Skip to content

Hide Navigation Hide TOC

Turla (fa80877c-f509-4daf-8b62-20aba1635f68)

A 2014 Guardian article described Turla as: 'Dubbed the Turla hackers, initial intelligence had indicated western powers were key targets, but it was later determined embassies for Eastern Bloc nations were of more interest. Embassies in Belgium, Ukraine, China, Jordan, Greece, Kazakhstan, Armenia, Poland, and Germany were all attacked, though researchers from Kaspersky Lab and Symantec could not confirm which countries were the true targets. In one case from May 2012, the office of the prime minister of a former Soviet Union member country was infected, leading to 60 further computers being affected, Symantec researchers said. There were some other victims, including the ministry for health of a Western European country, the ministry for education of a Central American country, a state electricity provider in the Middle East and a medical organisation in the US, according to Symantec. It is believed the group was also responsible for a much - documented 2008 attack on the US Central Command. The attackers - who continue to operate - have ostensibly sought to carry out surveillance on targets and pilfer data, though their use of encryption across their networks has made it difficult to ascertain exactly what the hackers took.Kaspersky Lab, however, picked up a number of the attackers searches through their victims emails, which included terms such as Nato and EU energy dialogue Though attribution is difficult to substantiate, Russia has previously been suspected of carrying out the attacks and Symantecs Gavin O’ Gorman told the Guardian a number of the hackers appeared to be using Russian names and language in their notes for their malicious code. Cyrillic was also seen in use.'

Cluster A Galaxy A Cluster B Galaxy B Level
Turla (fa80877c-f509-4daf-8b62-20aba1635f68) Threat Actor Secret Blizzard (8d19da8a-d0fa-5194-ad6f-315cc4f36c8b) Microsoft Activity Group actor 1
Turla (fa80877c-f509-4daf-8b62-20aba1635f68) Threat Actor APT26 (c097471c-2405-4393-b6d7-afbcb5f0cd11) Threat Actor 1
Turla (fa80877c-f509-4daf-8b62-20aba1635f68) Threat Actor Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 1
APT26 (c097471c-2405-4393-b6d7-afbcb5f0cd11) Threat Actor Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 2
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
LunarLoader - S1143 (6490afef-d88e-4e2b-b9d9-a472508ca59d) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 2
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 2
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
nbtstat - S0102 (b35068ec-107a-4266-bda8-eb7036267aea) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set Arp - S0099 (30489451-5886-4c46-90c9-0dff9adc5252) mitre-tool 2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 2
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool 2
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
File/Path Exclusions - T1564.012 (09b008a9-b4eb-462a-a751-a0eb58050cd9) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Web Services - T1584.006 (ae797531-3219-49a4-bccf-324ad7a4c7b2) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 2
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6) Intrusion Set 2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware 3
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d) Attack Pattern LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware 3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware 3
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware 3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware 3
Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) Attack Pattern LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware 3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware 3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f) Malware 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 3
PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 3
PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d) Attack Pattern LunarLoader - S1143 (6490afef-d88e-4e2b-b9d9-a472508ca59d) Malware 3
LunarLoader - S1143 (6490afef-d88e-4e2b-b9d9-a472508ca59d) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
LunarLoader - S1143 (6490afef-d88e-4e2b-b9d9-a472508ca59d) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern LunarLoader - S1143 (6490afef-d88e-4e2b-b9d9-a472508ca59d) Malware 3
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern LunarLoader - S1143 (6490afef-d88e-4e2b-b9d9-a472508ca59d) Malware 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 3
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 3
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern 3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware 3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern 3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0) Malware Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103) Malware 3
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e) Malware Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) Attack Pattern 3
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e) Malware 3
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e) Malware Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern 3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593) Malware Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970) Attack Pattern 3
Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 3
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1) Attack Pattern 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 3
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 3
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Gazer (0a3047b3-6a38-48ff-8f9c-49a5c28e3ada) Malpedia Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4) Malware 3
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 3
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 3
nbtstat - S0102 (b35068ec-107a-4266-bda8-eb7036267aea) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
nbtstat - S0102 (b35068ec-107a-4266-bda8-eb7036267aea) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool 3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc) mitre-tool Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 3
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 3
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f) mitre-tool Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 3
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool 3
NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8) mitre-tool Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 3
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Arp - S0099 (30489451-5886-4c46-90c9-0dff9adc5252) mitre-tool 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Arp - S0099 (30489451-5886-4c46-90c9-0dff9adc5252) mitre-tool 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware Wipbot (6b6cf608-cc2c-40d7-8500-afca3e35e7e4) Malpedia 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware Wipbot (36c0faf0-428e-4e7f-93c5-824bb0495ac9) Tool 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware Extra Window Memory Injection - T1055.011 (0042a9f5-f053-4769-b3ef-9ad018dfa298) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1) Malware Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 3
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 3
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware 3
Turla (22332d52-c0c2-443c-9ffb-f08c0d23722c) Tool Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 3
Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04) Attack Pattern Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
Uroburos (Windows) (d674ffd2-1f27-403b-8fe9-b4af6e303e5c) Malpedia Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware 3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4) Malware Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 3
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool 3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e) mitre-tool 3
Agent.BTZ (d9cc15f7-0880-4ae4-8df4-87c58338d6b8) Malpedia ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
ComRAT (9223bf17-7e32-4833-9574-9ffd8c929765) RAT ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Agent.BTZ (da079741-05e6-458c-b434-011263dc691c) Tool 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 3
ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 3
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 3
Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern 3
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 3
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 3
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3) mitre-tool 3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 3
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern File/Path Exclusions - T1564.012 (09b008a9-b4eb-462a-a751-a0eb58050cd9) Attack Pattern 3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 3
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 3
Web Services - T1584.006 (ae797531-3219-49a4-bccf-324ad7a4c7b2) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 3
Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Socket Filters - T1205.002 (005cc321-08ce-4d17-b1ea-cb5275926520) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550) Malware Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2) Malware Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 3
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware 3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware 3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern 3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware 3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware 3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware 3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware 3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 3
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern 3
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 3
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d) Attack Pattern 4
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 4
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927) Attack Pattern 4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 4
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 4
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 4
Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 4
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d) Attack Pattern 4
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 4
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern 4
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6) Attack Pattern Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern 4
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 4
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern 4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 4
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 4
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 4
Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern 4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) Attack Pattern 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6) Attack Pattern 4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 4
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 4
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern 4
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern 4
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 4
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 4
Wipbot (6b6cf608-cc2c-40d7-8500-afca3e35e7e4) Malpedia Wipbot (36c0faf0-428e-4e7f-93c5-824bb0495ac9) Tool 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Extra Window Memory Injection - T1055.011 (0042a9f5-f053-4769-b3ef-9ad018dfa298) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1) Attack Pattern 4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 4
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern 4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 4
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 4
Turla (22332d52-c0c2-443c-9ffb-f08c0d23722c) Tool Uroburos (Windows) (d674ffd2-1f27-403b-8fe9-b4af6e303e5c) Malpedia 4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04) Attack Pattern 4
Agent.BTZ (d9cc15f7-0880-4ae4-8df4-87c58338d6b8) Malpedia ComRAT (9223bf17-7e32-4833-9574-9ffd8c929765) RAT 4
ComRAT (9223bf17-7e32-4833-9574-9ffd8c929765) RAT Agent.BTZ (da079741-05e6-458c-b434-011263dc691c) Tool 4
Agent.BTZ (d9cc15f7-0880-4ae4-8df4-87c58338d6b8) Malpedia Agent.BTZ (da079741-05e6-458c-b434-011263dc691c) Tool 4
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 4
Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7) Attack Pattern Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490) Attack Pattern 4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern 4
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 4
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 4
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern 4
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 4
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 4
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2) Attack Pattern 4
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern 4
MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96) Attack Pattern Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b) Attack Pattern 4
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 4
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 4
Socket Filters - T1205.002 (005cc321-08ce-4d17-b1ea-cb5275926520) Attack Pattern Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c) Attack Pattern 4
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 4
Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345) Attack Pattern File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern 4
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 4