Skip to content

Hide Navigation Hide TOC

APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e)

FireEye has identified APT35 operations dating back to 2014. APT35, also known as the Newscaster Team, is a threat group sponsored by the Iranian government that conducts long term, resource-intensive operations to collect strategic intelligence. APT35 typically targets U.S. and the Middle Eastern military, diplomatic and government personnel, organizations in the media, energy and defense industrial base (DIB), and engineering, business services and telecommunications sectors.

Cluster A Galaxy A Cluster B Galaxy B Level
Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231) Microsoft Activity Group actor APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e) Threat Actor 1
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set APT35 (b8967b3c-3bc9-11e8-8701-8b1ead8c099e) Threat Actor 1
Mint Sandstorm (400cd1b8-52b7-5a5c-984f-9b4af35ea231) Microsoft Activity Group actor Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 2
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 2
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47) mitre-tool 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 2
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 2
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern 2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba) Attack Pattern 2
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 2
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 2
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 2
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern 2
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 2
Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 2
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 2
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 2
Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) Attack Pattern Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set 2
Magic Hound - G0059 (f9d6633a-55e6-4adc-9263-6ae080421a13) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor 3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor 3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Private Cluster (7636484c-adc5-45d4-9bfe-c3e062fbc4a0) Unknown 3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 3
Charming Kitten (f98bac6b-12fd-4cad-be84-c84666932232) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 3
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 3
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern netsh - S0108 (5a63f900-5e7e-4928-a746-dd4558e1df71) mitre-tool 3
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 3
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 3
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Ping - S0097 (b77b563c-34bb-4fb8-86a3-3694338f7b47) mitre-tool 3
Gather Victim Org Information - T1591 (937e4772-8441-4e4a-8bf0-8d447d667e23) Attack Pattern Determine Physical Locations - T1591.001 (ed730f20-0e44-48b9-85f8-0e2adeb76867) Attack Pattern 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 3
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 3
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pupy (bdb420be-5882-41c8-b439-02bbef69d83f) RAT Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
Audio Capture - T1123 (1035cdf2-3e5f-446f-a7a7-e8f6d7925967) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern Pupy - S0192 (cb69b20d-56d0-41ab-8440-4a4b251614d4) mitre-tool 3
IP Addresses - T1590.005 (0dda99f0-4701-48ca-9774-8504922e92d3) Attack Pattern Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern CharmPower - S0674 (7acb15b6-fe2c-4319-b136-6ab36ff0b2d4) Malware 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 3
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor 3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor 3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 3
Clever Kitten (d56c99fa-4710-472c-81a6-41b7a84ea4be) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 3
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 3
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 3
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Domains - T1584.001 (f9cc4d06-775f-4ee1-b401-4e2cc0da30ba) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 3
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 3
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor 3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53) Microsoft Activity Group actor 3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Greenbug (47204403-34c9-4d25-a006-296a0939d1a2) Threat Actor 3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor 3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 3
CHRYSENE (a0082cfa-32e2-42b8-92d8-5c7a7409dcf1) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 3
Credentials - T1589.001 (bc76d0a4-db11-4551-9ac4-01a469cfb161) Attack Pattern Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 3
Gather Victim Host Information - T1592 (09312b1a-c3c6-4b45-9844-3ccc78e5d82f) Attack Pattern Software - T1592.002 (baf60e1a-afe5-4d31-830f-1b1ba2351884) Attack Pattern 3
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 3
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 3
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 3
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 3
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool 3
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 3
FRP - S1144 (36dd807e-b5bc-4c3e-91ed-80682360148c) mitre-tool Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 3
Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8) Attack Pattern Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a) Attack Pattern 3
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 3
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 3
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor 3
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 3
Flying Kitten (ba724df5-9aa0-45ca-8e0e-7101c208ae48) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 3
Wi-Fi Discovery - T1016.002 (494ab9f0-36e0-4b06-b10d-57285b040a06) Attack Pattern System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 3
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 3
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 3
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 3
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 3
Rocket Kitten (f873db71-3d53-41d5-b141-530675ade27a) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 3
Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 3
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 3
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 3
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53) Microsoft Activity Group actor Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor 3
Cleaver (86724806-7ec9-4a48-a0a7-ecbde3bf4810) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 3
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 3
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Command History - T1070.003 (3aef9463-9a7a-43ba-8957-a867e07c1e6a) Attack Pattern 3
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern 3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 3
Masquerade Account Name - T1036.010 (d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 3
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern 3
PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern PowerLess - S1012 (35ee9bf3-264b-4411-8a8f-b58cec8f35e4) Malware 3
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 3
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 3
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 3
Hazel Sandstorm (b6260d6d-a2f7-5b79-8132-5c456a225f53) Microsoft Activity Group actor OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 3
OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor OilRig (4945c0e7-9f4b-404d-83b2-e5cd3f26c32f) Groups 3
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6) Intrusion Set OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 3
Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set OilRig (42be2a84-5a5c-4c6d-9864-3f09d75bb0ba) Threat Actor 3
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
DownPaper (227862fd-ae83-4e3d-bb69-cc1a45a13aed) Malpedia DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware 3
DownPaper - S0186 (e48df773-7c95-4a4c-ba70-ea3d15900148) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 3
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) Attack Pattern 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 3
Obfuscation or cryptography - T1313 (c2ffd229-11bb-4fd8-9208-edbe97b14c93) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 4
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 4
Develop social network persona digital footprint - T1342 (271e6d40-e191-421a-8f87-a8102452c201) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 4
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 4
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 4
Cutting Kitten (11e17436-6ede-4733-8547-4ce0254ea19e) Threat Actor Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 4
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 4
Create custom payloads - T1345 (fddd81e9-dd3d-477e-9773-4fb8ae227234) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 4
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 4
Build social network persona - T1341 (9108e212-1c94-4f8d-be76-1aad9b4c86a4) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 4
Social Media Accounts - T1585.001 (b1ccd744-3f78-4a0e-9bb2-2002057f7928) Attack Pattern Cleaver - G0003 (8f5e8dc7-739d-4f5e-a8a1-a66e004d7063) Intrusion Set 4
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 4
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 4
Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 4
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 4
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 4
Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 4
XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 4
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern 4
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 4
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 4
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 4
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 4
Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern 4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) Attack Pattern 4
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 4
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 4
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 4
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware 4
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 4
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 4
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 4
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 4
Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111) mitre-tool OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 4
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 4
Greenbug (47204403-34c9-4d25-a006-296a0939d1a2) Threat Actor Private Cluster (b96e02f1-4037-463f-b158-5a964352f8d9) Unknown 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 4
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 4
APT34 - G0057 (68ba94ab-78b8-43e7-83e2-aed3466882c6) Intrusion Set OilRig - G0049 (4ca1929c-7d64-4aab-b849-badbfc0c760d) Intrusion Set 4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia 4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 5
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 5
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 5
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea) Tool 5
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware 5
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 5
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 5
TinyZBot - S0004 (c0c45d38-fe57-4cd4-b2b2-9ecd0ddd4ca9) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 5
NetC (0bc03bfa-1439-4162-bb33-ec9f8f952ee5) Malpedia Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 5
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 5
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 5
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 5
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 5
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 5
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 5
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware 5
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware 5
ISMInjector - S0189 (5be33fef-39c0-4532-84ee-bea31e1b5324) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Compiled HTML File - T1218.001 (a6937325-9321-4e2e-bb2b-3ed2d40b2a9d) Attack Pattern 5
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool 5
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 5
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 5
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 5
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 5
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 5
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 5
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool 5
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 5
ngrok - S0508 (2f7f03bb-f367-4a5a-ad9b-310a12a48906) mitre-tool Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 5
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 5
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
ftp - S0095 (cf23bf4a-e003-4116-bbae-1ea6c558d565) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware 5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 5
SideTwist - S0610 (df4cd566-ff2f-4d08-976d-8c86e95782de) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 5
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Helminth (19d89300-ff97-4281-ac42-76542e744092) Malpedia Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern Helminth - S0170 (eff1a885-6f90-42a1-901f-eef6e7a1905e) Malware 5
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 5
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 5
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern 5
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 5
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern 5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware 5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 5
RDAT - S0495 (4b346d12-7f91-48d2-8f06-b26ffa0d825b) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 5
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern 5
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) Attack Pattern 5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern 5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Cached Domain Credentials - T1003.005 (6add2ab5-2711-4e9d-87c8-7a0be8531530) Attack Pattern 5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern 5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 5
LaZagne - S0349 (b76b2d94-60e4-4107-a903-4a3a7622fb3b) mitre-tool Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 5
OopsIE - S0264 (8e101fdd-9f7f-4916-bb04-6bd9e94c129c) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 5
Code Signing Certificates - T1588.003 (e7cbc1de-1f79-48ee-abfd-da1241c65a15) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 5
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 5
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 5
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware 5
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 5
BONDUPDATER - S0360 (d5268dfb-ae2b-4e0e-ac07-02a460613d8a) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 5
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 5
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) Attack Pattern 5
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
RGDoor - S0258 (b9eec47e-98f4-4b3c-b574-3fa8a87ebe05) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 5
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 5
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern 5
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 5
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 5
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 5
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware 5
ZeroCleare - S1151 (8d8518db-0f52-4f3c-8017-01389a8522bb) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 5
QUADAGENT - S0269 (7e6c2a9d-9dc1-4eb0-b27c-91e8076a9d77) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 5
OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641) Malware Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 5
OilCheck - S1171 (a49725db-4a55-44cd-aefa-78b35d2d8641) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 5
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 5
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 5
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 5
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 5
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 5
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 5
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 5
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 5
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 5
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern OilBooster - S1172 (b0381480-d5ba-4dd8-a39e-fb8f1afea3a0) Malware 5
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 5
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 5
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 5
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 5
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 5
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 5
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 5
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 5
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 5
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 5
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 5
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 5
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 5
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 5
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 5
POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 5
POWRUNER (63f6df51-4de3-495a-864f-0a7e30c3b419) Malpedia POWRUNER - S0184 (09b2cd76-c674-47cc-9f57-d2f2ad150a46) Malware 5
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 5
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 5
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware 5
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
PowerExchange - S1173 (2c9d23e7-bfd6-4e23-a512-aee3bc1474f4) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware 5
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SEASHARPEE - S0185 (0998045d-f96e-4284-95ce-3c8219707486) Malware 5
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware 5
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 5
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 5
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 5
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 5
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 5
Solar - S1166 (b921a2fa-09fe-46b8-bd3c-8118781bf1f8) Malware Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 5
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 5
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 5
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 5
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 5
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 5
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 5
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 5
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 5
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 5
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 5
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 5
Mango - S1169 (c5ec3344-e156-4b41-accb-274362e5dae8) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 5
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 5
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 5
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 5
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 5
SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 5
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern SampleCheck5000 - S1168 (a87c8100-8735-440e-8ee4-27aabb643592) Malware 5
Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0) Attack Pattern Upload Malware - T1608.001 (3ee16395-03f0-4690-a32e-69ce9ada0f9e) Attack Pattern 5
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 5
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware 5
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware 5
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware 5
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 5
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 5
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware 5
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 5
ODAgent - S1170 (42bf4ce8-415f-40e3-98b3-e3811875b406) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 5
TinyZbot (b933634f-81d0-41ef-bf2f-ea646fc9e59c) Malpedia TinyZBot (e2cc27a2-4146-4f08-8e80-114a99204cea) Tool 6
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 6
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 6
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 6
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 6
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 6
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 6
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 6
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 6
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 6
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 6
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3) Attack Pattern 6
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern /etc/passwd and /etc/shadow - T1003.008 (d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4) Attack Pattern 6
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Proc Filesystem - T1003.007 (3120b9fa-23b8-4500-ae73-09494f607b7d) Attack Pattern 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 6
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 6
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 6
Disk Structure Wipe - T1561.002 (0af0ca99-357d-4ba1-805f-674fdfb7bef9) Attack Pattern Disk Wipe - T1561 (1988cc35-ced8-4dad-b2d1-7628488fa967) Attack Pattern 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 6
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 6
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 6