Hide Navigation Hide TOC

Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)

Fox Kitten is threat actor with a suspected nexus to the Iranian government that has been active since at least 2017 against entities in the Middle East, North Africa, Europe, Australia, and North America. Fox Kitten has targeted multiple industrial verticals including oil and gas, technology, government, defense, healthcare, manufacturing, and engineering.(Citation: ClearkSky Fox Kitten February 2020)(Citation: CrowdStrike PIONEER KITTEN August 2020)(Citation: Dragos PARISITE )(Citation: ClearSky Pay2Kitten December 2020)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e)	Attack Pattern	Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7)	Attack Pattern	1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	China Chopper - S0020 (5a3a31fe-5a8f-48e1-bff0-a753e5b1be70)	Malware	1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	1
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c)	Attack Pattern	1
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Pay2Key - S0556 (77ca1aa3-280c-4b67-abaa-e8fb891a8f83)	Malware	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	1
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	1
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	1
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	1
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	1
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	1
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	1
Fox Kitten - G0117 (c21dd6f1-1364-4a70-a1f7-783080ec34ee)	Intrusion Set	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	1
Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e)	Attack Pattern	Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	2
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	2
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	2
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	2
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906)	mitre-tool	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
China Chopper - S0020 (5a3a31fe-5a8f-48e1-bff0-a753e5b1be70)	Malware	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	2
China Chopper - S0020 (5a3a31fe-5a8f-48e1-bff0-a753e5b1be70)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
China Chopper - S0020 (5a3a31fe-5a8f-48e1-bff0-a753e5b1be70)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
China Chopper - S0020 (5a3a31fe-5a8f-48e1-bff0-a753e5b1be70)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
China Chopper - S0020 (5a3a31fe-5a8f-48e1-bff0-a753e5b1be70)	Malware	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	2
China Chopper - S0020 (5a3a31fe-5a8f-48e1-bff0-a753e5b1be70)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	China Chopper - S0020 (5a3a31fe-5a8f-48e1-bff0-a753e5b1be70)	Malware	2
China Chopper - S0020 (5a3a31fe-5a8f-48e1-bff0-a753e5b1be70)	Malware	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	2
China Chopper - S0020 (5a3a31fe-5a8f-48e1-bff0-a753e5b1be70)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
China Chopper - S0020 (5a3a31fe-5a8f-48e1-bff0-a753e5b1be70)	Malware	Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	2
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2
VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	2
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	Pay2Key - S0556 (77ca1aa3-280c-4b67-abaa-e8fb891a8f83)	Malware	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Pay2Key - S0556 (77ca1aa3-280c-4b67-abaa-e8fb891a8f83)	Malware	2
Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	Pay2Key - S0556 (77ca1aa3-280c-4b67-abaa-e8fb891a8f83)	Malware	2
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Pay2Key - S0556 (77ca1aa3-280c-4b67-abaa-e8fb891a8f83)	Malware	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Pay2Key - S0556 (77ca1aa3-280c-4b67-abaa-e8fb891a8f83)	Malware	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Pay2Key - S0556 (77ca1aa3-280c-4b67-abaa-e8fb891a8f83)	Malware	2
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	Pay2Key - S0556 (77ca1aa3-280c-4b67-abaa-e8fb891a8f83)	Malware	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Pay2Key - S0556 (77ca1aa3-280c-4b67-abaa-e8fb891a8f83)	Malware	2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928)	Attack Pattern	Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	2
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	2
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	3
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3