Hide Navigation Hide TOC

APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)

The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations. It has been characterized as an advanced persistent threat.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd)	360.net Threat Actors	APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)	Threat Actor	1
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)	Threat Actor	Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347)	Microsoft Activity Group actor	1
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)	Threat Actor	STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec)	Microsoft Activity Group actor	1
APT28 (5b4ee3ea-eee3-4c8e-8323-85ae32658754)	Threat Actor	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	1
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd)	360.net Threat Actors	STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec)	Microsoft Activity Group actor	2
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd)	360.net Threat Actors	Forest Blizzard (8d84d7b0-7716-5ab3-a3a4-f373dd148347)	Microsoft Activity Group actor	2
奇幻熊 - APT-C-20 (3d9f700c-5eb5-5d36-a6e7-47b55f2844cd)	360.net Threat Actors	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
STRONTIUM (213cdde9-c11a-4ea9-8ce0-c868e9826fec)	Microsoft Activity Group actor	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Buy domain name - T1328 (45242287-2964-4a3e-9373-159fad4d8195)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	2
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	2
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Network Denial of Service - T1498 (d74c4a7e-ffbf-432f-9365-7ebf1f787cab)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Search Open Technical Databases - T1596 (55fc4df0-b42c-479a-b860-7a6761bcaad0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be)	Attack Pattern	2
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
cipher.exe - S1205 (da66959d-9875-4fde-bfed-11111a55895e)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658)	Malware	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	2
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	2
Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	2
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Obtain/re-use payloads - T1346 (27f3ddf8-1b77-4cc2-a4c0-e6da3d31a768)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	2
Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	2
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	2
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Wi-Fi Networks - T1669 (fde016f6-211a-41c8-a4ab-301f1e419c62)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	2
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4)	Malware	2
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	2
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	2
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2)	mitre-tool	2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Exploitation for Stealth - T1211 (fe926152-f431-4baf-956c-4ad3cb0bf23b)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869)	Attack Pattern	2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a)	mitre-tool	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	2
APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	2
Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	APT28 - G0007 (bef4c620-0787-42a8-a96d-b7eb6e85917c)	Intrusion Set	2
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	3
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
XAgentOSX - S0161 (59a97b15-8189-4d51-9404-e1ce8ea4a069)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	3
Fysbis - S0410 (50d6688b-0985-4f3d-8cbe-0c796b30703b)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	Sharepoint - T1213.002 (0c4b4fda-9062-47da-98b9-ceae2dcf052a)	Attack Pattern	3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	3
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	3
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	3
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74)	Malpedia	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101)	Tool	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	3
XTunnel - S0117 (7343e208-7cab-45f2-a47b-41ba5e2f0fab)	Malware	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	3
LAMEHUG - S9035 (c55e0410-842d-4365-a2c8-26c0330f85b8)	Malware	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	3
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	3
Social Engineering - T1684 (41e4d77a-6275-4976-9e35-785985598519)	Attack Pattern	Impersonation - T1684.001 (cd92d2b8-ce43-4666-9472-f1b4b9f4f8be)	Attack Pattern	3
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	3
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	3
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada)	Attack Pattern	3
LoJax - S0397 (b865dded-0553-4962-a44b-6fe7863effed)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	3
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c)	Tool	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40)	Tool	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf)	Malpedia	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	CHOPSTICK - S0023 (ccd61dfc-b03f-4689-8c18-7c97eab08472)	Malware	3
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161)	Attack Pattern	3
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	Bootkit - T1542.003 (1b7b1806-7746-41a1-a35d-e48dae25ddba)	Attack Pattern	3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40)	Tool	3
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c)	Tool	X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	3
X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf)	Malpedia	3
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	X-Agent for Android - S0314 (56660521-6db4-4e5a-a927-464f22954b7c)	Malware	3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	3
cipher.exe - S1205 (da66959d-9875-4fde-bfed-11111a55895e)	mitre-tool	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	3
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63)	Attack Pattern	DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658)	Malware	3
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
DealersChoice - S0243 (8f460983-1bbb-4e7e-8094-f0b5e720f658)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	3
Drovorub - S0502 (99164b38-1775-40bc-b77b-a2373b14540a)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
Zebrocy - S0251 (a4f57468-fbd5-49e4-8476-52088220b92d)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	3
Komplex - S0162 (f108215f-3487-489d-be8b-80e346d32518)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	3
Application Access Token - T1550.001 (f005e783-57d4-4837-88ad-dbe7faee1c51)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b)	Attack Pattern	Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4)	Attack Pattern	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	3
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	3
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a)	Attack Pattern	Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b)	Attack Pattern	3
Remote Data Staging - T1074.002 (359b00ad-9425-420b-bba5-6de8d600cbc0)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	3
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	3
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	3
Koadic - S0250 (c8655260-9f4b-44e3-85e1-6538a5f6e4f4)	mitre-tool	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	3
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	3
Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a)	Tool	Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	3
Downdelph - S0134 (08d20cd2-f084-45ee-8558-fa6ef5a18519)	Malware	Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2)	Malpedia	3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	3
Cannon - S0351 (d20b397a-ea47-48a9-b503-2e2a3551e11d)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4)	Malware	3
Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	HIDEDRV - S0135 (e669bb87-f773-4c7b-bfcc-a9ffebfdd8d4)	Malware	3
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	3
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	3
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	3
Evil Twin - T1557.004 (48b836c6-e4ca-435a-82a3-29c03e5b492e)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	3
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Winexe - S0191 (96fd6cc4-a693-4118-83ec-619e5352d07d)	mitre-tool	Winexe (811bdec0-e236-48ae-b27c-1a8fe0bfc3a9)	Tool	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	USBStealer (44909efb-7cd3-42e3-b225-9f3e96b5f362)	Tool	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Communication Through Removable Media - T1092 (64196062-5210-42c3-9a02-563a0d1797ef)	Attack Pattern	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4)	Attack Pattern	3
USBStealer - S0136 (af2ad3b7-ab6a-4807-91fd-51bcaff9acbb)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	3
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c)	Malpedia	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
JHUHUGIT - S0044 (8ae43c46-57ef-47d5-a77a-eebb35628db2)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	3
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	3
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	CORESHELL - S0137 (60c18d06-7b91-4742-bae3-647845cd9d81)	Malware	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75)	Malpedia	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb)	Tool	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	ADVSTORESHELL - S0045 (fb575479-14ef-41e9-bfab-0b7cf10bec73)	Malware	3
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	3
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	3
Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68)	mitre-tool	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e)	Attack Pattern	Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2)	mitre-tool	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2)	mitre-tool	3
Forfiles - S0193 (90ec2b22-7061-4469-b539-0989ec4f96c2)	mitre-tool	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	3
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	3
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	3
Responder - S0174 (a1dd2dbd-1550-44bf-abcc-1a4c52e97719)	mitre-tool	Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520)	Tool	OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	3
OLDBAIT - S0138 (2dd34b01-6110-4aac-835d-b5e7b936b0be)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	3
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	Network Devices - T1584.008 (149b477f-f364-4824-b1b5-aa1d56115869)	Attack Pattern	3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Artificial Intelligence - T1588.007 (0cc222f5-c3ff-48e6-9f52-3314baf9d37e)	Attack Pattern	3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a)	mitre-tool	Disable or Modify Windows Event Log - T1685.001 (1411e6b8-80a6-4465-9909-54eaa9c67ce0)	Attack Pattern	3
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a)	mitre-tool	Clear Windows Event Logs - T1685.005 (75b9a4d2-d4e2-4ca1-9aab-1badd9e05fd0)	Attack Pattern	3
Wevtutil - S0645 (f91162cc-1686-4ff8-8115-bf3f61a4cc7a)	mitre-tool	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	3
Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	3
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	4
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	4
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
X-Tunnel (6d180bd7-3c77-4faf-b98b-dc2ab5f49101)	Tool	XTunnel (53089817-6d65-4802-a7d2-5ccc3d919b74)	Malpedia	4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	4
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	4
System Firmware - T1542.001 (16ab6452-c3c1-497c-a47d-206018ca1ada)	Attack Pattern	Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	4
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	4
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c)	Tool	CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40)	Tool	4
X-Agent (3e2c99f9-66cd-48be-86e9-d7c1c164d87c)	Tool	X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf)	Malpedia	4
CHOPSTICK (0a32ceea-fa66-47ab-8bde-150dbd6d2e40)	Tool	X-Agent (Android) (0a7d9d22-a26d-4a2b-ab9b-b296176c3ecf)	Malpedia	4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	4
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	4
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b)	Attack Pattern	Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc)	Attack Pattern	4
Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967)	Attack Pattern	Disk Content Wipe - T1561.001 (fb640c43-aa6b-431e-a961-a279010424ac)	Attack Pattern	4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Kernel Modules and Extensions - T1547.006 (a1b52199-c8c5-438a-9ded-656f1d0888c6)	Attack Pattern	4
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	4
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	4
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	4
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584)	Attack Pattern	4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	4
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729)	Android	4
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c)	Malpedia	GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	4
GAMEFISH (43cd8a09-9c80-48c8-9568-1992433af60a)	Tool	Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d)	Unknown	4
SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d)	Unknown	4
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	4
Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729)	Android	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	4
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c)	Malpedia	SOURFACE (1de47f51-1f20-403b-a2e1-5eaabe275faa)	Tool	4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	Private Cluster (75c79f95-4c84-4650-9158-510f0ce4831d)	Unknown	4
Komplex (d26b5518-8d7f-41a6-b539-231e4962853e)	Malpedia	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	4
Coreshell (579cc23d-4ba4-419f-bf8a-f235ed33125e)	Malpedia	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	4
CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	Sofacy (df36267b-7267-4c23-a7a1-cf94ef1b3729)	Android	4
Seduploader (6bd20349-1231-4aaa-ba2a-f4b09d3b344c)	Malpedia	CORESHELL (3948ce95-468e-4ce1-82b1-57439c6d6afd)	Tool	4
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	4
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	4
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	4
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	4
Downdelph (837a295c-15ff-41c0-9b7e-5f2fb502b00a)	Tool	Downdelph (e6a077cb-42cc-4193-9006-9ceda8c0dff2)	Malpedia	4
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
Exfiltration Over Physical Medium - T1052 (e6415f09-df0e-48de-9aba-928c902b7549)	Attack Pattern	Exfiltration over USB - T1052.001 (a3e1e6c5-9c74-4fc0-a16c-a9d228c17829)	Attack Pattern	4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	4
EVILTOSS (6374fc53-9a0d-41ba-b9cf-2a9765d69fbb)	Tool	Sedreco (21ab9e14-602a-4a76-a308-dbf5d6a91d75)	Malpedia	4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b)	Attack Pattern	4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	4
OLDBAIT (6d1e2736-d363-49aa-9054-9c9e4ac0c520)	Tool	OLDBAIT (b79a6b61-f122-4823-a4ab-bbab89fcaf75)	Malpedia	4
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872)	Attack Pattern	Disable or Modify Windows Event Log - T1685.001 (1411e6b8-80a6-4465-9909-54eaa9c67ce0)	Attack Pattern	4