Skip to content

Hide Navigation Hide TOC

Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192)

Sandworm Team is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: USDOJ Sandworm Feb 2020)(Citation: NCSC Sandworm Feb 2020)

In October 2020, the US indicted six GRU Unit 74455 officers associated with Sandworm Team for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide NotPetya attack, targeting of the 2017 French presidential campaign, the 2018 Olympic Destroyer attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as APT28.(Citation: US District Court Indictment GRU Oct 2018)

Cluster A Galaxy A Cluster B Galaxy B Level
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153) mitre-tool Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 1
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 1
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 1
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 1
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac) Malware Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Social Media Accounts - T1586.001 (274770e0-2612-4ccf-a678-ef8e7bad365d) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 1
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2) Malware 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Linked Devices - T1676 (a126c117-54e4-4b93-9e4f-72cc964e6760) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 1
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set VPNFilter - S1010 (6108f800-10b8-4090-944e-be579f01263d) Malware 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35) Threat Actor 1
Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa) Malware 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Databases - T1213.006 (248d3fe1-7fe1-4d71-91c7-8bb7ef35cad3) Attack Pattern 1
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9) Malware Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Search Open Websites/Domains - T1593 (a0e6614a-7740-4b24-bd65-f1bde09fc365) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Industroyer2 - S1072 (6a0d0ea9-b2c4-43fe-a552-ac41a3009dc5) Malware Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 1
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Search Victim-Owned Websites - T1594 (16cdd21f-da65-4e4f-bc04-dd7d198c7b26) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 1
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337) Attack Pattern 1
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Invoke-PSImage - S0231 (b52d6583-14a2-4ddc-8527-87fd2142558f) mitre-tool 1
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
Botnet - T1584.005 (810d8072-afb6-4a56-9ee7-86379ac4a6f3) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 1
Vulnerabilities - T1588.006 (2b5aa86b-a0df-4382-848d-30abea443327) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 1
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 1
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 1
Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 1
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 1
Employee Names - T1589.003 (76551c52-b111-4884-bc47-ff3e728f0156) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Phishing - T1660 (defc1257-4db1-4fb3-8ef5-bb77f63146df) Attack Pattern 1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 1
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set 1
Sandworm Team - G0034 (381fcf73-60f6-4ab2-9991-6af3cbc35192) Intrusion Set Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) Attack Pattern 1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153) mitre-tool 2
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153) mitre-tool Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware Application or System Exploitation - T1499.004 (2bee5ffb-7a7a-4119-b1f2-158151b19ac0) Attack Pattern 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware Compromise Host Software Binary - T1554 (960c3c86-1480-4d72-b4e0-8c242e84a5c5) Attack Pattern 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Industroyer - S0604 (e401d4fe-f0c9-44f0-98e6-f93487678808) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 2
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Network Device Firewall - T1686.002 (a29aa77c-a88d-4f19-bab9-7751941b2e2d) Attack Pattern 2
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 2
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware 2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware 2
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Component Firmware - T1542.002 (791481f8-e96a-41be-b089-a088763083d4) Attack Pattern 2
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware 2
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware 2
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 2
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware 2
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware 2
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware 2
Cyclops Blink - S0687 (b350b47f-88fe-4921-8538-6d9c59bac84e) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d) Attack Pattern Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern 2
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 2
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern 2
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 2
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 2
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern PoshC2 - S0378 (4b57c098-f043-4da2-83ef-7588a6d426bc) mitre-tool 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 2
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern 2
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 2
Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 2
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 2
Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 2
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 2
Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 2
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 2
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 2
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 2
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 2
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 2
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern KillDisk - S0607 (e221eb77-1502-4129-af1d-fe1ad55e7ec6) Malware 2
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 2
Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 2
Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac) Malware Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 2
Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 2
Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 2
Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac) Malware Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 2
Neo-reGeorg - S1189 (bae6edd1-eb36-4581-ba7e-6cbfe0e24eac) Malware Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 2
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Social Media Accounts - T1586.001 (274770e0-2612-4ccf-a678-ef8e7bad365d) Attack Pattern 2
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 2
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 2
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c) Attack Pattern 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 2
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 2
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 2
Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 2
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 2
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 2
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 2
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 2
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 2
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware BlackEnergy (82c644ab-550a-4a83-9b35-d545f4719069) Malpedia 2
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware BlackEnergy (5a22cad7-65fa-4b7a-a7aa-7915a6101efa) Tool 2
Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 2
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern BlackEnergy - S0089 (54cc1d4f-5c53-4f0e-9ef5-11b4998e82e4) Malware 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 2
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2) Malware 2
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2) Malware 2
AcidRain - S1125 (04cecafd-cb5f-4daf-aa1f-73899116c4a2) Malware Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 2
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 2
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware 2
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 2
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 2
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern 2
Prestige - S1058 (1da748a5-875d-4212-9222-b4c23ab861be) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 2
VPNFilter - S1010 (6108f800-10b8-4090-944e-be579f01263d) Malware Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 2
Seashell Blizzard (473eb51c-36cb-5e3a-8347-2f57df809be9) Microsoft Activity Group actor Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35) Threat Actor 2
Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35) Threat Actor Private Cluster (b47250ec-2094-4d06-b658-11456e05fe89) Unknown 2
GreyEnergy (d52ca4c4-d214-11e8-8d29-c3e7cb78acce) Threat Actor Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35) Threat Actor 2
Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35) Threat Actor Private Cluster (feac86e4-6bb2-4ba0-ac99-806aeb0a776c) Unknown 2
Sandworm (b4fbf3b0-1a5e-4bdc-8977-74fff1db19ff) Groups Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35) Threat Actor 2
沙虫 - APT-C-13 (0fdab65b-3e2b-5fd8-be36-cc18c7bcc1d7) 360.net Threat Actors Sandworm (f512de42-f76b-40d2-9923-59e7dbdfec35) Threat Actor 2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
External Defacement - T1491.002 (0cfe31a7-81fc-472c-bc45-e2808d1066a3) Attack Pattern Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern 2
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern Business Relationships - T1591.002 (6ee2dc99-91ad-4534-a7d8-a649358c331f) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa) Malware 2
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa) Malware 2
AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa) Malware Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa) Malware 2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa) Malware 2
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa) Malware 2
AcidPour - S1167 (4b1b3a36-bbd6-462c-9c03-7fd4fb5e0dfa) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Databases - T1213.006 (248d3fe1-7fe1-4d71-91c7-8bb7ef35cad3) Attack Pattern Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern 2
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9) Malware Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) Attack Pattern 2
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9) Malware Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9) Malware 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9) Malware 2
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 2
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9) Malware 2
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Kapeka - S1190 (a43e55c9-0b7c-42c0-81de-b7a42d724db9) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware 2
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern 2
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern 2
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware 2
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 2
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 2
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware 2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware 2
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware 2
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
NotPetya - S0368 (5719af9d-6b16-46f9-9b28-fb019541ddbb) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Industroyer2 - S1072 (6a0d0ea9-b2c4-43fe-a552-ac41a3009dc5) Malware 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 2
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 2
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 2
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9) Attack Pattern 2
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware 2
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 2
Exaramel for Linux - S0401 (11194d8b-fdce-45d2-8047-df15bb8f16bd) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337) Attack Pattern 2
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern 2
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Invoke-PSImage - S0231 (b52d6583-14a2-4ddc-8527-87fd2142558f) mitre-tool 2
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern Invoke-PSImage - S0231 (b52d6583-14a2-4ddc-8527-87fd2142558f) mitre-tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 2
Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 2
Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware 2
Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 2
Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 2
Exaramel for Windows - S0343 (051eaca1-958f-4091-9e5f-a9acd8f820b5) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware 2
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware 2
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 2
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware 2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware 2
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 2
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662) Attack Pattern 2
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware 2
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
GreyEnergy - S0342 (308b3d68-a084-4dfb-885a-3125e1a9c1e8) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 2
Linux and Mac Permissions - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 2
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 2
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 2
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 2
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Databases - T1213.006 (248d3fe1-7fe1-4d71-91c7-8bb7ef35cad3) Attack Pattern P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware 2
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
P.A.S. Webshell - S0598 (4800d0f9-00aa-47cd-a4d2-92198585b8fd) Malware Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 2
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern 2
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Botnet - T1584.005 (810d8072-afb6-4a56-9ee7-86379ac4a6f3) Attack Pattern 2
Vulnerabilities - T1588.006 (2b5aa86b-a0df-4382-848d-30abea443327) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 2
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 2
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 2
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 2
Firmware Corruption - T1495 (f5bb433e-bdf6-4781-84bc-35e97e43be89) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Bad Rabbit - S0606 (2eaa5319-5e1e-4dd7-bbc4-566fced3964a) Malware 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 2
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938) Attack Pattern 2
BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 2
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 2
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 2
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 2
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern 2
Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1) Attack Pattern CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware 2
CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware Compromise Software Supply Chain - T1474.003 (9558a84e-2d5e-4872-918e-d847494a8ffc) Attack Pattern 2
CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4) Attack Pattern 2
CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern 2
CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern 2
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware 2
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware 2
CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware Native API - T1575 (52eff1c7-dd30-4121-b762-24ae6fa61bbb) Attack Pattern 2
CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware Asymmetric Cryptography - T1521.002 (16d73b64-5681-4ea0-9af4-4ad86f7c96e8) Attack Pattern 2
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware 2
CHEMISTGAMES - S0555 (a0d774e4-bafc-4292-8651-3ec899391341) Malware Download New Code at Runtime - T1407 (6c49d50f-494d-4150-b774-a655022d20a6) Attack Pattern 2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Employee Names - T1589.003 (76551c52-b111-4884-bc47-ff3e728f0156) Attack Pattern Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 2
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 2
Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 2
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 2
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 2
Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 2
Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 2
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 2
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern Olympic Destroyer - S0365 (3249e92a-870b-426d-8790-ba311c1abfb4) Malware 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 2
Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern Application or System Exploitation - T1499.004 (2bee5ffb-7a7a-4119-b1f2-158151b19ac0) Attack Pattern 3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 3
Network Device Firewall - T1686.002 (a29aa77c-a88d-4f19-bab9-7751941b2e2d) Attack Pattern Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 3
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern Component Firmware - T1542.002 (791481f8-e96a-41be-b089-a088763083d4) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 3
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 3
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 3
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 3
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 3
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern 3
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 3
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern 3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern 3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) Attack Pattern 3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 3
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7) Attack Pattern 3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 3
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96) Attack Pattern Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b) Attack Pattern 3
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 3
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c) Attack Pattern 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
BlackEnergy (5a22cad7-65fa-4b7a-a7aa-7915a6101efa) Tool BlackEnergy (82c644ab-550a-4a83-9b35-d545f4719069) Malpedia 3
Services File Permissions Weakness - T1574.010 (9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 3
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac) Attack Pattern 3
Seashell Blizzard (473eb51c-36cb-5e3a-8347-2f57df809be9) Microsoft Activity Group actor 沙虫 - APT-C-13 (0fdab65b-3e2b-5fd8-be36-cc18c7bcc1d7) 360.net Threat Actors 3
Seashell Blizzard (473eb51c-36cb-5e3a-8347-2f57df809be9) Microsoft Activity Group actor IRIDIUM (29cfe970-5446-4cfc-a2da-00e9f49e02ba) Threat Actor 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade File Type - T1036.008 (208884f1-7b83-4473-ac22-4e1cf6c41471) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 3
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9) Attack Pattern 3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 3
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 3
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Portable Executable Injection - T1055.002 (806a49c4-970d-43f9-9acc-ac0ee11e6662) Attack Pattern 3
Linux and Mac Permissions - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern 3
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 3
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 3
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 3
User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 3
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 3
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 3
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern 3
Unix Shell - T1623.001 (693cdbff-ea73-49c6-ac3f-91e7285c31d1) Attack Pattern Command and Scripting Interpreter - T1623 (29f1f56c-7b7a-4c14-9e39-59577ea2743c) Attack Pattern 3
Compromise Software Supply Chain - T1474.003 (9558a84e-2d5e-4872-918e-d847494a8ffc) Attack Pattern Supply Chain Compromise - T1474 (0d95940f-9583-4e0f-824c-a42c1be47fad) Attack Pattern 3
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern 3
Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84) Attack Pattern Asymmetric Cryptography - T1521.002 (16d73b64-5681-4ea0-9af4-4ad86f7c96e8) Attack Pattern 3
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern 3