Attack Pattern: Account Discovery - T1087
Attack Pattern: Archive Collected Data - T1560
Attack Pattern: Archive via Utility - T1560.001
Attack Pattern: Clear Windows Event Logs - T1070.001
Attack Pattern: Data Encrypted for Impact - T1486
Attack Pattern: Disable or Modify Tools - T1562.001
Attack Pattern: Exfiltration Over Alternative Protocol - T1048
Attack Pattern: Exploit Public-Facing Application - T1190
Attack Pattern: External Remote Services - T1133
Attack Pattern: Financial Theft - T1657
Attack Pattern: Group Policy Modification - T1484.001
Attack Pattern: Lateral Tool Transfer - T1570
Attack Pattern: Phishing - T1566
Attack Pattern: PowerShell - T1086
Attack Pattern: Process Injection - T1055
Attack Pattern: Security Software Discovery - T1518.001
Attack Pattern: Software Discovery - T1518
Attack Pattern: System Network Configuration Discovery - T1016
Attack Pattern: Unsecured Credentials - T1552
Attack Pattern: Valid Accounts - T1078
Malware: Impact
Malware: MimiKatz
Malware: Play ransomware
Malware: PsExec
Malware: SystemBC
Threat Actor: RECESS SPIDER
Tool: AdFind - S0552
Tool: BloodHound - S0521
Tool: Cobalt Strike - S0154
Tool: Mimikatz - S0002
Tool: PsExec - S0029
Tool: Winscp