Hide Navigation Hide TOC

Sandworm (b4fbf3b0-1a5e-4bdc-8977-74fff1db19ff)

Sandworm is a threat group associated with the Kiev, Ukraine electrical transmission substation attacks which resulted in the impact of electric grid operations on December 17th, 2016. Sandworm has been cited as the authors of the Industroyer malware which was used in the 2016 Ukraine attacks.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Sandworm (b4fbf3b0-1a5e-4bdc-8977-74fff1db19ff)	Groups	Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35)	Threat Actor	1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35)	Threat Actor	2
Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35)	Threat Actor	GreyEnergy (d52ca4c4-d214-11e8-8d29-c3e7cb78acce)	Threat Actor	2
Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35)	Threat Actor	Private Cluster (b47250ec-2094-4d06-b658-11456e05fe89)	Unknown	2
沙虫 - APT-C-13 (0fdab65b-3e2b-5fd8-be36-cc18c7bcc1d7)	360.net Threat Actors	Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35)	Threat Actor	2
Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35)	Threat Actor	Private Cluster (feac86e4-6bb2-4ba0-ac99-806aeb0a776c)	Unknown	2
Seashell Blizzard (473eb51c-36cb-5e3a-8347-2f57df809be9)	Microsoft Activity Group actor	Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35)	Threat Actor	2
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Linked Devices - T1676 (a126c117-54e4-4b93-9e4f-72cc964e6760)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Databases - T1213.006 (248d3fe1-7fe1-4d71-91c7-8bb7ef35cad3)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	VPNFilter - S1010 (6108f800-10b8-4090-944e-be579f01263d)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Search Victim-Owned Websites - T1594 (16cdd21f-da65-4e4f-bc04-dd7d198c7b26)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Botnet - T1584.005 (810d8072-afb6-4a56-9ee7-86379ac4a6f3)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Vulnerabilities - T1588.006 (2b5aa86b-a0df-4382-848d-30abea443327)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Invoke-PSImage - S0231 (b52d6583-14a2-4ddc-8527-87fd2142558f)	mitre-tool	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Industroyer2 - S1072 (6a0d0ea9-b2c4-43fe-a552-ac41a3009dc5)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Employee Names - T1589.003 (76551c52-b111-4884-bc47-ff3e728f0156)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Phishing - T1660 (defc1257-4db1-4fb3-8ef5-bb77f63146df)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153)	mitre-tool	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	3
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)	Intrusion Set	Social Media Accounts - T1586.001 (274770e0-2612-4ccf-a678-ef8e7bad365d)	Attack Pattern	3
Seashell Blizzard (473eb51c-36cb-5e3a-8347-2f57df809be9)	Microsoft Activity Group actor	沙虫 - APT-C-13 (0fdab65b-3e2b-5fd8-be36-cc18c7bcc1d7)	360.net Threat Actors	3
Seashell Blizzard (473eb51c-36cb-5e3a-8347-2f57df809be9)	Microsoft Activity Group actor	IRIDIUM (29cfe970-5446-4cfc-a2da-00e9f49e02ba)	Threat Actor	3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2)	Malware	4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2)	Malware	4
AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2)	Malware	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	4
AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2)	Malware	System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	4
KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac)	Malware	4
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac)	Malware	4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac)	Malware	4
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac)	Malware	4
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac)	Malware	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac)	Malware	4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac)	Malware	4
Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
BlackEnergy (5a22cad7-65fa-4b7a-a7aa-7915a6101efa)	Tool	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
BlackEnergy (82c644ab-550a-4a83-9b35-d545f4719069)	Malpedia	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4)	Malware	4
External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3)	Attack Pattern	Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b)	Attack Pattern	4
Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f)	Attack Pattern	Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	4
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	Databases - T1213.006 (248d3fe1-7fe1-4d71-91c7-8bb7ef35cad3)	Attack Pattern	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be)	Malware	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be)	Malware	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be)	Malware	4
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be)	Malware	4
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be)	Malware	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be)	Malware	4
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be)	Malware	4
Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163)	Attack Pattern	Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be)	Malware	4
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa)	Malware	4
AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa)	Malware	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa)	Malware	4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa)	Malware	4
AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa)	Malware	System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	4
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	4
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	4
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f)	Attack Pattern	Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884)	Attack Pattern	4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	4
VPNFilter - S1010 (6108f800-10b8-4090-944e-be579f01263d)	Malware	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	4
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb)	Malware	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb)	Malware	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb)	Malware	4
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb)	Malware	4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb)	Malware	4
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb)	Malware	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb)	Malware	4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb)	Malware	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb)	Malware	4
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb)	Malware	4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb)	Malware	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb)	Malware	4
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb)	Malware	4
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	4
Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	4
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	4
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	Botnet - T1584.005 (810d8072-afb6-4a56-9ee7-86379ac4a6f3)	Attack Pattern	4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9)	Malware	4
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9)	Malware	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9)	Malware	4
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9)	Malware	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	4
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9)	Malware	Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471)	Attack Pattern	4
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Vulnerabilities - T1588.006 (2b5aa86b-a0df-4382-848d-30abea443327)	Attack Pattern	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	4
Invoke-PSImage - S0231 (b52d6583-14a2-4ddc-8527-87fd2142558f)	mitre-tool	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	4
Invoke-PSImage - S0231 (b52d6583-14a2-4ddc-8527-87fd2142558f)	mitre-tool	Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	4
Industroyer2 - S1072 (6a0d0ea9-b2c4-43fe-a552-ac41a3009dc5)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	4
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	4
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00)	Attack Pattern	Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	4
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	4
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	4
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	4
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	4
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662)	Attack Pattern	4
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	4
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	4
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	4
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	4
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd)	Malware	Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	4
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd)	Malware	Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9)	Attack Pattern	4
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd)	Malware	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	4
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd)	Malware	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	4
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd)	Malware	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	4
Employee Names - T1589.003 (76551c52-b111-4884-bc47-ff3e728f0156)	Attack Pattern	Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	4
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5)	Malware	4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5)	Malware	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5)	Malware	4
Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5)	Malware	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5)	Malware	4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5)	Malware	4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5)	Malware	4
Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341)	Malware	4
CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341)	Malware	Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6)	Attack Pattern	4
CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341)	Malware	Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	4
Compromise Software Supply Chain - T1474.003 (9558a84e-2d5e-4872-918e-d847494a8ffc)	Attack Pattern	CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341)	Malware	4
CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341)	Malware	Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	4
Asymmetric Cryptography - T1521.002 (16d73b64-5681-4ea0-9af4-4ad86f7c96e8)	Attack Pattern	CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341)	Malware	4
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77)	Attack Pattern	CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341)	Malware	4
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341)	Malware	4
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341)	Malware	4
CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341)	Malware	Native API - T1575 (52eff1c7-dd30-4121-b762-24ae6fa61bbb)	Attack Pattern	4
CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341)	Malware	Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	4
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd)	Malware	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	4
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd)	Malware	Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345)	Attack Pattern	4
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd)	Malware	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	4
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd)	Malware	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	4
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd)	Malware	Databases - T1213.006 (248d3fe1-7fe1-4d71-91c7-8bb7ef35cad3)	Attack Pattern	4
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd)	Malware	Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	4
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd)	Malware	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	4
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd)	Malware	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	4
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153)	mitre-tool	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153)	mitre-tool	4
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a)	Malware	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a)	Malware	4
Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a)	Malware	Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	4
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a)	Malware	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a)	Malware	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a)	Malware	4
Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	4
Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a)	Malware	Firmware Corruption - T1495 (f5bb433e-bdf6-4781-84bc-35e97e43be89)	Attack Pattern	4
Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a)	Malware	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	4
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a)	Malware	4
Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a)	Malware	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a)	Malware	4
Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a)	Malware	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	4
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d)	Attack Pattern	4
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	4
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	4
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	4
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	4
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	4
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2)	Attack Pattern	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	4
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9)	Attack Pattern	Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	4
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	4
Application or System Exploitation - T1499.004 (2bee5ffb-7a7a-4119-b1f2-158151b19ac0)	Attack Pattern	Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	4
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	4
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	4
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	4
Compromise Host Software Binary - T1554 (960c3c86-1480-4d72-b4e0-8c242e84a5c5)	Attack Pattern	Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	4
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4)	Malware	4
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4)	Malware	4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4)	Malware	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4)	Malware	4
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4)	Malware	4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4)	Malware	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4)	Malware	4
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4)	Malware	4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4)	Malware	4
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4)	Malware	4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4)	Malware	4
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4)	Malware	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4)	Malware	4
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4)	Malware	4
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	4
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	4
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	Component Firmware - T1542.002 (791481f8-e96a-41be-b089-a088763083d4)	Attack Pattern	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	4
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Social Media Accounts - T1586.001 (274770e0-2612-4ccf-a678-ef8e7bad365d)	Attack Pattern	Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	4
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	5
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	5
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	5
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd)	Attack Pattern	5
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	5
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	5
Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	5
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	5
BlackEnergy (5a22cad7-65fa-4b7a-a7aa-7915a6101efa)	Tool	BlackEnergy (82c644ab-550a-4a83-9b35-d545f4719069)	Malpedia	5
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	5
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	5
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d)	Attack Pattern	Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163)	Attack Pattern	5
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	5
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471)	Attack Pattern	5
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	5
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	5
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	5
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	5
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	5
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	5
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	5
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	5
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	5
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	5
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	5
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	5
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	5
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	5
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	5
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	5
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	5
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	5
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	5
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	5
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9)	Attack Pattern	5
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	5
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	5
Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c)	Attack Pattern	Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1)	Attack Pattern	5
Compromise Software Supply Chain - T1474.003 (9558a84e-2d5e-4872-918e-d847494a8ffc)	Attack Pattern	Supply Chain Compromise - T1474 (0d95940f-9583-4e0f-824c-a42c1be47fad)	Attack Pattern	5
Asymmetric Cryptography - T1521.002 (16d73b64-5681-4ea0-9af4-4ad86f7c96e8)	Attack Pattern	Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84)	Attack Pattern	5
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc)	Attack Pattern	5
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673)	Attack Pattern	5
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345)	Attack Pattern	5
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	5
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	5
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	5
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	5
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	5
Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7)	Attack Pattern	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	5
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	5
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	5
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	5
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490)	Attack Pattern	5
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96)	Attack Pattern	Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b)	Attack Pattern	5
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	5
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2)	Attack Pattern	5
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	5
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	5
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	5
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	5
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	5
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	5
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	5
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	5
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	5
Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4)	Attack Pattern	Application or System Exploitation - T1499.004 (2bee5ffb-7a7a-4119-b1f2-158151b19ac0)	Attack Pattern	5
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	Component Firmware - T1542.002 (791481f8-e96a-41be-b089-a088763083d4)	Attack Pattern	5
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	5
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	5