| Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3) |
Attack Pattern |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
Transfer Data to Cloud Account - T1537 (d4bdbdea-eaec-4071-b4f9-5105e12ea4b6) |
Attack Pattern |
1 |
| AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) |
mitre-tool |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) |
Attack Pattern |
1 |
| INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) |
Attack Pattern |
1 |
| PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
esentutl - S0404 (c256da91-6dd5-40b2-beeb-ee3b22ab3d27) |
mitre-tool |
1 |
| INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) |
Attack Pattern |
1 |
| Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) |
Attack Pattern |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) |
Attack Pattern |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) |
Attack Pattern |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) |
Attack Pattern |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| Nltest - S0359 (981acc4c-2ede-4b56-be6e-fa1a75f37acf) |
mitre-tool |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) |
Attack Pattern |
1 |
| INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) |
Attack Pattern |
1 |
| INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) |
Attack Pattern |
1 |
| INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) |
Attack Pattern |
1 |
| INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) |
Attack Pattern |
1 |
| INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) |
Attack Pattern |
1 |
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) |
Attack Pattern |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) |
Malware |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) |
mitre-tool |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) |
Attack Pattern |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) |
Attack Pattern |
1 |
| INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) |
Attack Pattern |
1 |
| INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
1 |
| Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79) |
mitre-tool |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) |
Attack Pattern |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
INC Ransom - G1032 (cb41e991-65f4-4668-a65f-f4200545b5a1) |
Intrusion Set |
1 |
| Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) |
Attack Pattern |
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) |
mitre-tool |
2 |
| AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) |
mitre-tool |
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) |
Attack Pattern |
2 |
| Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) |
Attack Pattern |
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) |
mitre-tool |
2 |
| AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) |
mitre-tool |
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) |
Attack Pattern |
2 |
| AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) |
mitre-tool |
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) |
Attack Pattern |
2 |
| PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
2 |
| PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) |
Tool |
2 |
| PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) |
Attack Pattern |
2 |
| PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) |
Attack Pattern |
2 |
| PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) |
Attack Pattern |
2 |
| PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) |
mitre-tool |
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) |
Attack Pattern |
2 |
| Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) |
Attack Pattern |
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
2 |
| Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) |
Attack Pattern |
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
2 |
| Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) |
Attack Pattern |
2 |
| Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) |
Attack Pattern |
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
2 |
| Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) |
Attack Pattern |
2 |
| Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) |
Attack Pattern |
2 |
| Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) |
Attack Pattern |
2 |
| Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) |
Attack Pattern |
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
2 |
| Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) |
Attack Pattern |
2 |
| Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) |
Attack Pattern |
2 |
| Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) |
Attack Pattern |
2 |
| Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) |
Attack Pattern |
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
2 |
| Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) |
Attack Pattern |
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
2 |
| Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) |
Attack Pattern |
2 |
| Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) |
Attack Pattern |
2 |
| Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) |
mitre-tool |
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) |
Attack Pattern |
2 |
| Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) |
Attack Pattern |
esentutl - S0404 (c256da91-6dd5-40b2-beeb-ee3b22ab3d27) |
mitre-tool |
2 |
| NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) |
Attack Pattern |
esentutl - S0404 (c256da91-6dd5-40b2-beeb-ee3b22ab3d27) |
mitre-tool |
2 |
| NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) |
Attack Pattern |
esentutl - S0404 (c256da91-6dd5-40b2-beeb-ee3b22ab3d27) |
mitre-tool |
2 |
| Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) |
Attack Pattern |
esentutl - S0404 (c256da91-6dd5-40b2-beeb-ee3b22ab3d27) |
mitre-tool |
2 |
| Direct Volume Access - T1006 (0c8ab3eb-df48-4b9c-ace7-beacaac81cc5) |
Attack Pattern |
esentutl - S0404 (c256da91-6dd5-40b2-beeb-ee3b22ab3d27) |
mitre-tool |
2 |
| Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) |
Attack Pattern |
esentutl - S0404 (c256da91-6dd5-40b2-beeb-ee3b22ab3d27) |
mitre-tool |
2 |
| Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) |
Attack Pattern |
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) |
Attack Pattern |
2 |
| Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) |
Attack Pattern |
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) |
Attack Pattern |
2 |
| Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) |
Attack Pattern |
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) |
Attack Pattern |
2 |
| Nltest - S0359 (981acc4c-2ede-4b56-be6e-fa1a75f37acf) |
mitre-tool |
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) |
Attack Pattern |
2 |
| Nltest - S0359 (981acc4c-2ede-4b56-be6e-fa1a75f37acf) |
mitre-tool |
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) |
Attack Pattern |
2 |
| Nltest - S0359 (981acc4c-2ede-4b56-be6e-fa1a75f37acf) |
mitre-tool |
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) |
Attack Pattern |
2 |
| Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) |
Attack Pattern |
2 |
| Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) |
Attack Pattern |
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) |
Attack Pattern |
2 |
| Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
2 |
| Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) |
Attack Pattern |
INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) |
Malware |
2 |
| INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) |
Malware |
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) |
Attack Pattern |
2 |
| INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) |
Malware |
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) |
Attack Pattern |
2 |
| INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) |
Malware |
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) |
Attack Pattern |
2 |
| INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) |
Malware |
Device Driver Discovery - T1652 (215d9700-5881-48b8-8265-6449dbb7195d) |
Attack Pattern |
2 |
| Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) |
Attack Pattern |
INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) |
Malware |
2 |
| INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) |
Malware |
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) |
Attack Pattern |
2 |
| INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) |
Malware |
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) |
Attack Pattern |
2 |
| INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) |
Malware |
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) |
Attack Pattern |
2 |
| Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) |
Attack Pattern |
INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) |
Malware |
2 |
| INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) |
Malware |
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) |
Attack Pattern |
2 |
| INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) |
Malware |
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) |
Attack Pattern |
2 |
| INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) |
Malware |
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) |
Attack Pattern |
2 |
| INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) |
Malware |
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) |
Attack Pattern |
2 |
| INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) |
Malware |
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) |
Attack Pattern |
2 |
| Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) |
mitre-tool |
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) |
Attack Pattern |
2 |
| Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) |
mitre-tool |
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) |
Attack Pattern |
2 |
| Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) |
Attack Pattern |
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) |
Attack Pattern |
2 |
| Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) |
Attack Pattern |
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) |
Attack Pattern |
2 |
| Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79) |
mitre-tool |
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) |
Attack Pattern |
2 |
| Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79) |
mitre-tool |
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) |
Attack Pattern |
2 |
| Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79) |
mitre-tool |
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) |
Attack Pattern |
2 |
| Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79) |
mitre-tool |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) |
Attack Pattern |
2 |
| Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) |
Attack Pattern |
Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79) |
mitre-tool |
2 |
| Rclone - S1040 (59096109-a1dd-463b-87e7-a8d110fe3a79) |
mitre-tool |
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) |
Attack Pattern |
2 |
| Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) |
Attack Pattern |
2 |
| Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
2 |
| Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) |
Attack Pattern |
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) |
Attack Pattern |
3 |
| Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) |
Attack Pattern |
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
3 |
| Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) |
Attack Pattern |
3 |
| Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) |
Attack Pattern |
3 |
| Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) |
Attack Pattern |
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) |
Attack Pattern |
3 |
| Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) |
Attack Pattern |
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) |
Attack Pattern |
3 |
| Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) |
Attack Pattern |
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) |
Attack Pattern |
3 |
| Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) |
Attack Pattern |
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) |
Attack Pattern |
3 |
| Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) |
Attack Pattern |
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) |
Attack Pattern |
3 |
| OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) |
Attack Pattern |
3 |
| Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) |
Attack Pattern |
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) |
Attack Pattern |
3 |
| Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) |
Attack Pattern |
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) |
Attack Pattern |
3 |
| Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) |
Attack Pattern |
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) |
Attack Pattern |
3 |
| Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) |
Attack Pattern |
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) |
Attack Pattern |
3 |
| Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) |
Attack Pattern |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) |
Attack Pattern |
3 |
| Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) |
Attack Pattern |
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) |
Attack Pattern |
3 |