TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)

TeamTNT is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments.(Citation: Palo Alto Black-T October 2020)(Citation: Lacework TeamTNT May 2021)(Citation: Intezer TeamTNT September 2020)(Citation: Cado Security TeamTNT Worm August 2020)(Citation: Unit 42 Hildegard Malware)(Citation: Trend Micro TeamTNT)(Citation: ATT TeamTNT Chimaera September 2020)(Citation: Aqua TeamTNT August 2020)(Citation: Intezer TeamTNT Explosion September 2021)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	1
MimiPenguin - S0179 (5a33468d-844d-4b1f-98c9-0e786c556b27)	mitre-tool	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	1
Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3)	Attack Pattern	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	1
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec)	Attack Pattern	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	1
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	1
Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Systemctl - T1569.003 (4b46767d-4a61-4f30-995e-c19a75c2e536)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Container CLI/API - T1059.013 (c283d88f-8c23-4318-9da5-3d50cecad756)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36)	Attack Pattern	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	1
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	1
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336)	Attack Pattern	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	1
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1)	Attack Pattern	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	1
Scanning IP Blocks - T1595.001 (db8f5003-3b20-48f0-9b76-123e44208120)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	TeamTNT - G0139 (35d1b3be-49d4-42f1-aaa6-ef159c880bca)	Intrusion Set	1
Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345)	Attack Pattern	File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	2
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	MimiPenguin - S0179 (5a33468d-844d-4b1f-98c9-0e786c556b27)	mitre-tool	2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	2
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e)	Attack Pattern	Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	2
Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99)	Attack Pattern	Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783)	Attack Pattern	2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3)	Attack Pattern	2
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	2
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	2
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b)	mitre-tool	2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92)	Attack Pattern	Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665)	Attack Pattern	2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336)	Attack Pattern	2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7)	Attack Pattern	2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436)	Attack Pattern	2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1)	Attack Pattern	2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51)	Attack Pattern	2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a)	Attack Pattern	2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3)	Attack Pattern	2
Peirates - S0683 (79dd477a-8226-4b3d-ad15-28623675f221)	mitre-tool	Cloud Storage Object Discovery - T1619 (8565825b-21c8-4518-b75e-cbc4c717a156)	Attack Pattern	2
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Systemctl - T1569.003 (4b46767d-4a61-4f30-995e-c19a75c2e536)	Attack Pattern	2
Container CLI/API - T1059.013 (c283d88f-8c23-4318-9da5-3d50cecad756)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Linux or Mac System Logs - T1070.002 (2bce5b30-7014-4a5d-ade7-12913fe6ac36)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Escape to Host - T1611 (4a5b7ade-8bb5-4853-84ed-23f262002665)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Compute Hijacking - T1496.001 (a718a0c8-5768-41a1-9958-a1cc3f995e99)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Container and Resource Discovery - T1613 (0470e792-32f8-46b0-a351-652bc35e9336)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	2
Hildegard - S0601 (40a1b8ec-7295-416c-a6b1-68181d86f120)	Malware	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	SSH Authorized Keys - T1098.004 (6b57dc31-b814-4a03-8706-28bc20d739c4)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
Scanning IP Blocks - T1595.001 (db8f5003-3b20-48f0-9b76-123e44208120)	Attack Pattern	Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	2
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	2
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	3
/etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Container API - T1552.007 (f8ef3a62-3f44-40a4-abca-761ab235c436)	Attack Pattern	3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51)	Attack Pattern	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	Dynamic Linker Hijacking - T1574.006 (633a100c-b2c9-41bf-9be5-905c1b16c825)	Attack Pattern	3