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 5
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 5
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware WINERACK (49025073-4cd3-43b8-b893-e80a1d3adc04) Tool 5
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 5
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 5
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware 5
WINERACK - S0219 (49abab73-3c5c-476e-afd5-69b5c732d845) Malware Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff) Attack Pattern 5
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 5
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware 5
BLUELIGHT - S0657 (8bd47506-29ae-44ea-a5c1-c57e8a1ab6b0) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
NavRAT - S0247 (53a42597-1974-4b8e-84fd-3675e8992053) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 5
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 5
DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 5
DOGCALL (a5e851b4-e046-43b6-bc6e-c6c008e3c5aa) Tool DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern DOGCALL - S0213 (0852567d-7958-4f4b-8947-4f840ec8d57d) Malware 5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) Attack Pattern 5
Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5) Attack Pattern RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c) Attack Pattern 5
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern 5
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 5
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 5
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 5
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 5
FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815) RAT Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool 5
Volgmer (0a52e73b-d7e9-45ae-9bda-46568f753931) Tool Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia 5
FALLCHILL (e0bea149-2def-484f-b658-f782a4f94815) RAT Volgmer (bbfd4fb4-3e5a-43bf-b4bb-eaf5ef4fb25f) Malpedia 5
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 5
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern 5
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 5
Launchctl - T1569.001 (810aa4ad-61c9-49cb-993f-daa06199421d) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 5
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern 5
Installer Packages - T1546.016 (da051493-ae9c-4b1b-9760-c009c46c9b56) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 5
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 5
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 5
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 5
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern 5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 5
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 5
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 5
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 5
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 5
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware 5
DarkComet - S0334 (53ab35c2-d00e-491a-8753-41d35ae7e547) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6) Attack Pattern Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern 5
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59) Attack Pattern 5
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 5
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern 5
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Runtime Data Manipulation - T1565.003 (32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490) Attack Pattern 5
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 5
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 5
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern 5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Space after Filename - T1036.006 (e51137a5-1cdc-499e-911a-abaedaa5ac86) Attack Pattern 5
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 5
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 5
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern 5
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 5
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 5
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 5
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 5
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 5
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Network Device Firewall - T1562.013 (a0f84e1d-d25c-4dd1-bb26-3c0e68471530) Attack Pattern 5
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern Environmental Keying - T1480.001 (f244b8dd-af6c-4391-a497-fc03627ce995) Attack Pattern 6
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 6
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 6
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 6
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 6
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 6
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern 6
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 6
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 6
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 6
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 6
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 6
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 6
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 6
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern 6
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 6
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 6
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern 6
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 6
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 6
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern 6
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 6
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 6
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 6
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 6
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 6
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 6
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 6
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 6
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 6
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 6
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 6
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 6
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 6
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 6
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 6