
----------------------------------------------------------------------------------------------------
Summary of Navigator Filename: WIZARD SPIDER AND SANDWORM
----------------------------------------------------------------------------------------------------

                Totals
                    Uniq Platforms              : 2
                    Uniq Tactics                : 11
                    All Techniques (No Dedup)   : 196
                    Uniq Techniques             : 87
                    Uniq SubTechniques          : 64
            
                Special Details
                    Uniq No-Sub Techniques      : 3
                    Uniq Overlap Techniques     : 19
            
----------------------------------------------------------------------------------------------------
OVERVIEW - PLATFORMS - 2 ITEMS
----------------------------------------------------------------------------------------------------
linux                                                            :      12   or  6.12%
windows                                                          :     184   or  93.88%

----------------------------------------------------------------------------------------------------
OVERVIEW - TACTICS - 11 ITEMS
----------------------------------------------------------------------------------------------------
collection                                                       :      11   or  5.61%
command-and-control                                              :      15   or  7.65%
credential-access                                                :      22   or  11.22%
defense-evasion                                                  :      35   or  17.86%
discovery                                                        :      23   or  11.73%
execution                                                        :      17   or  8.67%
exfiltration                                                     :       2   or  1.02%
impact                                                           :       8   or  4.08%
lateral-movement                                                 :      11   or  5.61%
persistence                                                      :      26   or  13.27%
privilege-escalation                                             :      26   or  13.27%

----------------------------------------------------------------------------------------------------
OVERVIEW - TECHNIQUES - 87 ITEMS
----------------------------------------------------------------------------------------------------
T1003 - OS Credential Dumping                                    :       1
T1005 - Data from Local System                                   :       1
T1007 - System Service Discovery                                 :       1
T1008 - Fallback Channels                                        :       1
T1012 - Query Registry                                           :       1
T1016 - System Network Configuration Discovery                   :       1
T1018 - Remote System Discovery                                  :       1
T1021 - Remote Services                                          :       1
T1027 - Obfuscated Files or Information                          :       1
T1033 - System Owner/User Discovery                              :       1
T1036 - Masquerading                                             :       1
T1037 - Boot or Logon Initialization Scripts                     :       2
T1040 - Network Sniffing                                         :       2
T1041 - Exfiltration Over C2 Channel                             :       1
T1046 - Network Service Discovery                                :       1
T1047 - Windows Management Instrumentation                       :       1
T1048 - Exfiltration Over Alternative Protocol                   :       1
T1049 - System Network Connections Discovery                     :       1
T1053 - Scheduled Task/Job                                       :       3
T1055 - Process Injection                                        :       2
T1056 - Input Capture                                            :       2
T1057 - Process Discovery                                        :       1
T1059 - Command and Scripting Interpreter                        :       1
T1069 - Permission Groups Discovery                              :       1
T1070 - Indicator Removal on Host                                :       1
T1071 - Application Layer Protocol                               :       1
T1072 - Software Deployment Tools                                :       2
T1074 - Data Staged                                              :       1
T1078 - Valid Accounts                                           :       3
T1080 - Taint Shared Content                                     :       1
T1082 - System Information Discovery                             :       1
T1083 - File and Directory Discovery                             :       1
T1087 - Account Discovery                                        :       1
T1090 - Proxy                                                    :       1
T1098 - Account Manipulation                                     :       1
T1102 - Web Service                                              :       1
T1105 - Ingress Tool Transfer                                    :       1
T1106 - Native API                                               :       1
T1110 - Brute Force                                              :       1
T1112 - Modify Registry                                          :       1
T1113 - Screen Capture                                           :       1
T1114 - Email Collection                                         :       1
T1120 - Peripheral Device Discovery                              :       1
T1132 - Data Encoding                                            :       1
T1133 - External Remote Services                                 :       1
T1134 - Access Token Manipulation                                :       2
T1135 - Network Share Discovery                                  :       1
T1136 - Create Account                                           :       1
T1140 - Deobfuscate/Decode Files or Information                  :       1
T1185 - Browser Session Hijacking                                :       1
T1197 - BITS Jobs                                                :       2
T1201 - Password Policy Discovery                                :       1
T1204 - User Execution                                           :       1
T1218 - System Binary Proxy Execution                            :       1
T1219 - Remote Access Software                                   :       1
T1222 - File and Directory Permissions Modification              :       1
T1482 - Domain Trust Discovery                                   :       1
T1484 - Domain Policy Modification                               :       2
T1485 - Data Destruction                                         :       1
T1486 - Data Encrypted for Impact                                :       1
T1489 - Service Stop                                             :       1
T1490 - Inhibit System Recovery                                  :       1
T1499 - Endpoint Denial of Service                               :       1
T1505 - Server Software Component                                :       1
T1518 - Software Discovery                                       :       1
T1529 - System Shutdown/Reboot                                   :       1
T1534 - Internal Spearphishing                                   :       1
T1543 - Create or Modify System Process                          :       2
T1547 - Boot or Logon Autostart Execution                        :       2
T1548 - Abuse Elevation Control Mechanism                        :       2
T1550 - Use Alternate Authentication Material                    :       2
T1552 - Unsecured Credentials                                    :       1
T1553 - Subvert Trust Controls                                   :       1
T1554 - Compromise Client Software Binary                        :       1
T1555 - Credentials from Password Stores                         :       1
T1557 - Adversary-in-the-Middle                                  :       2
T1558 - Steal or Forge Kerberos Tickets                          :       1
T1559 - Inter-Process Communication                              :       1
T1560 - Archive Collected Data                                   :       1
T1561 - Disk Wipe                                                :       1
T1562 - Impair Defenses                                          :       1
T1569 - System Services                                          :       1
T1570 - Lateral Tool Transfer                                    :       1
T1571 - Non-Standard Port                                        :       1
T1572 - Protocol Tunneling                                       :       1
T1573 - Encrypted Channel                                        :       1
T1574 - Hijack Execution Flow                                    :       3

----------------------------------------------------------------------------------------------------
OVERVIEW - SUBTECHNIQUES - 64 ITEMS
----------------------------------------------------------------------------------------------------
T1003.002 - Security Account Manager                             :       1
T1003.003 - NTDS                                                 :       1
T1003.004 - LSA Secrets                                          :       1
T1003.008 - /etc/passwd and /etc/shadow                          :       1
T1021.001 - Remote Desktop Protocol                              :       1
T1021.002 - SMB/Windows Admin Shares                             :       1
T1021.004 - SSH                                                  :       1
T1021.006 - Windows Remote Management                            :       1
T1036.004 - Masquerade Task or Service                           :       1
T1037.004 - RC Scripts                                           :       2
T1053.003 - Cron                                                 :       3
T1055.001 - Dynamic-link Library Injection                       :       2
T1055.002 - Portable Executable Injection                        :       2
T1055.012 - Process Hollowing                                    :       2
T1056.001 - Keylogging                                           :       2
T1059.003 - Windows Command Shell                                :       1
T1059.004 - Unix Shell                                           :       1
T1059.005 - Visual Basic                                         :       1
T1059.006 - Python                                               :       1
T1059.007 - JavaScript                                           :       1
T1069.001 - Local Groups                                         :       1
T1069.002 - Domain Groups                                        :       1
T1070.002 - Clear Linux or Mac System Logs                       :       1
T1071.001 - Web Protocols                                        :       1
T1078.001 - Default Accounts                                     :       3
T1078.003 - Local Accounts                                       :       3
T1087.001 - Local Account                                        :       1
T1087.002 - Domain Account                                       :       1
T1087.003 - Email Account                                        :       1
T1102.002 - Bidirectional Communication                          :       1
T1110.004 - Credential Stuffing                                  :       1
T1114.001 - Local Email Collection                               :       1
T1132.001 - Standard Encoding                                    :       1
T1134.005 - SID-History Injection                                :       2
T1136.001 - Local Account                                        :       1
T1136.002 - Domain Account                                       :       1
T1204.001 - Malicious Link                                       :       1
T1222.001 - Windows File and Directory Permissions Modification  :       1
T1484.001 - Group Policy Modification                            :       2
T1505.003 - Web Shell                                            :       1
T1543.002 - Systemd Service                                      :       2
T1547.005 - Security Support Provider                            :       2
T1547.009 - Shortcut Modification                                :       2
T1550.002 - Pass the Hash                                        :       2
T1552.001 - Credentials In Files                                 :       1
T1552.002 - Credentials in Registry                              :       1
T1552.003 - Bash History                                         :       1
T1552.004 - Private Keys                                         :       1
T1553.002 - Code Signing                                         :       1
T1555.003 - Credentials from Web Browsers                        :       1
T1555.005 - Password Managers                                    :       1
T1557.001 - LLMNR/NBT-NS Poisoning and SMB Relay                 :       2
T1558.003 - Kerberoasting                                        :       1
T1559.001 - Component Object Model                               :       1
T1561.002 - Disk Structure Wipe                                  :       1
T1562.001 - Disable or Modify Tools                              :       1
T1562.002 - Disable Windows Event Logging                        :       1
T1569.002 - Service Execution                                    :       1
T1573.001 - Symmetric Cryptography                               :       1
T1573.002 - Asymmetric Cryptography                              :       1
T1574.001 - DLL Search Order Hijacking                           :       3
T1574.008 - Path Interception by Search Order Hijacking          :       3
T1574.009 - Path Interception by Unquoted Path                   :       3
T1574.010 - Services File Permissions Weakness                   :       3

----------------------------------------------------------------------------------------------------
OVERVIEW - DATASOURCES - 54 ITEMS
----------------------------------------------------------------------------------------------------
active-directory-credential-request                              :       6   or  3.06%
active-directory-object-access                                   :       2   or  1.02%
active-directory-object-creation                                 :       4   or  2.04%
active-directory-object-deletion                                 :       4   or  2.04%
active-directory-object-modification                             :      13   or  6.63%
application-log-content                                          :      17   or  8.67%
command-execution                                                :     116   or  59.18%
drive-access                                                     :       2   or  1.02%
drive-modification                                               :       2   or  1.02%
driver-load                                                      :      10   or  5.10%
file-access                                                      :      22   or  11.22%
file-creation                                                    :      43   or  21.94%
file-deletion                                                    :       5   or  2.55%
file-metadata                                                    :      13   or  6.63%
file-modification                                                :      53   or  27.04%
firewall-disable                                                 :       1   or  0.51%
firewall-enumeration                                             :       1   or  0.51%
firewall-metadata                                                :       1   or  0.51%
firewall-rule-modification                                       :       1   or  0.51%
group-enumeration                                                :       1   or  0.51%
group-metadata                                                   :       1   or  0.51%
group-modification                                               :       1   or  0.51%
host-status                                                      :       5   or  2.55%
kernel-module-load                                               :       2   or  1.02%
logon-session-creation                                           :      20   or  10.20%
logon-session-metadata                                           :       8   or  4.08%
module-load                                                      :      23   or  11.73%
named-pipe-metadata                                              :       1   or  0.51%
network-connection-creation                                      :      23   or  11.73%
network-share-access                                             :       4   or  2.04%
network-traffic-content                                          :      30   or  15.31%
network-traffic-flow                                             :      28   or  14.29%
os-api-execution                                                 :      46   or  23.47%
process-access                                                   :      15   or  7.65%
process-creation                                                 :     111   or  56.63%
process-metadata                                                 :       8   or  4.08%
process-modification                                             :       9   or  4.59%
process-termination                                              :       3   or  1.53%
scheduled-job-creation                                           :       6   or  3.06%
scheduled-job-metadata                                           :       2   or  1.02%
scheduled-job-modification                                       :       2   or  1.02%
script-execution                                                 :      12   or  6.12%
service-creation                                                 :      12   or  6.12%
service-metadata                                                 :      15   or  7.65%
service-modification                                             :       4   or  2.04%
user-account-authentication                                      :      17   or  8.67%
user-account-creation                                            :       3   or  1.53%
user-account-metadata                                            :       7   or  3.57%
user-account-modification                                        :       1   or  0.51%
web-credential-usage                                             :       2   or  1.02%
windows-registry-key-access                                      :       7   or  3.57%
windows-registry-key-creation                                    :       9   or  4.59%
windows-registry-key-deletion                                    :       4   or  2.04%
windows-registry-key-modification                                :      30   or  15.31%

----------------------------------------------------------------------------------------------------
OVERVIEW - NOSUB_TECHNIQUES - 3 ITEMS
----------------------------------------------------------------------------------------------------
T1040 - Network Sniffing                                        
T1072 - Software Deployment Tools                               
T1197 - BITS Jobs                                               

----------------------------------------------------------------------------------------------------
OVERVIEW - OVERLAP_TECHNIQUES - 16 ITEMS
----------------------------------------------------------------------------------------------------
T1037 - Boot or Logon Initialization Scripts                    
T1040 - Network Sniffing                                        
T1053 - Scheduled Task/Job                                      
T1055 - Process Injection                                       
T1056 - Input Capture                                           
T1072 - Software Deployment Tools                               
T1078 - Valid Accounts                                          
T1134 - Access Token Manipulation                               
T1197 - BITS Jobs                                               
T1484 - Domain Policy Modification                              
T1543 - Create or Modify System Process                         
T1547 - Boot or Logon Autostart Execution                       
T1548 - Abuse Elevation Control Mechanism                       
T1550 - Use Alternate Authentication Material                   
T1557 - Adversary-in-the-Middle                                 
T1574 - Hijack Execution Flow                                   

