Skip to content

Hide Navigation Hide TOC

OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba)

OilRig is an Iranian threat group operating primarily in the Middle East by targeting organizations in this region that are in a variety of different industries; however, this group has occasionally targeted organizations outside of the Middle East as well. It also appears OilRig carries out supply chain attacks, where the threat group leverages the trust relationship between organizations to attack their primary targets.

OilRig is an active and organized threat group, which is evident based on their systematic targeting of specific organizations that appear to be carefully chosen for strategic purposes. Attacks attributed to this group primarily rely on social engineering to exploit the human rather than software vulnerabilities; however, on occasion this group has used recently patched vulnerabilities in the delivery phase of their attacks. The lack of software vulnerability exploitation does not necessarily suggest a lack of sophistication, as OilRig has shown maturity in other aspects of their operations. Such maturities involve:

-Organized evasion testing used the during development of their tools. -Use of custom DNS Tunneling protocols for command and control (C2) and data exfiltration. -Custom web-shells and backdoors used to persistently access servers.

OilRig relies on stolen account credentials for lateral movement. After OilRig gains access to a system, they use credential dumping tools, such as Mimikatz, to steal credentials to accounts logged into the compromised system. The group uses these credentials to access and to move laterally to other systems on the network. After obtaining credentials from a system, operators in this group prefer to use tools other than their backdoors to access the compromised systems, such as remote desktop and putty. OilRig also uses phishing sites to harvest credentials to individuals at targeted organizations to gain access to internet accessible resources, such as Outlook Web Access.

Since at least 2014, an Iranian threat group tracked by FireEye as APT34 has conducted reconnaissance aligned with the strategic interests of Iran. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries. Repeated targeting of Middle Eastern financial, energy and government organizations leads FireEye to assess that those sectors are a primary concern of APT34. The use of infrastructure tied to Iranian operations, timing and alignment with the national interests of Iran also lead FireEye to assess that APT34 acts on behalf of the Iranian government.

Cluster A Galaxy A Cluster B Galaxy B Level
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 1
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 1
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6) Intrusion Set 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 1
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53) Microsoft Activity Group actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 1
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor OilRig (4945c0e7-9f4b-404d-83b2-e5cd3f26c32f) Groups 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 1
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor 1
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 1
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Obfuscation or cryptography - T1313 (c2ffd229-11bb-4fd8-9208-edbe97b14c93) Attack Pattern 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Build social network persona - T1341 (9108e212-1c94-4f8d-be76-1aad9b4c86a4) Attack Pattern 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Develop social network persona digital footprint - T1342 (271e6d40-e191-421a-8f87-a8102452c201) Attack Pattern 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Create custom payloads - T1345 (fddd81e9-dd3d-477e-9773-4fb8ae227234) Attack Pattern 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor 2
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231) Microsoft Activity Group actor 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Private Cluster (7636484c-adc5-45d4-9bfe-c3e062fbc4a0) Unknown 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 2
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6) Intrusion Set OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Greenbug (47204403-34c9-4d25-a006-296a0939d1a2) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53) Microsoft Activity Group actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor 2
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53) Microsoft Activity Group actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 2
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern 2
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 2
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern 2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 2
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Disable or Modify Windows Event Log - T1685.001 (1411e6b8-80a6-4465-9909-54eaa9c67ce0) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47) mitre-tool 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 2
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 2
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern 2
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 2
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor 2
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 2
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 2
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 3
NetC (0bc03bfa-1439-4162-bb33-ec9f8f952ee5) Malpedia Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 3
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern 3
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea) Tool 3
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 3
Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231) Microsoft Activity Group actor APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e) Threat Actor 3
Greenbug (47204403-34c9-4d25-a006-296a0939d1a2) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern 3
Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
DownPaper (227862fd-ae83-4e3d-bb69-cc1a45a13aed) Malpedia DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 3
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba) Attack Pattern 3
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern 3
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern 3
Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 3
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0) Attack Pattern 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 3
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern 3
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 3
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 3
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern 3
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 3
netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern 3
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Disable or Modify Windows Event Log - T1685.001 (1411e6b8-80a6-4465-9909-54eaa9c67ce0) Attack Pattern 3
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 3
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Pupy (bdb420be-5882-41c8-b439-02bbef69d83f) RAT 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 3
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 3
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867) Attack Pattern Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern 3
Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 3
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 3
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3) Attack Pattern Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 3
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 3
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 3
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 3
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 3
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 3
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15) Attack Pattern 3
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware 3
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware 3
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware 3
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 3
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware 3
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 3
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 3
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Helminth (19d89300-ff97-4281-ac42-76542e744092) Malpedia Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 3
Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 3
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 3
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 3
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool 3
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 3
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 3
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 3
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 3
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 3
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 3
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 3
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 3
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 3
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 3
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern 3
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 3
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware 3
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 3
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 3
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool 3
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 3
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 3
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
POWRUNER (63f6df51-4de3-495a-864f-0a7e30c3b419) Malpedia POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641) Malware 3
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641) Malware 3
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) Attack Pattern 3
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 3
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 3
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern 3
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 4
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 4
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 4
TinyZbot (b933634f-81d0-41ef-bf2f-ea646fc9e59c) Malpedia TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea) Tool 4
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 4
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 4
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e) Threat Actor 4
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 4
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 4
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0) Attack Pattern 4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 4
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 4
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 4
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 4
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 4
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 4
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 4
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern 4
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 4
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 4