Hide Navigation Hide TOC

Turla (fa80877c-f509-4daf-8b62-20aba1635f68)

A 2014 Guardian article described Turla as: 'Dubbed the Turla hackers, initial intelligence had indicated western powers were key targets, but it was later determined embassies for Eastern Bloc nations were of more interest. Embassies in Belgium, Ukraine, China, Jordan, Greece, Kazakhstan, Armenia, Poland, and Germany were all attacked, though researchers from Kaspersky Lab and Symantec could not confirm which countries were the true targets. In one case from May 2012, the office of the prime minister of a former Soviet Union member country was infected, leading to 60 further computers being affected, Symantec researchers said. There were some other victims, including the ministry for health of a Western European country, the ministry for education of a Central American country, a state electricity provider in the Middle East and a medical organisation in the US, according to Symantec. It is believed the group was also responsible for a much - documented 2008 attack on the US Central Command. The attackers - who continue to operate - have ostensibly sought to carry out surveillance on targets and pilfer data, though their use of encryption across their networks has made it difficult to ascertain exactly what the hackers took.Kaspersky Lab, however, picked up a number of the attackers searches through their victims emails, which included terms such as Nato and EU energy dialogue Though attribution is difficult to substantiate, Russia has previously been suspected of carrying out the attacks and Symantecs Gavin O’ Gorman told the Guardian a number of the hackers appeared to be using Russian names and language in their notes for their malicious code. Cyrillic was also seen in use.'

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Turla (fa80877c-f509-4daf-8b62-20aba1635f68)	Threat Actor	APT26 (c097471c-2405-4393-b6d7-afbcb5f0cd11)	Threat Actor	1
Turla (fa80877c-f509-4daf-8b62-20aba1635f68)	Threat Actor	Secret Blizzard (8d19da8a-d0fa-5194-ad6f-315cc4f36c8b)	Microsoft Activity Group actor	1
Turla (fa80877c-f509-4daf-8b62-20aba1635f68)	Threat Actor	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	1
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	APT26 (c097471c-2405-4393-b6d7-afbcb5f0cd11)	Threat Actor	2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e)	mitre-tool	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	2
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	2
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	2
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab)	Malware	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	2
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6)	Attack Pattern	2
Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
File/Path Exclusions - T1564.012 (09b008a9-b4eb-462a-a751-a0eb58050cd9)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Web Services - T1584.006 (ae797531-3219-49a4-bccf-324ad7a4c7b2)	Attack Pattern	2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd)	Malware	2
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
LunarLoader - S1143 (6490afef-d88e-4e2b-b9d9-a472508ca59d)	Malware	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3)	Attack Pattern	2
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103)	Malware	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	2
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e)	Malware	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593)	Malware	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	2
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	2
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	nbtstat - S0102 (b35068ec-107a-4266-bda8-eb7036267aea)	mitre-tool	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111)	mitre-tool	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	2
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Databases - T1213.006 (248d3fe1-7fe1-4d71-91c7-8bb7ef35cad3)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	2
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	2
NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8)	mitre-tool	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Arp - S0099 (30489451-5886-4c46-90c9-0dff9adc5252)	mitre-tool	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970)	Attack Pattern	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	2
Turla - G0010 (7a19ecb1-3c65-4de3-a230-993516aed6a6)	Intrusion Set	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	2
IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e)	mitre-tool	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	3
IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e)	mitre-tool	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e)	mitre-tool	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e)	mitre-tool	3
IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e)	mitre-tool	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e)	mitre-tool	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e)	mitre-tool	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
IronNetInjector - S0581 (b1595ddd-a783-482a-90e1-8afc8d48467e)	mitre-tool	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	3
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	3
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	Socket Filters - T1205.002 (005cc321-08ce-4d17-b1ea-cb5275926520)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	3
Penquin - S0587 (d18cb958-f4ad-4fb3-bb4f-e8994d206550)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c)	Attack Pattern	3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	Kazuar - S0265 (536be338-e2ef-4a6b-afb6-8d5568b91eb2)	Malware	3
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	3
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc)	Attack Pattern	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Mosquito - S0256 (92b55426-109f-4d93-899f-1833ce91ff90)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96)	Attack Pattern	3
Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Exploitation of Remote Services - T1210 (9db0cf3a-a3c9-4012-8268-123b9db6fd82)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Video Capture - T1125 (6faf650d-bf31-4eb4-802d-1000cf38efaf)	Attack Pattern	3
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	3
Empire - S0363 (3433a9e8-1c47-4320-b9bf-ed449061d1c3)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab)	Malware	3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab)	Malware	3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab)	Malware	3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab)	Malware	3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab)	Malware	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab)	Malware	Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab)	Malware	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
TinyTurla - S0668 (2a7c1bb7-cd12-456e-810d-ab3bf8457bab)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	3
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	3
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	3
LunarWeb - S1141 (e1284931-3f85-4262-a641-9ae8bb0576a0)	Malware	Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	3
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c)	Attack Pattern	3
Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	3
File/Path Exclusions - T1564.012 (09b008a9-b4eb-462a-a751-a0eb58050cd9)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	3
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	3
LunarMail - S1142 (a5789a26-2b7b-4b2d-a25f-31182468d4bb)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Carbon - S0335 (b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	3
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	Web Services - T1584.006 (ae797531-3219-49a4-bccf-324ad7a4c7b2)	Attack Pattern	3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd)	Malware	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd)	Malware	3
PowerStallion - S0393 (dcac85c1-6485-4790-84f6-de5e6f6b91dd)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	3
Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	LunarLoader - S1143 (6490afef-d88e-4e2b-b9d9-a472508ca59d)	Malware	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	LunarLoader - S1143 (6490afef-d88e-4e2b-b9d9-a472508ca59d)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	LunarLoader - S1143 (6490afef-d88e-4e2b-b9d9-a472508ca59d)	Malware	3
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	LunarLoader - S1143 (6490afef-d88e-4e2b-b9d9-a472508ca59d)	Malware	3
LunarLoader - S1143 (6490afef-d88e-4e2b-b9d9-a472508ca59d)	Malware	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3)	Attack Pattern	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103)	Malware	3
KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	3
KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103)	Malware	3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103)	Malware	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103)	Malware	3
KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103)	Malware	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103)	Malware	3
KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103)	Malware	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103)	Malware	3
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103)	Malware	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103)	Malware	3
KOPILUWAK - S1075 (09fcc02f-f9d4-43fa-8609-5e5e186b7103)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e)	Malware	3
Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d)	Attack Pattern	HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e)	Malware	3
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e)	Malware	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	3
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e)	Malware	Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	3
HyperStack - S0537 (2cf7dec3-66fc-423f-b2c7-58f1de243b4e)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	3
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593)	Malware	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593)	Malware	3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593)	Malware	3
Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593)	Malware	3
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643)	Attack Pattern	Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593)	Malware	3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593)	Malware	Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b)	Attack Pattern	3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	3
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593)	Malware	3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593)	Malware	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593)	Malware	3
Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec)	Attack Pattern	Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593)	Malware	3
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593)	Malware	3
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593)	Malware	3
Crutch - S0538 (925a6c52-5cf0-4fec-99de-b0d6917d8593)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	LightNeuron - S0395 (6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb)	Malware	3
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58)	Attack Pattern	3
Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6)	Attack Pattern	Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	3
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	Gazer (0a3047b3-6a38-48ff-8f9c-49a5c28e3ada)	Malpedia	3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	3
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	3
Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf)	Attack Pattern	Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	3
Gazer - S0168 (76abb3ef-dafd-4762-97cb-a35379429db4)	Malware	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	3
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	3
Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0)	Attack Pattern	Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9)	Attack Pattern	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60)	mitre-tool	3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	3
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	3
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	nbtstat - S0102 (b35068ec-107a-4266-bda8-eb7036267aea)	mitre-tool	3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	nbtstat - S0102 (b35068ec-107a-4266-bda8-eb7036267aea)	mitre-tool	3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	netstat - S0104 (4664b683-f578-434f-919b-1c1aad2a1111)	mitre-tool	3
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Wipbot (36c0faf0-428e-4e7f-93c5-824bb0495ac9)	Tool	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Extra Window Memory Injection - T1055.011 (0042a9f5-f053-4769-b3ef-9ad018dfa298)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Wipbot (6b6cf608-cc2c-40d7-8500-afca3e35e7e4)	Malpedia	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Epic - S0091 (6b62e336-176f-417b-856a-8552dd8c44e1)	Malware	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Turla (22332d52-c0c2-443c-9ffb-f08c0d23722c)	Tool	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Uroburos (Windows) (d674ffd2-1f27-403b-8fe9-b4af6e303e5c)	Malpedia	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	3
Uroburos - S0022 (80a014ba-3fef-4768-990b-37d8bd10d7f4)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
Databases - T1213.006 (248d3fe1-7fe1-4d71-91c7-8bb7ef35cad3)	Attack Pattern	Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416)	Attack Pattern	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662)	Attack Pattern	3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	3
certutil - S0160 (0a68f1f1-da74-4d28-8d9a-696c082706cc)	mitre-tool	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	3
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	3
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	3
PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367)	Tool	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	3
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db)	mitre-tool	3
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	3
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475)	Attack Pattern	3
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	3
Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23)	mitre-tool	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	3
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	3
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	3
Reg - S0075 (cde2d700-9ed1-46cf-9bce-07364fe8b24f)	mitre-tool	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	3
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f)	mitre-tool	3
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
ComRAT (9223bf17-7e32-4833-9574-9ffd8c929765)	RAT	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Agent.BTZ (da079741-05e6-458c-b434-011263dc691c)	Tool	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Agent.BTZ (d9cc15f7-0880-4ae4-8df4-87c58338d6b8)	Malpedia	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	ComRAT - S0126 (da5880b4-f7da-4869-85f2-e0aba84b8565)	Malware	3
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8)	mitre-tool	3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8)	mitre-tool	3
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8)	mitre-tool	3
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8)	mitre-tool	3
Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	NBTscan - S0590 (b63970b7-ddfb-4aee-97b1-80d335e033a8)	mitre-tool	3
Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1)	mitre-tool	System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	3
Arp - S0099 (30489451-5886-4c46-90c9-0dff9adc5252)	mitre-tool	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	3
Arp - S0099 (30489451-5886-4c46-90c9-0dff9adc5252)	mitre-tool	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	3
Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Malware - T1588.001 (7807d3a4-a885-4639-a786-c1ed41484970)	Attack Pattern	3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	3
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	4
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c)	Attack Pattern	4
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	4
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345)	Attack Pattern	4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	4
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	4
Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c)	Attack Pattern	Socket Filters - T1205.002 (005cc321-08ce-4d17-b1ea-cb5275926520)	Attack Pattern	4
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	4
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c)	Attack Pattern	Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e)	Attack Pattern	4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	4
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	4
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee)	Attack Pattern	4
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	4
Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
Dylib Hijacking - T1574.004 (fc742192-19e3-466c-9eb5-964a97b29490)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	4
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	4
Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b)	Attack Pattern	MSBuild - T1127.001 (c92e3d68-2349-49e4-a341-7edca2deff96)	Attack Pattern	4
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d)	Attack Pattern	Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163)	Attack Pattern	4
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	4
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	4
Path Interception by PATH Environment Variable - T1574.007 (0c2d00da-7742-49e7-9928-4514e5075d32)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	4
Credential API Hooking - T1056.004 (f5946b5e-9408-485f-a7f7-b5efc88909b6)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	4
Path Interception by Search Order Hijacking - T1574.008 (58af3705-8740-4c68-9329-ec015a7013c2)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	4
Path Interception by Unquoted Path - T1574.009 (bf96a5a3-3bce-43b7-8597-88545984c07b)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	4
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27)	Attack Pattern	4
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004)	Attack Pattern	Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	4
Exfiltration to Code Repository - T1567.001 (86a96bf6-cf8b-411c-aaeb-8959944d64f7)	Attack Pattern	Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807)	Attack Pattern	4
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	4
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4)	Attack Pattern	System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253)	Attack Pattern	4
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Keychain - T1555.001 (1eaebf46-e361-4437-bc23-d5d65a3b92e3)	Attack Pattern	4
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	4
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	4
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	4
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a)	Attack Pattern	Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1)	Attack Pattern	4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762)	Attack Pattern	4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e)	Attack Pattern	4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	4
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8)	Attack Pattern	Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	4
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67)	Attack Pattern	Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177)	Attack Pattern	4
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	4
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6)	Attack Pattern	Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a)	Attack Pattern	4
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	4
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	4
Clear Mailbox Data - T1070.008 (438c967d-3996-4870-bfc2-3954752a1927)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	4
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	4
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	4
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	4
Default Accounts - T1078.001 (6151cbea-819b-455a-9fa6-99a1cc58797d)	Attack Pattern	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	4
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Transport Agent - T1505.002 (35187df2-31ed-43b6-a1f5-2f1d3d58d3f1)	Attack Pattern	4
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a)	Attack Pattern	4
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931)	Attack Pattern	Transmitted Data Manipulation - T1565.002 (d0613359-5781-4fd2-b5be-c269270be1f6)	Attack Pattern	4
Thread Execution Hijacking - T1055.003 (41d9846c-f6af-4302-a654-24bba2729bc6)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	4
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742)	Attack Pattern	Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852)	Attack Pattern	4
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	4
Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	4
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	4
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	4
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926)	Attack Pattern	4
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802)	Tool	MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b)	Malpedia	4
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163)	Attack Pattern	4
Wipbot (36c0faf0-428e-4e7f-93c5-824bb0495ac9)	Tool	Wipbot (6b6cf608-cc2c-40d7-8500-afca3e35e7e4)	Malpedia	4
Extra Window Memory Injection - T1055.011 (0042a9f5-f053-4769-b3ef-9ad018dfa298)	Attack Pattern	Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	4
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04)	Attack Pattern	4
Uroburos (Windows) (d674ffd2-1f27-403b-8fe9-b4af6e303e5c)	Malpedia	Turla (22332d52-c0c2-443c-9ffb-f08c0d23722c)	Tool	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Embedded Payloads - T1027.009 (0533ab23-3f7d-463f-9bd8-634d27e4dee1)	Attack Pattern	4
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	4
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	4
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	4
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c)	Attack Pattern	4
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291)	Attack Pattern	Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27)	Attack Pattern	4
Credentials in Registry - T1552.002 (341e222a-a6e3-4f6f-b69c-831d792b1580)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	4
Agent.BTZ (da079741-05e6-458c-b434-011263dc691c)	Tool	ComRAT (9223bf17-7e32-4833-9574-9ffd8c929765)	RAT	4
ComRAT (9223bf17-7e32-4833-9574-9ffd8c929765)	RAT	Agent.BTZ (d9cc15f7-0880-4ae4-8df4-87c58338d6b8)	Malpedia	4
Agent.BTZ (da079741-05e6-458c-b434-011263dc691c)	Tool	Agent.BTZ (d9cc15f7-0880-4ae4-8df4-87c58338d6b8)	Malpedia	4