Hide Navigation Hide TOC

APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)

APT28 is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub August 2020) This group has been active since at least 2004.(Citation: DOJ GRU Indictment Jul 2018) (Citation: Ars Technica GRU indictment Jul 2018) (Citation: Crowdstrike DNC June 2016) (Citation: FireEye APT28) (Citation: SecureWorks TG-4127) (Citation: FireEye APT28 January 2017) (Citation: GRIZZLY STEPPE JAR) (Citation: Sofacy DealersChoice) (Citation: Palo Alto Sofacy 06-2018) (Citation: Symantec APT28 Oct 2018) (Citation: ESET Zebrocy May 2019)

APT28 reportedly compromised the Hillary Clinton campaign, the Democratic National Committee, and the Democratic Congressional Campaign Committee in 2016 in an attempt to interfere with the U.S. presidential election. (Citation: Crowdstrike DNC June 2016) In 2018, the US indicted five GRU Unit 26165 officers associated with APT28 for cyber operations (including close-access operations) conducted between 2014 and 2018 against the World Anti-Doping Agency (WADA), the US Anti-Doping Agency, a US nuclear facility, the Organization for the Prohibition of Chemical Weapons (OPCW), the Spiez Swiss Chemicals Laboratory, and other organizations.(Citation: US District Court Indictment GRU Oct 2018) Some of these were conducted with the assistance of GRU Unit 74455, which is also referred to as Sandworm Team.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e)	Attack Pattern	1
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	1
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	1
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Buy domain name - T1328 (45242287-2964-4a3e-9373-159fad4d8195)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	1
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)	Threat Actor	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	1
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Network Denial of Service - T1498 (d74c4a7e-ffbf-432f-9365-7ebf1f787cab)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	1
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	1
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	1
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be)	Attack Pattern	1
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	1
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	1
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
cipher.exe - S1205 (da66959d-9875-4fde-bfed-11111a55895e)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658)	Malware	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	1
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	1
Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	1
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	1
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd)	360.net Threat Actors	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Obtain/re-use payloads - T1346 (27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768)	Attack Pattern	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	1
Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	1
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	1
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	1
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec)	Microsoft Activity Group actor	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Wi-Fi Networks - T1669 (fde016f6-211a-41c8-a4ab-301f1e419c62)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	1
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	1
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4)	Malware	1
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	1
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	1
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	1
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2)	mitre-tool	1
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	1
Exploitation for Stealth - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	1
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925)	Attack Pattern	1
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869)	Attack Pattern	1
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e)	Attack Pattern	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
Disable or Modify Windows Event Log - T1685.001 (1411e6b8-80a6-4465-9909-54eaa9c67ce0)	Attack Pattern	Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a)	mitre-tool	2
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a)	mitre-tool	Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0)	Attack Pattern	2
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a)	mitre-tool	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	2
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	2
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	2
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	2
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd)	360.net Threat Actors	APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)	Threat Actor	2
Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347)	Microsoft Activity Group actor	APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)	Threat Actor	2
STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec)	Microsoft Activity Group actor	APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)	Threat Actor	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	2
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	2
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	2
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a)	Attack Pattern	Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	2
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	2
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	2
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	2
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	2
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	2
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	2
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	2
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	2
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	2
XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74)	Malpedia	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	2
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101)	Tool	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	2
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	2
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	2
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	2
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	2
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	2
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	2
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	2
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	2
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
Social Engineering - T1684 (41e4d77a-6275-4976-9e35-785985598519)	Attack Pattern	Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be)	Attack Pattern	2
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	2
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada)	Attack Pattern	2
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	2
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	2
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf)	Malpedia	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40)	Tool	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	2
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c)	Tool	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	2
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	2
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	2
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf)	Malpedia	2
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40)	Tool	2
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c)	Tool	X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	2
cipher.exe - S1205 (da66959d-9875-4fde-bfed-11111a55895e)	mitre-tool	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	2
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658)	Malware	2
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6)	Attack Pattern	2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	2
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd)	360.net Threat Actors	STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec)	Microsoft Activity Group actor	2
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd)	360.net Threat Actors	Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347)	Microsoft Activity Group actor	2
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	2
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	2
Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	2
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	2
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0)	Attack Pattern	2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	2
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2)	Malpedia	2
Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a)	Tool	Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	2
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	2
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	2
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	2
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	2
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4)	Malware	2
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4)	Malware	2
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	2
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	2
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d)	mitre-tool	Winexe (811bdec0-e236-48ae-b27c-1a8fe0bfc3a9)	Tool	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef)	Attack Pattern	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	USBStealer (44909efb-7cd3-42e3-b225-9f3e96b5f362)	Tool	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	2
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c)	Malpedia	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	2
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	2
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	2
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	2
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	2
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	2
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	2
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb)	Tool	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75)	Malpedia	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	2
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	2
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	2
Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e)	Attack Pattern	Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2)	mitre-tool	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2)	mitre-tool	2
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2)	mitre-tool	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	2
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	2
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	2
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	2
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	2
OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520)	Tool	OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	2
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	2
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869)	Attack Pattern	2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	Disable or Modify Windows Event Log - T1685.001 (1411e6b8-80a6-4465-9909-54eaa9c67ce0)	Attack Pattern	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	3
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	3
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	3
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74)	Malpedia	X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101)	Tool	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada)	Attack Pattern	Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	3
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	3
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c)	Tool	CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40)	Tool	3
X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf)	Malpedia	CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40)	Tool	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	3
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c)	Tool	X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf)	Malpedia	3
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc)	Attack Pattern	3
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6)	Attack Pattern	3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	3
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	3
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	3
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c)	Malpedia	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	3
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d)	Unknown	3
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729)	Android	3
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	3
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	3
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	3
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c)	Malpedia	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	3
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d)	Unknown	3
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729)	Android	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	3
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	3
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	3
Coreshell (579cc23d-4ba4-419f-bf8a-f235ed33125e)	Malpedia	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	3
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c)	Malpedia	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	3
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729)	Android	3
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d)	Unknown	3
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	3
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	3
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	3
Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a)	Tool	Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2)	Malpedia	3
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	3
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb)	Tool	Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75)	Malpedia	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	3
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	3
OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520)	Tool	OLDBAIT (b79a6b61-f122-4823-a4ab-bbab89fcaf75)	Malpedia	3