Skip to content

Hide Navigation Hide TOC

GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718)

Written in Go, GoldMax acts as command-and-control backdoor for the actor. It uses several different techniques to obfuscate its actions and evade detection. The malware writes an encrypted configuration file to disk, where the file name and AES-256 cipher keys are unique per implant and based on environmental variables and information about the network where it is running. GoldMax establishes a secure session key with its C2 and uses that key to securely communicate with the C2, preventing non-GoldMax-initiated connections from receiving and identifying malicious traffic. The C2 can send commands to be launched for various operations, including native OS commands, via psuedo-randomly generated cookies. The hardcoded cookies are unique to each implant, appearing to be random strings but mapping to victims and operations on the actor side.

Cluster A Galaxy A Cluster B Galaxy B Level
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718) Tool 1
GoldMax (1e912590-c879-4a9c-81b9-2d31e82ac718) Tool GoldMax (9a3429d7-e4a8-43c5-8786-0b3a1c841a5f) Malpedia 1
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor Private Cluster () Unknown 2
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor Private Cluster () Unknown 2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor SUNBURST (16902832-0118-40f2-b29e-eaba799b2bf4) Backdoor 2
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e) Tool 2
QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266) Tool NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor 2
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a) Tool Notion (5c807e49-dc90-4f80-b044-49bb990acb61) online-service 3
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a) Tool UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor 3
SNOWYAMBER (0125ef58-2675-426f-90eb-0b189961199a) Tool APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor 3
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor 3
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e) Tool 3
QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b) Tool UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor 3
UNC2452 (2ee5ed7a-c4d0-40be-a837-20817474a15b) Threat Actor Midnight Blizzard (31982812-c8bf-5e85-b0ba-0c64a7d05d20) Microsoft Activity Group actor 3
SUNSPOT (d9b2305e-9802-483c-a95d-2ae8525c7704) Tool SUNBURST (16902832-0118-40f2-b29e-eaba799b2bf4) Backdoor 3
HALFRIG (f169f0b3-fe4d-40e5-a443-2561c98eb67e) Tool APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor 3
QUARTERRIG (2d5072db-64e2-4d81-9b3a-3aa76cfa978b) Tool APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor 3
TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266) Tool TEARDROP (efa01fef-7faf-4bb2-8630-b3a237df882a) Malpedia 3
TEARDROP (aba3fd7d-87cc-4266-82a1-d458ae299266) Tool Raindrop (6c562458-7970-4d61-aded-1fe4a9002404) Tool 3
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor 4
Midnight Blizzard (31982812-c8bf-5e85-b0ba-0c64a7d05d20) Microsoft Activity Group actor APT29 (b2056ff0-00b9-482e-b11c-c771daa5f28a) Threat Actor 4
Raindrop (309f9be7-8824-4452-90b3-cef81fd10099) Malpedia Raindrop (6c562458-7970-4d61-aded-1fe4a9002404) Tool 4
NOBELIUM (d7247cf9-13b6-4781-b789-a5f33521633b) Microsoft Activity Group actor Raindrop (6c562458-7970-4d61-aded-1fe4a9002404) Tool 4
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern 5
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 5
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df) Malware 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set meek - S0175 (65370d0b-3bd4-4653-8cf9-daf56f6be830) mitre-tool 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 5
Trusted Relationship - T1199 (9fa07bef-9c81-421e-a8e5-ad4366c5a925) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153) mitre-tool 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0) Attack Pattern 5
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 5
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 5
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 5
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 5
Disable or Modify Cloud Log - T1685.002 (34ff60a3-a3f8-42e4-bed0-af9a2cb563d7) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 5
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7) Attack Pattern 5
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern 5
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 5
Hide Infrastructure - T1665 (eb897572-8979-4242-a089-56f294f4c91d) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 5
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 5
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) Attack Pattern 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 5
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 5
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 5
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 5
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
Multi-Factor Authentication Request Generation - T1621 (954a1639-f2d6-407d-aef3-4917622ca493) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 5
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 5
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 5
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 5
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 5
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 5
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 5
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 5
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool 5
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a) Attack Pattern 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 5
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a) Attack Pattern APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set 5
APT29 - G0016 (899ce53f-13a0-479b-a0e4-67d46e241542) Intrusion Set Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 5
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 6
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 6
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 6
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 6
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 6
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern 6
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 6
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 6
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 6
SUNBURST - S0559 (a8839c95-029f-44cf-8f3d-a3cf2039e927) Malware Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6) Attack Pattern 6
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 6
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 6
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 6
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 6
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 6
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool 6
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b) Attack Pattern 6
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 6
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 6
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern 6
BloodHound - S0521 (066b057c-944e-4cfc-b654-e3dfba04b926) mitre-tool Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 6
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 6
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 6
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 6
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern 6
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool 6
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Tor - S0183 (ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68) mitre-tool 6
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern 6
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df) Malware 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df) Malware 6
CloudDuke - S0054 (cbf646f1-7db5-4dc6-808b-0094313949df) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 6
Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern meek - S0175 (65370d0b-3bd4-4653-8cf9-daf56f6be830) mitre-tool 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 6
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 6
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 6
CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 6
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 6
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 6
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 6
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 6
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 6
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 6
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 6
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 6
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern CozyCar - S0046 (e6ef745b-077f-42e1-a37d-29eecff9c754) Malware 6
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 6
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern 6
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 6
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 6
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 6
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 6
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 6
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 6
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware 6
SUNSPOT - S0562 (bf48e7f8-752c-4ce8-bf8f-748edacd8fa6) Malware Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5) Attack Pattern 6
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153) mitre-tool 6
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern SDelete - S0195 (d8d19e33-94fd-4aa3-b94a-08ee801a2153) mitre-tool 6
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Cloud Services - T1021.007 (8861073d-d1b8-4941-82ce-dce621d398f0) Attack Pattern 6
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76) Malware 6
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 6
GoldFinder - S0597 (b7010785-699f-412f-ba49-524da6033c76) Malware Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 6
Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 6
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 6
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 6
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 6
Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 6
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 6
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 6
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 6
PowerDuke (c79f5876-e3b9-417a-8eaf-8f1b01a0fecd) Malpedia PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 6
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 6
PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 6
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern PowerDuke - S0139 (00c3bfcb-99bd-4767-8c03-b08f585f5c8a) Malware 6
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern 6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 6
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 6
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 6
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 6
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern PinchDuke - S0048 (ae9d818d-95d0-41da-b045-9cabea1ca164) Malware 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 6
GoldMax - S0588 (5c747acd-47f0-4c5a-b9e5-213541fc01e0) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 6
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 6
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 6
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 6
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 6
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 6
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 6
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 6
Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 6
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 6
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 6
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 6
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware 6
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 6
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 6
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 6
Sibot - S0589 (979adb5a-dc30-48f0-9e3d-9a26d866928c) Malware Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 6
GeminiDuke (6a28a648-30c0-4d1d-bd67-81a8dc6486ba) Tool GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 6
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware 6
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 6
GeminiDuke - S0049 (199463de-d9be-46d6-bb41-07234c1dd5a6) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 6
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 6
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 6
AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 6
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0) Attack Pattern AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 6
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern AdFind - S0552 (f59508a6-3615-47c3-b493-6676e1a39a87) mitre-tool 6
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 6
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 6
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 6
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 6
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 6
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 6
TEARDROP - S0560 (32f49626-87f4-4d6c-8f59-a0dca953fe26) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 6
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 6
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 6
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 6
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 6
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 6
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 6
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 6
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 6
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 6
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 6
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 6
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware 6
WellMess - S0514 (3a4197ae-ec63-4162-907b-9a073d1157e4) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 6
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 6
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 6
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 6
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 6
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 6
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 6
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 6
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 6
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 6
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 6
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern 6
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 6
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 6
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 6
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 6
Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 6
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 6
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 6
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Sliver - S0633 (11f8d7eb-1927-4806-9267-3a11d4d4d6be) mitre-tool 6
Disable or Modify Cloud Log - T1685.002 (34ff60a3-a3f8-42e4-bed0-af9a2cb563d7) Attack Pattern Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern 6
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 6
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 6
Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 6
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 6
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 6
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 6
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 6
Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 6
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 6
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool 6
Impacket - S0357 (26c87906-d750-42c5-946c-d4162c73fc7b) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 6
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 6
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 6
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 6
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 6
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 6
TrailBlazer - S0682 (bdad6f3b-de88-42fa-9295-d29b5271808e) Malware Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb) Attack Pattern 6
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 6
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 6
Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db) Attack Pattern ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool 6
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) Attack Pattern ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool 6
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool Automated Collection - T1119 (30208d3e-0d6b-43c8-883e-44462a514619) Attack Pattern 6
ROADTools - S0684 (6dbdc657-d8e0-4f2f-909b-7251b3e72c6d) mitre-tool Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern 6
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 6
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern 6
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 6
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 6
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern 6
Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 6
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7) Attack Pattern 6
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 6
Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 6
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 6
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern 6
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 6
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 6
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 6
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Hybrid Identity - T1556.007 (54ca26f3-c172-4231-93e5-ccebcac2161f) Attack Pattern 6
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d) Attack Pattern 6
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 6
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 6
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 6
Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 6
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2) Attack Pattern 6
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool 6
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Cloud Administration Command - T1651 (d94b3ae9-8059-4989-8e9f-ea0f601f80a7) Attack Pattern 6
AADInternals - S0677 (2c5281dd-b5fd-4531-8aea-c1bf8a0f8756) mitre-tool Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 6
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware 6
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware 6
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware 6
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware 6
QUIETEXIT - S1084 (4816d361-f82b-4a18-aa05-b215e7cf9200) Malware Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 6
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern 6
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 6
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 6
Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 6
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Cloud Accounts - T1078.004 (f232fa7a-025c-4d43-abc7-318e81a73d65) Attack Pattern 6
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Cloud Account - T1087.004 (8f104855-e5b7-4077-b1f5-bc3103b41abe) Attack Pattern 6
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 6
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 6
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 6
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 6
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 6
WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 6
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 6
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern WellMail - S0515 (959f3b19-2dc8-48d5-8942-c66813a5101a) Malware 6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 6
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 6
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 6
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 6
Local Storage Discovery - T1680 (f2514ae4-4e9b-4f26-a5ba-c4ae85fe93c3) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 6
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 6
SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 6
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 6
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern SoreFang - S0516 (e33e4603-afab-402d-b2a1-248d435b5fe0) Malware 6
Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 6
Cloud API - T1059.009 (55bb4471-ff1f-43b4-88c1-c9384ec47abf) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 6
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 6
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 6
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 6
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 6
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 6
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware 6
PolyglotDuke - S0518 (3d57dcc4-be99-4613-9482-d5218f5ec13e) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 6
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Data from Removable Media - T1025 (1b7ba276-eedc-4951-a762-0ceea2c030ec) Attack Pattern 6
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 6
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 6
Clipboard Data - T1115 (30973a08-aed9-4edf-8604-9084ce1b5c4f) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 6
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Automated Exfiltration - T1020 (774a3188-6ba9-4dc4-879d-d54ee48a5ce9) Attack Pattern 6
Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 6
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 6
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Data from Network Shared Drive - T1039 (ae676644-d2d2-41b7-af7e-9bed1b55898c) Attack Pattern 6
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 6
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 6
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 6
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 6
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 6
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 6
CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 6
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 6
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern CosmicDuke - S0050 (2eb9b131-d333-4a48-9eb4-d8dec46c19ee) Malware 6
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2) Attack Pattern 6
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 6
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 6
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 6
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 6
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 6
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 6
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 6
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 6
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 6
HTML Smuggling - T1027.006 (d4dc46e3-5ba5-45b9-8204-010867cacfcb) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 6
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 6
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware 6
EnvyScout - S0634 (2f8229dc-da94-41c6-89ba-b5b6c32f6b7d) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 6
Spearphishing via Service - T1566.003 (f6ad61ee-65f3-4bd0-a3f5-2f0accb36317) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 6
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Shared Modules - T1129 (0a5231ec-41af-4a35-83d0-6bdf11f28c65) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 6
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 6
FoggyWeb - S0661 (72911fe3-f085-40f7-b4f2-f25a4221fe44) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 6
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 6
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 6
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware 6
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware 6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware 6
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware 6
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 6
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware 6
RegDuke - S0511 (47124daf-44be-4530-9c63-038bc64318dd) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 6
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 6
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 6
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 6
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 6
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 6
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 6
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 6
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 6
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware 6
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 6
BoomBox - S0635 (c26f1c05-b861-4970-94dc-2f7f921a3074) Malware Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 6
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 6
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Cloud Account - T1136.003 (a009cb25-4801-4116-9105-80a91cf15c1b) Attack Pattern 6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 6
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 6
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 6
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 6
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern MiniDuke - S0051 (5e7ef1dc-7fb6-4913-ac75-e06113b59e0c) Malware 6
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware 6
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 6
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 6
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 6
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb) Attack Pattern 6
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 6
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 6
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 6
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 6
reGeorg - S1187 (0e17b066-50dd-4c2f-83bf-205c5eb2bb34) Malware Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 6
Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 6
Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 6
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware 6
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 6
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 6
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 6
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware POSHSPY (4df1b257-c242-46b0-b120-591430066b6f) Malpedia 6
POSHSPY - S0150 (5e595477-2e78-4ce7-ae42-e0b059b17808) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware 6
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 6
VaporRage - S0636 (96eca9b9-b37f-42f1-96dc-a2c441403194) Malware Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 6
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade) Attack Pattern 6
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware 6
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 6
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware 6
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 6
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 6
NativeZone - S0637 (b4783be3-35d9-4a56-ac8d-1f3e1c9d9a84) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 6
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 6
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0) Attack Pattern 6
Additional Email Delegate Permissions - T1098.002 (e74de37c-a829-446c-937d-56a44f0e9306) Attack Pattern Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern 6
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 6
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 6
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 6
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 6
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 6
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 6
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 6
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 6
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 6
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 6
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 6
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 6
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 6
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 6
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern 6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 6
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 6
Browser Fingerprint - T1036.012 (afac5dbc-4383-4fb6-9ba6-45b25d49e530) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 6
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 6
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware 6
FatDuke - S0512 (54a01db0-9fab-4d5f-8209-53cef8425f4a) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 6
ipconfig - S0100 (294e2560-bd48-44b2-9da2-833b5588ad11) mitre-tool System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 6
Mark-of-the-Web Bypass - T1553.005 (7e7c2fba-7cca-486c-9582-4c1bb2851961) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 6
Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4) Attack Pattern OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware 6
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 6
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware OnionDuke (abd10caa-7d4c-4c22-8dae-8d32f13232d7) Malpedia 6
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 6
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern 6
OnionDuke - S0052 (b136d088-a829-432c-ac26-5529c26d4c7e) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 6
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 6
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 6
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 6
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 6
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 6
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 6
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 6
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 6
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 6
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 6
Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 6
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 6
Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 6
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 6
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 6
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool 6
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 6
Mimikatz - S0002 (afc079f3-c0ea-4096-b75d-3f05338b7f60) mitre-tool Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 6
Internet Connection Discovery - T1016.001 (132d5b37-aac5-4378-a8dc-3127b18a73dc) Attack Pattern System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 6
Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 6
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 6
Vulnerability Scanning - T1595.002 (5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4) Attack Pattern Active Scanning - T1595 (67073dde-d720-45ae-83da-b12d5e73ca3b) Attack Pattern 6
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 6
Email Accounts - T1586.002 (3dc8c101-d4db-4f4d-8150-1b5a76ca5f1b) Attack Pattern Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern 6
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool PsExec (6dd05630-9bd8-11e8-a8b9-47ce338a4367) Tool 6
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 6
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool 6
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 6
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 6
PsExec - S0029 (ff6caf67-ea1f-4895-b80e-4bb0fc31c6db) mitre-tool Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 6
Password Policy Discovery - T1201 (b6075259-dba3-44e9-87c7-e954f37ec0d5) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 6
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 6
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 6
Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 6
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 6
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 6
Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 6
Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 6
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 6
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 6
Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 6
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 6
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 6
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 6
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 6
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Net - S0039 (03342581-f790-4f03-ba41-e82e67392e23) mitre-tool 6
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 6
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 6
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 6
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware SEADADDY (1d07212e-6292-40a4-a5e9-30aef83b6207) Malpedia 6
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 6
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern 6
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern 6
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Windows Management Instrumentation Event Subscription - T1546.003 (910906dd-8c0a-475a-9cc1-5e029e2fad58) Attack Pattern 6
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 6
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 6
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 6
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 6
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 6
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 6
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 6
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 6
SeaDuke - S0053 (67e6d66b-1b82-4699-b47a-e2efb6268d14) Malware Remote Email Collection - T1114.002 (b4694861-542c-48ea-9eb1-10d356e7140a) Attack Pattern 6
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 6
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 6
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool 6
Tasklist - S0057 (2e45723a-31da-4a7e-aaa6-e01998a6788f) mitre-tool Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 6
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Systeminfo - S0096 (7fcbc4e8-1989-441f-9ac5-e7b6ff5806f1) mitre-tool 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Fronting - T1090.004 (ca9d3402-ada3-484d-876a-d717bd6e05f2) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Local Accounts - T1078.003 (fdc47f44-dd32-4b99-af5f-209f556f63c2) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Reflective Code Loading - T1620 (4933e63b-9b77-476e-ab29-761bc5b7d15a) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Timestomp - T1070.006 (47f2d673-ca62-47e9-929b-1b0be9657611) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Security Account Manager - T1003.002 (1644e709-12d2-41e5-a60f-3470991f5011) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Browser Session Hijacking - T1185 (544b0346-29ad-41e1-a808-501bb4193f47) Attack Pattern 6
Cobalt Strike - S0154 (a7881f21-e978-4fe4-af56-92c9416a2616) Malware Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 6
Cloud Accounts - T1586.003 (3d52e51e-f6db-4719-813c-48002a99f43a) Attack Pattern Compromise Accounts - T1586 (81033c3b-16a4-46e4-8fed-9b030dd03c4a) Attack Pattern 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware 6
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 6
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware 6
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern 6
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 6
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 6
HAMMERTOSS - S0037 (2daa14d6-cbf3-4308-bb8e-213c324a08e4) Malware Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern 6
Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern Web Services - T1583.006 (88d31120-5bc7-4ce3-a9c0-7cf147be8e54) Attack Pattern 6
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 6
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 6
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 6
Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 6
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 6
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 6
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 6
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 6
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 6
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 6
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 6
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 6
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern LiteDuke - S0513 (95e2cbae-d82c-4f7b-b63c-16462015d35d) Malware 6
Digital Certificates - T1587.003 (1cec9319-743b-4840-bb65-431547bce82a) Attack Pattern Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf) Attack Pattern 6
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 6
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 6
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 6
Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 6
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 6
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 6
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Raindrop - S0565 (4efc3e00-72f2-466a-ab7c-8a7dc6603b19) Malware 6
Clear Persistence - T1070.009 (d2c4e5ea-dbdf-4113-805a-b1e2a337fb33) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 7
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 7
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 7
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 7
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 7
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 7
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 7
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 7
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 7
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern Time Based Checks - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0) Attack Pattern 7
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 7
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern 7
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 7
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92) Attack Pattern 7
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 7
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 7
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 7
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Image File Execution Options Injection - T1546.012 (6d4a7fb3-5a24-42be-ae61-6728a2b581f6) Attack Pattern 7
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 7
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 7
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c) Attack Pattern 7
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern 7
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern 7
Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 7
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 7
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 7
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 7
Rename Legitimate Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 7
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 7
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Stored Data Manipulation - T1565.001 (1cfcb312-b8d7-47a4-b560-4b16cc677292) Attack Pattern 7
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 7
Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern Compromise Software Supply Chain - T1195.002 (bd369cd9-abb8-41ce-b5bb-fff23ee86c00) Attack Pattern 7
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 7
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 7
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 7
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 7
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Masquerade Task or Service - T1036.004 (7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c) Attack Pattern 7
Ignore Process Interrupts - T1564.011 (4a2975db-414e-4c0c-bd92-775987514b4b) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 7
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 7
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Command Obfuscation - T1027.010 (d511a6f6-4a33-41d5-bc95-c343875d1377) Attack Pattern 7
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 7
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617) Attack Pattern 7
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 7
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 7
Name Resolution Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern 7
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 7
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Ccache Files - T1558.005 (394220d9-8efc-4252-9040-664f7b115be6) Attack Pattern 7
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 7
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern Cloud Groups - T1069.003 (16e94db9-b5b1-4cd0-b851-f38fbd0a70f2) Attack Pattern 7
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 7
Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern 7
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf) Attack Pattern 7
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Silver Ticket - T1558.002 (d273434a-448e-4598-8e14-607f4a0d5e27) Attack Pattern 7
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern 7
Gather Victim Network Information - T1590 (9d48cab2-7929-4812-ad22-f536665f0109) Attack Pattern Domain Properties - T1590.001 (e3b168bd-fcd7-439e-9382-2e6c2f63514d) Attack Pattern 7
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262) Attack Pattern Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4) Attack Pattern 7
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern 7
Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c) Attack Pattern SAML Tokens - T1606.002 (1f9c2bae-b441-4f66-a8af-b65946ee72f2) Attack Pattern 7
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 7
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Local Email Collection - T1114.001 (1e9eb839-294b-48cc-b0d3-c45555a2a004) Attack Pattern 7
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern 7
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 7
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 7
Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 7
Archive via Library - T1560.002 (41868330-6ee2-4d0f-b743-9f2294c3c9b6) Attack Pattern Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern 7
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 7
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Custom Method - T1560.003 (143c0cbb-a297-4142-9624-87ffc778980b) Attack Pattern 7
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 7
Email Account - T1087.003 (4bc31b94-045b-4752-8920-aebaebdb6470) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 7
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 7
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 7
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 7
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 7
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Junk Code Insertion - T1027.016 (671cd17f-a765-48fd-adc4-dad1941b1ae3) Attack Pattern 7
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Browser Fingerprint - T1036.012 (afac5dbc-4383-4fb6-9ba6-45b25d49e530) Attack Pattern 7
One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 7
Mimikatz (7f3a035d-d83a-45b8-8111-412aa8ade802) Tool MimiKatz (588fb91d-59c6-4667-b299-94676d48b17b) Malpedia 7
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 7
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 7
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 7
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 7
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 7
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Domain Account - T1136.002 (7610cada-1499-41a4-b3dd-46467b68d177) Attack Pattern 7
Network Share Connection Removal - T1070.005 (a750a9f6-0bde-4bb3-9aae-1e2786e9780c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 7
Create Account - T1136 (e01be9c5-e763-4caf-aeb7-000b416aef67) Attack Pattern Local Account - T1136.001 (635cbe30-392d-4e27-978e-66774357c762) Attack Pattern 7
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Additional Local or Domain Groups - T1098.007 (3e6831b2-bf4c-4ae6-b328-2e7c6633b291) Attack Pattern 7
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 7
Make and Impersonate Token - T1134.003 (8cdeb020-e31e-4f88-a582-f53dcfbda819) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 7
Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 7
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Windows Remote Management - T1021.006 (60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65) Attack Pattern 7
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 7
User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 7
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 7
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Sudo and Sudo Caching - T1548.003 (1365fe3b-0f50-455d-b4da-266ce31c23b0) Attack Pattern 7
Domain Accounts - T1078.002 (c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f) Attack Pattern Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern 7
Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern 7
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern 7
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Token Impersonation/Theft - T1134.001 (86850eff-2729-40c3-b85e-c4af26da4a2d) Attack Pattern 7
Parent PID Spoofing - T1134.004 (93591901-3172-4e94-abf8-6034ab26f44a) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 7
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Process Argument Spoofing - T1564.010 (ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1) Attack Pattern 7
Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 7