Hide Navigation Hide TOC

UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)

Reporting regarding activity related to the SolarWinds supply chain injection has grown quickly since initial disclosure on 13 December 2020. A significant amount of press reporting has focused on the identification of the actor(s) involved, victim organizations, possible campaign timeline, and potential impact. The US Government and cyber community have also provided detailed information on how the campaign was likely conducted and some of the malware used. MITRE’s ATT&CK team — with the assistance of contributors — has been mapping techniques used by the actor group, referred to as UNC2452/Dark Halo by FireEye and Volexity respectively, as well as SUNBURST and TEARDROP malware.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a)	Tool	1
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e)	Tool	1
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b)	Tool	1
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	1
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	1
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b)	Threat Actor	Midnight Blizzard (31982812-c8bf-5e85-b0ba-0c64a7d05d20)	Microsoft Activity Group actor	1
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a)	Tool	Notion (5c807e49-dc90-4f80-b044-49bb990acb61)	online-service	2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a)	Tool	2
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a)	Tool	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	2
HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e)	Tool	APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	2
HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e)	Tool	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b)	Tool	2
QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b)	Tool	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	2
GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718)	Tool	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	Private Cluster ()	Unknown	2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	Private Cluster ()	Unknown	2
SUNBURST (16902832-0118-40f2-b29e-eaba799b2bf4)	Backdoor	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	2
TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266)	Tool	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	2
APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a)	Threat Actor	Midnight Blizzard (31982812-c8bf-5e85-b0ba-0c64a7d05d20)	Microsoft Activity Group actor	2
GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718)	Tool	GoldMax (9a3429d7-e4a8-43c5-8786-0b3a1c841a5f)	Malpedia	3
SUNBURST (16902832-0118-40f2-b29e-eaba799b2bf4)	Backdoor	SUNSPOT (d9b2305e-9802-483c-a95d-2ae8525c7704)	Tool	3
Raindrop (6c562458-7970-4d61-aded-1fe4a9002404)	Tool	TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266)	Tool	3
TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266)	Tool	TEARDROP (efa01fef-7faf-4bb2-8630-b3a237df882a)	Malpedia	3
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	3
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	3
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
meek - S0175 (65370d0b-3bd4-4653-8cf9-daf56f6be830)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	3
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	3
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	3
Disable or Modify Cloud Log - T1685.002 (34ff60a3-a3f8-42e4-bed0-af9a2cb563d7)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	3
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Hide Infrastructure - T1665 (eb897572-8979-4242-a089-56f294f4c91d)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	3
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215)	Attack Pattern	APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542)	Intrusion Set	Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf)	Attack Pattern	3
Raindrop (309f9be7-8824-4452-90b3-cef81fd10099)	Malpedia	Raindrop (6c562458-7970-4d61-aded-1fe4a9002404)	Tool	4
Raindrop (6c562458-7970-4d61-aded-1fe4a9002404)	Tool	NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b)	Microsoft Activity Group actor	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	4
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	4
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317)	Attack Pattern	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	4
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44)	Malware	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	4
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074)	Malware	4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b)	Attack Pattern	4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c)	Malware	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	4
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	4
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	4
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	4
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	4
POSHSPY (4df1b257-c242-46b0-b120-591430066b6f)	Malpedia	POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808)	Malware	4
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	4
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	4
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	4
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	4
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Browser Fingerprint - T1036.012 (afac5dbc-4383-4fb6-9ba6-45b25d49e530)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	4
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	4
Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4)	Attack Pattern	OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
OnionDuke (abd10caa-7d4c-4c22-8dae-8d32f13232d7)	Malpedia	OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8)	Attack Pattern	4
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	4
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	4
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	4
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	4
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	4
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	SEADADDY (1d07212e-6292-40a4-a5e9-30aef83b6207)	Malpedia	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	4
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14)	Malware	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	4
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	4
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	4
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	4
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	4
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616)	Malware	Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	4
Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a)	Attack Pattern	Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	4
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	4
One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8)	Attack Pattern	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	4
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4)	Malware	4
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a)	Attack Pattern	Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	4
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	4
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	4
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	4
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	4
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926)	mitre-tool	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	4
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	4
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	4
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	4
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	4
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	4
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	4
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
meek - S0175 (65370d0b-3bd4-4653-8cf9-daf56f6be830)	mitre-tool	Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754)	Malware	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	4
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	4
Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	4
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	4
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6)	Malware	4
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153)	mitre-tool	4
SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153)	mitre-tool	Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	4
Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76)	Malware	Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	4
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	4
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	PowerDuke (c79f5876-e3b9-417a-8eaf-8f1b01a0fecd)	Malpedia	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a)	Malware	4
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0)	Malware	4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	4
GeminiDuke (6a28a648-30c0-4d1d-bd67-81a8dc6486ba)	Tool	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	4
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6)	Malware	4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87)	mitre-tool	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	4
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be)	mitre-tool	4
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	Disable or Modify Cloud Log - T1685.002 (34ff60a3-a3f8-42e4-bed0-af9a2cb563d7)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	4
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	4
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	4
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e)	Malware	4
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	4
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	4
Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db)	Attack Pattern	ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	4
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe)	Attack Pattern	ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	4
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	4
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d)	mitre-tool	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	4
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	4
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	4
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	4
Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215)	Attack Pattern	AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756)	mitre-tool	4
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	4
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	4
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	4
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe)	Attack Pattern	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	4
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	4
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	4
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	4
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf)	Attack Pattern	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	5
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	5
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	5
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	5
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	5
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	5
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	5
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	5
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	5
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	5
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	5
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	5
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	5
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	5
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	5
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	5
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	5
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	5
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	5
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	5
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	5
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	5
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	5
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Browser Fingerprint - T1036.012 (afac5dbc-4383-4fb6-9ba6-45b25d49e530)	Attack Pattern	5
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8)	Attack Pattern	5
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	5
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	5
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	5
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	5
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	5
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	5
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	5
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	5
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	5
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	5
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	5
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	5
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	5
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	5
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	5
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	5
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	5
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	5
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	5
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	5
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	5
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	5
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	5
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	5
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819)	Attack Pattern	5
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65)	Attack Pattern	5
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	5
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938)	Attack Pattern	5
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	5
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1)	Attack Pattern	5
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	5
Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	5
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	5
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	5
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	5
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	5
Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3)	Attack Pattern	5
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33)	Attack Pattern	5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	5
Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00)	Attack Pattern	Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	5
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292)	Attack Pattern	5
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	5
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	5
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	5
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	5
Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	5
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	5
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	5
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	5
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	5
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	5
Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	5
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109)	Attack Pattern	Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d)	Attack Pattern	5
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	5
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	5
Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c)	Attack Pattern	SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2)	Attack Pattern	5
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	5
Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee)	Attack Pattern	Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d)	Attack Pattern	5
Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc)	Attack Pattern	Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	5